Symantec Insight.Suspicious

Discussion in 'other anti-virus software' started by vincenzo, Feb 25, 2010.

Thread Status:
Not open for further replies.
  1. vincenzo

    vincenzo Registered Member

    Joined:
    Nov 28, 2005
    Posts:
    151
    I downloaded a free version of the software shown below. After I downloaded it I sent it to Virustotal to check the file. It passed with all the vendors except Symantec, which said Insight.Suspicious.

    Any thoughts?

    Thanks

    http://www.diskanalyzerpro.com/index.html
     
  2. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
  3. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    I found this comment by Symantec, in the second link provided by King Grub (see here), to be informative:

    This suggests that few non-malicious files are initially designated as “unproven” in Symantec’s reputation system -- i.e., an “unproven” file is more likely than not to be malicious.

    Edit: typing correction
     
    Last edited: Feb 25, 2010
  4. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
  5. format_c

    format_c Registered Member

    Joined:
    May 6, 2008
    Posts:
    116
    it's not the AV anymore. white lists... early 90ths :argh:
     
  6. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Actually, the primary application of reputation analysis is quite distinct from traditional white lists and black lists, an old (but still valuable) technology that all anti-malware vendors employ.

    White lists consist of applications that are very common and are known to be non-malicious, and black lists consists of very common instances of malware. It’s the murky middle -- the “long tail” -- that is the new challenge. That’s the realm in which reputation analysis provides the greatest impact.
     
  7. vincenzo

    vincenzo Registered Member

    Joined:
    Nov 28, 2005
    Posts:
    151
    Thanks to all for the replies.

    This quote from the link in IBK's post seems to say it all:

    This detection looks at many different aspects of a file, including how it arrived on the system, publisher information, when it arrived, etc. Using these attributes, most users do not see Suspicious.Insight detections on clean files. (Note that on an online scanner such as VirusTotal, many of these attributes are absent, hence a Suspicious.Insight detection will be more likely).

    By the way, as a test I re-submitted the file the VirusTotal today, and Symantec passed it now. So I guess they have more info on it now.
     
Loading...
Thread Status:
Not open for further replies.