Thanks Matthias,
I just received the answer of Symantec (Norton), here are some excerpts.
----------------------------
Upon further analysis and investigation we have verified your submission and,
as such, the detection(s) for the following file(s) will be removed from our
products:
File name: qgis_bin.exe
MD5: 99002dab0a0525a941b4a473fe4b058b
SHA256: 5f1fe42b904298eecbb1c0bdc3cbb4a28dcbace3b1b65a250ef800d8158a4f51
Note: Whitelisting may take up to 24 hours to take effect via Live Update
If detection persists, please contact support:
* Norton:https://support.norton.com/sp/en/us/home/current/info
...
If you are a software vendor and would like to upload your software for
proactive whitelisting, please complete one of the following forms:
* If you are BCS customer:https://submit.symantec.com/whitelist/bcs
* Otherwise:https://submit.symantec.com/whitelist
For more information on best practices to reduce false positives:
http://www.symantec.com/content/en/us/enterprise/white_papers/b-to_increase_downloads-instill_trust_first_WP.en-us.pdf
-------------
Does it mean that they whitelist just one version of QGIS (in relation
with the signature MD5)?
Which means that every new version should also be submitted to them?
(luckily, the procedure is easy and not time-consuming).
They also recommend a "software vendor" procedure, which is beyond my
understanding.
Regards and thanks to all the developers for the marvelous development
of QGIS,
Paul
Le 19/12/2016 à 12:13, Matthias Kuhn a écrit :
Thank you Paul,
We have received similar reports in the past already.
I think what you have done is the best approach: notify the antivirus
producer about false alerts as a user and provide them with the required
information (qgis-bin.exe etc.) to investigate the problem and update
the heuristics or white list accordingly.
With the information available from the general description of the
heuristics, there is normally not a lot we can do to "solve" the problem
from our side. If Norton asks more information, please just post again
either on this list or on the qgis developer list.
Thanks again
Matthias
On 12/19/2016 12:04 PM, Lens Paul wrote:
Hi all,
For info to Norton Security Users,
Using QGIS 2.18.1 on Windows 7 sp1 64 bits.
Norton deleted twice, without warning, qgis-bin.exe + many .py files on
my computer + modified many registry entries.
Message was "WS.Reputation.1", linked to the so-called SONAR function of
Norton Security.
This is how it works : "WS.Reputation.1 is a detection for files that
have a low reputation score based on analyzing data from Symantec’s
community of users and therefore are likely to be security risks."
The Norton (french-speaking) Assistance confirmed me it is a false
positive. I asked them to put QGIS on the White List.
NB: this is not the first time it happens for QGIS, see:
https://community.norton.com/en/forums/qgis-issue.
Afterwards, I submitted also a demand for whitelisting, as a Norton
user, on the Norton website
(https://submit.symantec.com/false_positive/standard/), where
qgis-bin.exe can be uploaded for testing.
I hope this will prevent any other disturbing false positive on Norton
products. Any suggestion?
Paul
_______________________________________________
Qgis-user mailing list
Qgis-user@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user
_______________________________________________
Qgis-user mailing list
Qgis-user@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user
_______________________________________________
Qgis-user mailing list
Qgis-user@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user
