Symantec’s reputation technology system tracks the attributes of software files (applications, drivers and DLLs) from multiple sources, including:
The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.
The system considers many aspects of a file, including file age, file download source, digital signature, and file prevalence. These attributes are combined using a proprietary algorithm to determine a file’s safety reputation. The system maintains a rating for all files rather than just malicious files. Each software file is given a GOOD, BAD or SUSPICIOUS rating.
Symantec’s reputation-based security engine continuously monitors all files and over time a file’s reputation may change.