I downloaded a free version of the software shown below. After I downloaded it I sent it to Virustotal to check the file. It passed with all the vendors except Symantec, which said Insight.Suspicious.

Any thoughts?

Thanks

http://www.diskanalyzerpro.com/index.html

http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99

http://community.norton.com/t5/Norton-Internet-Security-Norton/Suspicious-insight/m-p/199047

I found this comment by Symantec, in the second link provided by King Grub (see here (http://community.norton.com/t5/Norton-Internet-Security-Norton/Suspicious-insight/td-p/199047/page/2)), to be informative:

-{ Quote: "Due to the nature of our reputation system, even if a new clean file is initially flagged as "unproven" (which is rare), it will typically develop a good reputation very quickly – usually within several days." }-
This suggests that few non-malicious files are initially designated as “unproven” in Symantec’s reputation system -- i.e., an “unproven” file is more likely than not to be malicious.

Edit: typing correction

http://www.symantec.com/connect/blogs/reputation-based-security-suspiciousinsight-detections-virus-total

it's not the AV anymore. white lists... early 90ths :argh:

-{ Quote: " it's not the AV anymore. white lists..." }-
Actually, the primary application of reputation analysis is quite distinct from traditional white lists and black lists, an old (but still valuable) technology that all anti-malware vendors employ.

White lists consist of applications that are very common and are known to be non-malicious, and black lists consists of very common instances of malware. It’s the murky middle -- the “long tail” -- that is the new challenge. That’s the realm in which reputation analysis provides the greatest impact.

Thanks to all for the replies.

This quote from the link in IBK's post seems to say it all:

This detection looks at many different aspects of a file, including how it arrived on the system, publisher information, when it arrived, etc. Using these attributes, most users do not see Suspicious.Insight detections on clean files. (Note that on an online scanner such as VirusTotal, many of these attributes are absent, hence a Suspicious.Insight detection will be more likely).

By the way, as a test I re-submitted the file the VirusTotal today, and Symantec passed it now. So I guess they have more info on it now.