Symantec: File Insight Reputation Removes Downloads
Symantec: File Insight Reputation Removes Downloads
A customer contacted me to let me know his Norton Anti-Virus product would not let him download my software. He told me that Norton states my software is infected and removes the download.
I asked him for a screenshot of the error he gets from Norton. See attached photo.
I had no idea that this was happening. I'm a Micro-ISV and don't generate a whole lot of sales. I service a small niche. I'm curious if any of you fellow Micro-ISV's have experienced anything like this with Norton or any other anti-virus product.
I purchased a Code Signing certificate and have signed all my software products. It appears as though my software was flagged due to low use by the Symantec community.
I intend to apply for Symantec's White-List process and would be gratetful if you would share your experiences with applying to the white-list process.
https://submit.symantec.com/whitelist/
A customer contacted me to let me know his Norton Anti-Virus product would not let him download my software. He told me that Norton states my software is infected and removes the download.
I asked him for a screenshot of the error he gets from Norton. See attached photo.
I had no idea that this was happening. I'm a Micro-ISV and don't generate a whole lot of sales. I service a small niche. I'm curious if any of you fellow Micro-ISV's have experienced anything like this with Norton or any other anti-virus product.
I purchased a Code Signing certificate and have signed all my software products. It appears as though my software was flagged due to low use by the Symantec community.
I intend to apply for Symantec's White-List process and would be gratetful if you would share your experiences with applying to the white-list process.
https://submit.symantec.com/whitelist/
Yes, we had same issues some years ago with Avira (Free and Pro). It seems that some AV-Vendors recognize applications build with Delphi as potential dangerous per default. At my talks with Avira they told me that a lot of dangerous programs are written in Delphi. They whitelistended our Exe-Names (without version information, otherwise same problems occurs when version number changes!), that helped.
ReplyDeleteYou are sending it as a EXE, try to ZIP it up and then see if it works.
ReplyDeleteI use WinRAR to create a selfextracting exe file, without signing. All my customer can download that file, which is updated regulary.
ReplyDeleteI had a similar problem, and my customers helped by contacting the antivirus vendor.
ReplyDeleteThese problems went away for us when we stopped using exe compressors like UPX. We never had problems with signed binaries at all after switching from Comodo to VeriSign (=Symantec). I don't know if Symantec has any special handling for Verisign signed binaries.
ReplyDeleteI am using Comodo and haven't experience these problems as long as I do not use the magic word 'Setup' or 'Install' as part of the name, I tend to zip up all setup files anyway to keep the AV from tagging the executable as a threat.
ReplyDeleteThe funny thing that Fred Ahrens mentions is that he switched from Comodo to Verisign which is sold by Symantec so you would expect that a symantec AV would never complain about a executable that was code signed by themselves.
I have Norton AV found a problem ,many times, even under development. It is hard to develop because
ReplyDeleteNorton thinks that Delphi program is a virus.
Even if i exclude ,or say it is safe it dose not help.
I think,since i program many programs, it has nothing to do with Delphi
But may be some combination of the inner software Delphi produce.
shlomo abuisak I develop on a Windows 7 Pro with the latest version of Symantec, you may have experienced a problem in the past and need to adjust your settings, otherwise they work hand in hand at my location.
ReplyDeleteOn my WIndows 8 and other Windows 7 machines, I have never experience Symantec complaining about my Delphi applications as a threat. I would look at your environment.
Richard Baroniunas you mite be right.I am using window 7.
ReplyDeleteHow ever one think dose not work,in my opinion.
I excluded directories and file.
Norton file insight did not do the work either. Since the compilation
changes the exe and time of the file.
This is what actually happens.
And finally if you are working on a system program , in some situation Norton av give you hell.
I guess it has to do with the API but i am not sure.
P.S what kind of setting i should have?
Michael Riley I have the same problem and it seems that's because I don't sign it with a digital certificate. So, I just turned Norton Sonar off. But it is a bad thing to ask your customers to do it, isn't it? I think digitally signing it would solve your problem.
ReplyDeleteThis has nothing to do with Code Signing, I do not have any issues developing nor installing on separate machines (Win 7 / Win 8 / XP) to test out 32 bit or 64 bit Delphi Applications.
ReplyDeleteI was wondering do you do a full install of Symantec Norton AV or do you just continue to upgrade the product all the time.
I know for a fact that when you upgrade sometimes Norton leaves behind older pieces of the engine which has strange results and that could be one of your problems.
What I tend to do is about every 18 months is clean out a machine by re-installing OS and applications to make sure there are no issues. All test machines are cleaned up after 6 months of testing so that I know no leftover installs will be damaged for my clients.
What the two of you are experiencing is not normal.
I am with Norton AV for years.Always uninstall before install.
ReplyDeleteI have Norton security with backup ver 22.1.0.9.
In my case i even had to disable AV on compilation and test.
It is very simple. THE EXCLUDE SHOULD WORK. and it dose not !!!!!
ReplyDeleteshlomo abuisak that is sad and I am sorry that you cannot compile cleanly on your system. I know there has been others over the years who have had this issue. I guess I am a lucky person not to ever run into this problem.
ReplyDeleteTo sum it up. Most of the time it is OK. But some time....
ReplyDeleteMichael Riley If you want me to test it on my end you can email me the app as an attachment to richard@baronsoftware.com to see if my NAV does not like it.
ReplyDeletePlease put it in a zip and let me know.