Endpoint Protection

Expand all | Collapse all

How to disable WS.Reputation.1 detection

Jump to Best Answer
  • 1.  How to disable WS.Reputation.1 detection

    Posted 04-15-2015 02:56 PM

    I have read a number of posts about this feature, I understand the idea behind it but it doesnt seem helpful in my environment.  I am aware the individual files themselves can be submitted one at a time for whitelisting, but that is not a good solution for me.

    These notifications are from everything from various internally developed test applications, to new versions of various utilities being downloaded, etc.

    My question is how can I simply disable this? Which feature set is responsible for this detection? I can't find a way to simply add an exception for the risk type of WS.Repuation.1.

    Is it a function of Download Protection ? Many of the files were downloaded awhile ago and just continue to be re-detected. I currently have the Unproven Files action set to Leave alone (log only), but that action selection does not prevent the daily email notications.

     

     

     



  • 2.  RE: How to disable WS.Reputation.1 detection

    Posted 04-15-2015 03:07 PM

    You just need to uncheck "Enable Download Insight to detect potential risks in downloaded files based on the file reputation" in the Download Protection section from within the AV policy.



  • 3.  RE: How to disable WS.Reputation.1 detection

    Posted 04-15-2015 04:57 PM

    So there is no way to just disable the feature on files with insufficent reputation data to stop them from being flagged?

    I'd like to keep this download insight for the purposes of triggering a notification and blocking a file with a bad reputation. It's just the ones with no real reputation data being flagged as a (possible) risk and an email being sent that I have an issue with.

    Thank you for the reply.



  • 4.  RE: How to disable WS.Reputation.1 detection
    Best Answer

    Posted 04-15-2015 04:57 PM

    On the Action tab you can set the Action for unproven files to Leave alone (log only) or Ignore. This will leave UNproven files alone (not detected)



  • 5.  RE: How to disable WS.Reputation.1 detection

    Posted 04-15-2015 05:14 PM

    Currently the action for unproven files is set to Leave alone (log only) and that still triggers an email notification for each one... so the action Ignore will not trigger an email?

    Thanks again.



  • 6.  RE: How to disable WS.Reputation.1 detection

    Posted 04-15-2015 05:14 PM

    Should not if set to ignore.



  • 7.  RE: How to disable WS.Reputation.1 detection

    Posted 04-17-2015 03:52 AM

    Remove the email notification & start parsing the log files.

    The helps a lot ti identify low reputation malicious files, PUA etc.

    Also you can submit your genuine and inhouse developed files & remove the detection.

     

    https://submit.symantec.com/false_positive/

     

     



  • 8.  RE: How to disable WS.Reputation.1 detection

    Posted 05-17-2015 05:10 PM

    Finally found how to disable reputation on N360...

    Antivirus Settings > Scan and Risks > Exclusions / Low Risks > Signatures to Exclude from All Detections > 'Add' > Dropdown box - 'Insight Network Threat' > Then add WS.Reputation.1

     

    Hopefully this helps.



  • 9.  RE: How to disable WS.Reputation.1 detection

    Posted 07-31-2015 03:13 PM

    WS.Reputation.1 has  been a problem for me, but WoopsToggle's 5/17/15 solution didn't disable it for me. My problem is occurring when software I use generates a file that WS.Reputation.1 finds objectionable and deletes it causing the application to crash.

    Desperately looking for another solution.



  • 10.  RE: How to disable WS.Reputation.1 detection

    Posted 08-05-2015 07:42 AM

    Submit your genuine and inhouse developed files & remove the detection.

    https://submit.symantec.com/false_positive/