Norton AV detected WS.Reputation.1 threat in libfftw3f-3-3_upx.dll


log in

Advanced search

Questions and Answers : Windows : Norton AV detected WS.Reputation.1 threat in libfftw3f-3-3_upx.dll

Author Message
Profile Robi
Send message
Joined: 24 Oct 00
Posts: 33
Credit: 296,467
RAC: 107
United States
Message 1538195 - Posted: 9 Jul 2014, 2:26:44 UTC

On my laptop, Norton (Symantec) AV just detected a WS.Reputation.1 threat in libfftw3f-3-3_upx.dll.
According to Symantec this is not considered a virus or an adware or spyware threat, but instead a "wisdom of crowds" reputation-based system level.

the Norton message is:

Medium This file risk is medium. Threat type: Insight Network Threat. There are many indications that this file is untrustworthy and therefore not safe ____________________________ http://boinc2.ssl.berkeley.edu/sah/download_fanout/libfftw3f-3-3_upx.dll Downloaded File libfftw3f-3-3_upx.dll Threat name: WS.Reputation.1 from berkeley.edu Source: External Media boinc.exe File Created: libfftw3f-3-3_upx.dll ____________________________ File Actions Infected file: c:\programdata\BOINC\projects\setiathome.berkeley.edu\ libfftw3f-3-3_upx.dll Restart Required ____________________________ File Thumbprint - SHA: bbd819680b20d52669238c2c14da4d6ec43d21bca58fd5be6398d34b2e0880df File Thumbprint - MD5: Not available


I have contacted Symantec as for it being a false positive, but my laptop is now requiring a restart, and when that happens, I'm afraid that the file will be gone and the WU fail because of it.
Does anybody have a solution for me to reverse the actions of Symantec? I have Norton Internet Security Version 21.3.0.12

Thanks for any help
____________
Robi

Profile arkaynProject donor
Volunteer tester
Avatar
Send message
Joined: 14 May 99
Posts: 3744
Credit: 48,777,915
RAC: 1,076
United States
Message 1538536 - Posted: 9 Jul 2014, 15:57:44 UTC - in response to Message 1538195.

On my laptop, Norton (Symantec) AV just detected a WS.Reputation.1 threat in libfftw3f-3-3_upx.dll.
According to Symantec this is not considered a virus or an adware or spyware threat, but instead a "wisdom of crowds" reputation-based system level.

the Norton message is:

Medium This file risk is medium. Threat type: Insight Network Threat. There are many indications that this file is untrustworthy and therefore not safe ____________________________ http://boinc2.ssl.berkeley.edu/sah/download_fanout/libfftw3f-3-3_upx.dll Downloaded File libfftw3f-3-3_upx.dll Threat name: WS.Reputation.1 from berkeley.edu Source: External Media boinc.exe File Created: libfftw3f-3-3_upx.dll ____________________________ File Actions Infected file: c:\programdata\BOINC\projects\setiathome.berkeley.edu\ libfftw3f-3-3_upx.dll Restart Required ____________________________ File Thumbprint - SHA: bbd819680b20d52669238c2c14da4d6ec43d21bca58fd5be6398d34b2e0880df File Thumbprint - MD5: Not available


I have contacted Symantec as for it being a false positive, but my laptop is now requiring a restart, and when that happens, I'm afraid that the file will be gone and the WU fail because of it.
Does anybody have a solution for me to reverse the actions of Symantec? I have Norton Internet Security Version 21.3.0.12

Thanks for any help


Best thing you can do is exclude the BOINC data directory from you AV scan.

Pause BOINC, copy the "offending" dll to another location, restart the computer.
After it comes back up, check the folder to see if it removed the dll and replace if necessary.
____________

Profile Robi
Send message
Joined: 24 Oct 00
Posts: 33
Credit: 296,467
RAC: 107
United States
Message 1542707 - Posted: 16 Jul 2014, 18:31:27 UTC - in response to Message 1538536.

Thanks arkayn,

I ended up adding the BOINC folder to my AV exclude list and hope that no virus enters through BOINC... :(
according to Symantec, the file is OK and shouldn't have triggered, so no idea what the fluke was.
regardless, after a restart, BOINC noticed the file was gone, and silently downloaded it again without any hiccups...
ah well...
crunch on!
____________
Robi

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13702
Credit: 31,692,276
RAC: 12,596
United States
Message 1542829 - Posted: 17 Jul 2014, 0:11:59 UTC - in response to Message 1542707.

I ended up adding the BOINC folder to my AV exclude list and hope that no virus enters through BOINC... :(


BOINC runs science applications in a sandboxed environment. Meaning, if a virus were ever distributed through BOINC, it would have very minimal impact on your machine and would be quite easy to get rid of.

according to Symantec, the file is OK and shouldn't have triggered, so no idea what the fluke was.


It's known as a "false positive". The way virus scanners work is they search all files on a hard drive for a specific signature or type of process activity. This used to work well 25 years so. Due to the completely random nature of SETI@home workunits, it isn't too surprising to see false positives in the workunits. And when it is a science application that triggers a false positive, it is usually because of the behavior - science applications run your system full bore, and that type of behavior was common with worms 15 years ago.

This is why it is best to exclude BOINC and all science apps from scanning; they're just not intelligent enough to handle it, and the anti-virus vendors can't seem to be bothered to either add an exclusion to the scanner, or to come up with a more intelligent heuristics to detect viruses.

Questions and Answers : Windows : Norton AV detected WS.Reputation.1 threat in libfftw3f-3-3_upx.dll

Copyright © 2014 University of California