namebench-1.0.5.exe identified as virus by Norton Internet Security

[GoogleCodeExporter]

Norton Internet Security 2008 identified file 
http://namebench.googlecode.com/files/namebench-1.0.5.exe as Heuristic 
Virus Suspicious.MH690.A, and would not let me download and run it.

Original issue reported on code.google.com by rmquinti...@gmail.com on 13 Dec 2009 at 12:40

[GoogleCodeExporter]

That's sad to hear. Symantec does provide a way to submit a "suspicious" 
program to 
be reviewed:

http://service1.symantec.com/support/nav.nsf/docid/2000031615501306?
Open&src=tranus_con_br&seg=hm

Do you mind submitting it? I don't own Norton Internet Security so I am not 
able to 
do so. In the mean-time, I've posted a .zip version of namebench 1.0.5 that 
should 
work around the issue. You will have to extract it somewhere and then 
double-clock 
on  namebench.exe to get started.

Original comment by tstromb...@google.com on 13 Dec 2009 at 6:07

[GoogleCodeExporter]

I forgot the link to the zipfile:

http://namebench.googlecode.com/files/namebench-1.0.5-Windows.zip

Original comment by tstromb...@google.com on 13 Dec 2009 at 6:07

[GoogleCodeExporter]

Original comment by tstromb...@google.com on 13 Dec 2009 at 6:08

• Changed state: Started
• Added labels: Type-Other
• Removed labels: Type-Defect

[GoogleCodeExporter]

Thank you for the alternate download.

The weird thing is that when I click on the download link in Internet Explorer, 
Norton Internet Security immediately pops up a security risk warning and blocks 
the 
download, but if I download the file with Firefox, or scan the downloaded file 
with 
Norton Internet Security, no threats are detected. Go figure...

I believe that you, as a software developer, could fill in Symantec's False 
Positive 
Submission form, available at 
https://submit.symantec.com/dispute/false_positive, 
with the following Software Detection information:

Name of detection given by Symantec: Heuristic Virus Suspicious.MH690.A; Action 
taken: Blocked; Affected Areas: c:\documents and settings\administrator\local 
settings\temporary internet files\content.ie5\yqboz4np\namebench-1.0.5[1].exe

Additional information: Definitions Version 2009.12.12.038; Norton Internet 
Security 
2008 Version 15.5.0.32; Windows XP SP3. File download is blocked in Internet 
Explorer 8.0, but is allowed in Firefox 3.5.5. After download, file scan 
reports 
that "no viruses, spyware, or other risks were found".

Original comment by rmquinti...@gmail.com on 13 Dec 2009 at 4:05

Attachments:

• namebench.gif

[GoogleCodeExporter]

Thanks for the information. I've submitted the dispute form to Symantec. I 
suspect I will 
never hear anything back, but I provided a URL to this issue so that they may 
comment 
on it. Cheers!

Original comment by tstromb...@google.com on 14 Dec 2009 at 6:38

[GoogleCodeExporter]

According to Symantec, this should b fixed in the next push. I would be curious 
to 
see in a few days if this problem still exists:

We are writing in relation to your submission through Symantec's on-line 
Security 
Risk Dispute Submission form for your NameBench software being detected by 
Symantec Software. In light of further investigation and analysis Symantec is 
happy to 
remove this detection from within its products.

The updated detection will be distributed in the next set of virus definitions, 
available 
daily, or weekly via LiveUpdate, depending on Symantec product version, or 
daily 
from our website at

http://securityresponse.symantec.com/avcenter/defs.download.html.

Decisions made by Symantec are subject to change if alterations to the Software 
are 
made over time or as classification criteria and/or the policy employed by 
Symantec 
changes over time to address the evolving landscape.

Original comment by tstromb...@google.com on 14 Dec 2009 at 2:51

• Added labels: OpSys-Windows

[GoogleCodeExporter]

Scanning by latest Clamwin shows no infection

Original comment by k.rysya...@gmail.com on 15 Dec 2009 at 1:51

[GoogleCodeExporter]

you can test later www.virustotal.com before inject windows version ;)

Original comment by willemi...@gmail.com on 15 Dec 2009 at 12:39

[GoogleCodeExporter]

Original comment by thomas.r...@gmail.com on 16 Dec 2009 at 8:48

• Changed state: Fixed