On my laptop, Norton (Symantec) AV just detected a WS.Reputation.1 threat in libfftw3f-3-3_upx.dll.
According to Symantec this is not considered a virus or an adware or spyware threat, but instead a "wisdom of crowds" reputation-based system level.

the Norton message is:

Medium
This file risk is medium.

Threat type: Insight Network Threat. There are many indications that this file is untrustworthy and therefore not safe
____________________________
http://boinc2.ssl.berkeley.edu/sah/download_fanout/libfftw3f-3-3_upx.dll
Downloaded File libfftw3f-3-3_upx.dll Threat name: WS.Reputation.1
 from berkeley.edu

Source: External Media

boinc.exe

File Created: libfftw3f-3-3_upx.dll
____________________________

File Actions

Infected file: c:\programdata\BOINC\projects\setiathome.berkeley.edu\ libfftw3f-3-3_upx.dll Restart Required
____________________________

File Thumbprint - SHA:
bbd819680b20d52669238c2c14da4d6ec43d21bca58fd5be6398d34b2e0880df
File Thumbprint - MD5:
Not available

I have contacted Symantec as for it being a false positive, but my laptop is now requiring a restart, and when that happens, I'm afraid that the file will be gone and the WU fail because of it.
Does anybody have a solution for me to reverse the actions of Symantec? I have Norton Internet Security Version 21.3.0.12

Thanks for any help

---

Robi

On my laptop, Norton (Symantec) AV just detected a WS.Reputation.1 threat in libfftw3f-3-3_upx.dll.
According to Symantec this is not considered a virus or an adware or spyware threat, but instead a "wisdom of crowds" reputation-based system level.

the Norton message is:

Medium
This file risk is medium.

Threat type: Insight Network Threat. There are many indications that this file is untrustworthy and therefore not safe
____________________________
http://boinc2.ssl.berkeley.edu/sah/download_fanout/libfftw3f-3-3_upx.dll
Downloaded File libfftw3f-3-3_upx.dll Threat name: WS.Reputation.1
 from berkeley.edu

Source: External Media

boinc.exe

File Created: libfftw3f-3-3_upx.dll
____________________________

File Actions

Infected file: c:\programdata\BOINC\projects\setiathome.berkeley.edu\ libfftw3f-3-3_upx.dll Restart Required
____________________________

File Thumbprint - SHA:
bbd819680b20d52669238c2c14da4d6ec43d21bca58fd5be6398d34b2e0880df
File Thumbprint - MD5:
Not available

I have contacted Symantec as for it being a false positive, but my laptop is now requiring a restart, and when that happens, I'm afraid that the file will be gone and the WU fail because of it.
Does anybody have a solution for me to reverse the actions of Symantec? I have Norton Internet Security Version 21.3.0.12

Thanks for any help

Best thing you can do is exclude the BOINC data directory from you AV scan.

Pause BOINC, copy the "offending" dll to another location, restart the computer.
After it comes back up, check the folder to see if it removed the dll and replace if necessary.

---

Thanks arkayn,

I ended up adding the BOINC folder to my AV exclude list and hope that no virus enters through BOINC... :(
according to Symantec, the file is OK and shouldn't have triggered, so no idea what the fluke was.
regardless, after a restart, BOINC noticed the file was gone, and silently downloaded it again without any hiccups...
ah well...
crunch on!

---

Robi

I ended up adding the BOINC folder to my AV exclude list and hope that no virus enters through BOINC... :(

BOINC runs science applications in a sandboxed environment. Meaning, if a virus were ever distributed through BOINC, it would have very minimal impact on your machine and would be quite easy to get rid of.

according to Symantec, the file is OK and shouldn't have triggered, so no idea what the fluke was.

It's known as a "false positive". The way virus scanners work is they search all files on a hard drive for a specific signature or type of process activity. This used to work well 25 years so. Due to the completely random nature of SETI@home workunits, it isn't too surprising to see false positives in the workunits. And when it is a science application that triggers a false positive, it is usually because of the behavior - science applications run your system full bore, and that type of behavior was common with worms 15 years ago.

This is why it is best to exclude BOINC and all science apps from scanning; they're just not intelligent enough to handle it, and the anti-virus vendors can't seem to be bothered to either add an exclusion to the scanner, or to come up with a more intelligent heuristics to detect viruses.