I have read a number of posts about this feature, I understand the idea behind it but it doesnt seem helpful in my environment. I am aware the individual files themselves can be submitted one at a time for whitelisting, but that is not a good solution for me.
These notifications are from everything from various internally developed test applications, to new versions of various utilities being downloaded, etc.
My question is how can I simply disable this? Which feature set is responsible for this detection? I can't find a way to simply add an exception for the risk type of WS.Repuation.1.
Is it a function of Download Protection ? Many of the files were downloaded awhile ago and just continue to be re-detected. I currently have the Unproven Files action set to Leave alone (log only), but that action selection does not prevent the daily email notications.
You just need to uncheck "Enable Download Insight to detect potential risks in downloaded files based on the file reputation" in the Download Protection section from within the AV policy.
So there is no way to just disable the feature on files with insufficent reputation data to stop them from being flagged?
I'd like to keep this download insight for the purposes of triggering a notification and blocking a file with a bad reputation. It's just the ones with no real reputation data being flagged as a (possible) risk and an email being sent that I have an issue with.
Thank you for the reply.
On the Action tab you can set the Action for unproven files to Leave alone (log only) or Ignore. This will leave UNproven files alone (not detected)
Currently the action for unproven files is set to Leave alone (log only) and that still triggers an email notification for each one... so the action Ignore will not trigger an email?
Should not if set to ignore.
Remove the email notification & start parsing the log files.
The helps a lot ti identify low reputation malicious files, PUA etc.
Also you can submit your genuine and inhouse developed files & remove the detection.
Finally found how to disable reputation on N360...
Antivirus Settings > Scan and Risks > Exclusions / Low Risks > Signatures to Exclude from All Detections > 'Add' > Dropdown box - 'Insight Network Threat' > Then add WS.Reputation.1
Hopefully this helps.
WS.Reputation.1 has been a problem for me, but WoopsToggle's 5/17/15 solution didn't disable it for me. My problem is occurring when software I use generates a file that WS.Reputation.1 finds objectionable and deletes it causing the application to crash.
Desperately looking for another solution.
Submit your genuine and inhouse developed files & remove the detection.