Hi all, Norton answered that they corrected runemacs.exe, so i submitted the 6 other files that had the same problem, etags.exe emacsclient.exe addpm.exe ctags.exe ebrowse.exe emacsclientw.exe, now i just have to track the ones that got removed rather than quarantined...


/jeff


from Norton:


falsepositives@symantec.com

In relation to submission 91222.

Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

    File name: runemacs.exe
    MD5: 7A42917614CED759A404B3ABE569BFB9
    SHA256: D51EBF9AB1465666C7FBC30BFDA93610879761EE0C5E89DF928853FD6B635C5B
    Note: Whitelisting may take up to 24 hours to take effect via Live Update

From: Jeffrey Sondeen
Sent: Wednesday, May 23, 2018 1:19:27 PM
To: Noam Postavsky
Cc: 31572@debbugs.gnu.org
Subject: Re: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus check
 

Hi Noam, thanks for the link, i used it to upload some of the emacs programs, reporting them as being falsely anti-virus detected.  I also submitted some of the exe's to virustotal.com, as mentioned in some other Norton community message, and none of the emacs exe's triggered any other anti-virus detections.


It's still a hassle, though, since, while many of the emacs programs are Quarantined by the Norton anti-virus (and can be easily restored), some others are Removed, for which there's no undo operation (all with the falsely detected WS.Reputation.1 message).


thanks,

/jeff

From: Noam Postavsky <npostavs@gmail.com>
Sent: Wednesday, May 23, 2018 11:41:51 AM
To: Jeffrey Sondeen
Cc: 31572@debbugs.gnu.org
Subject: Re: bug#31572: 26.0.91; emacs-26.1 RC1 fails norton virus check
 
On 23 May 2018 at 14:03, Jeff Sondeen <sondeen@usc.edu> wrote:
>
> Hi all, i've been running Emacs version 26.091, but just downloaded
> emacs-26.1-rc1-x86_64.zip, but Norton Security has quarantined several
> *.exe's (runemacs.exe, etags.exe, etc) under
> emacs-26.1-rc1-x86_64/bin, complaining about a virus called
> "WS.Reputaton.1 Insight Network Threat" as per the attached pix (I
> didn't have this problem with 26.091)

According to https://urldefense.proofpoint.com/v2/url?u=https-3A__community.norton.com_en_forums_clarification-2Dwsreputation1-2Ddetection&d=DwIFaQ&c=clK7kQUTWtAVEOVIgvi0NU5BOUHhpN0H8p7CSfnc_gI&r=yx7WeBO4vNFR2eleLG4z-w&m=o9Wkgj_Y9o3uwCY0WRrKyP4cX03_nVur3WsvHwtHGfY&s=qZ0lBbq4-JjwBbDalE5G8WHRkRB8NKGNShuCa4iCQ44&e=,
this warning doesn't represent a virus finding specifically:

    WS.Reputation.1 is a detection for files that have a low
    reputation score based on analyzing data from Symantec’s community
    of users and therefore are likely to be security risks.[...]

    The reputation-based system uses "the wisdom of crowds"[...]