Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

White lists and false positives

Created: 10 Jan 2014 | 3 comments

I represent a small software company that sells Windows software as electronic downloads. Lately, Symantec products flag our products as potential threats upon detections be so called "crowd intelligence" based algorithms, such as WS.Reputation, WS.Suspicious cloud and similar. We have reported the false positives and applied for white listing. These are always approved by Symantec, but don't seem to have any effect in reality. Our installers are signed using a certificate issued by Thawte. Obviously, this is very harmful for our business. My question is, how can we possibly avoid these false positives? Are Symantec trying to push their own certificates using their dominance in the virus protection market and would it help to purchase a certificte issued by Symantec?

Best regards,

Stian Aagedal (Acon AS)

Operating Systems:

Comments 3 CommentsJump to latest comment

James007's picture

Did you submit you file in symantec White-List.

Software developer would like to add his/her software to the Symantec White-List.

 

 

 

Article:TECH132220 | Created: 2010-01-04 | Updated: 2013-10-18 | Article URL http://www.symantec.com/docs/TECH132220

See this thread

http://www.symantec.com/connect/forums/sep-application-whitelisting

.Brian's picture

Submit false positive here:

https://submit.symantec.com/false_positive/

Software White-Listing Request here:

https://submit.symantec.com/whitelist/

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

saagedal's picture

Thanks for the replies. I already submitted the false positives and got the software white listed. I received a white list confirmation from Symantec and they ensured to remove the false detection. It doesn't seem to have any effect, though. Customers are still reporting detections. Why isn't it possible to white list a developer based on the code signing? We are completely left in the dark here by Symantec, there is no explanation whatsoever about their cloud based detection algorithms. Is the country of origin, the number of downloads or what? We have never had any problems with other anti-virus software.

Stian