Golly Insight

[wildmyron]

Sorry for the confusing subject. The image speaks for itself.

Golly Insight.png (61.42 KiB) Viewed 2402 times

Fortunately I can "Allow" the file to retrieve it from quarantine

[77topaz]

Sorry for the confusing subject. The image speaks for itself.

Golly%20Insight.png

Fortunately I can "Allow" the file to retrieve it from quarantine

Yeah, when I first downloaded Golly (on a Mac) it got flagged by the built-in antivirus system also, and I had to go into System Preferences and manually allow it to install.

[dvgrn]

Sorry for the confusing subject. The image speaks for itself.

Golly%20Insight.png

Fortunately I can "Allow" the file to retrieve it from quarantine

Yeah, when I first downloaded Golly (on a Mac) it got flagged by the built-in antivirus system also, and I had to go into System Preferences and manually allow it to install.

I ran into this problem with Symantec with Golly 3.0 last September, though at that point it was not trusted just because it hadn't been seen by enough people.

I submitted a false-positive report, and got a positive response:

In relation to submission 49590.

Upon further analysis and investigation we have verified your submission and as such this detection will be removed from our products.

The updated detection will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at https://securityresponse.symantec.com/a ... nload.html

Please note that whitelisting can take up to 24 hours to take effect.

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.

To possibly avoid future detections of your files, please try the following.
Digitally sign binaries with Class-3 digital certificates (X.509) from a Certificate Authority.

If you are a software vendor and would like to upload your software for proactive whitelisting, please complete the following form: https://submit.symantec.com/whitelist

For more information on best practices to reduce false positives:
https://www.symantec.com/content/en/us/ ... .en-us.pdf

For Golly 3.1, I think the "malicious" report is probably due to just a few too many people downloading Golly, trying to run it, getting it quarantined because "it hasn't been seen by very many users yet", and then people don't go to the trouble of arguing with Symantec and manually moving the executable out of quarantine -- instead maybe they shrug and go back to Golly 3.0. That probably counts as a vote against the 3.1 executable.

If anyone wants to go ahead and report a false positive, that might help improve Golly 3.1's reputation with Symantec. Looks like the reporting URL has changed -- try here.

However, a coordinated campaign may not be necessary. I got a fairly quick response from Symantec back in September, and that seemed to fix the problem within a week or so. I'll post here in a few days if they complete a review and take Golly 3.1 back off of their naughty list.

[dvgrn]

If anyone wants to go ahead and report a false positive, that might help improve Golly 3.1's reputation with Symantec...

Never mind -- looks like we should be in the clear by, say, early next week:

In relation to submission 71767.

Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

File name: golly.exe
MD5: eb4a03d26eb834edcd4c7b0e8c136e46
SHA256: 9abb003751d23163d646d37b6704091ea89ece52accb315a84a14c5ed157281f
Note: Whitelisting may take up to 24 hours to take effect via Live Update

If detection persists, please contact support:
* Norton: https://support.norton.com/sp/en/us/home/current/info
* SEP: https://support.symantec.com/en_US/endp ... 54619.html

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.

For more information on best practices to reduce false positives:
https://www.symantec.com/content/en/us/ ... .en-us.pdf

[77topaz]

That's good! Though, it doesn't yet solve the problem of Golly 3.1 also being flagged by the Mac built-in antivirus system.