Endpoint Protection client install packages are being detected as WS.Reputation.1 by Download Insight

book

Article ID: 169502

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Download Insight is detecting an exported Symantec Endpoint Protection (SEP) client install package (single executable) as WS.Reputation.1. The logs indicate that the scan type is AutoProtect, the subcategory shows as Insight Network Threat, and Current Reputation indicates "There is strong evidence that this file is untrustworthy". This is observed when downloading the package from any HTTP or HTTPS URL, i.e. good drive, drop box or BOX.

 

Cause

Single executable install packages have not been signed by the SEPM. 

Resolution

Symantec is aware of this issue and will update this document when a solution becomes available. It is not necessary to log a support case on this issue. Please subscribe to this article to be notified of any updates

Possible workarounds to avoid being detected by Download Insight:

  • Zip the install package with a password and download it over http or https. 
  • Use 7-Zip (.7z) to archive the install package with a password and select "Encrypt file names."
  • Create a SEPM exclusion for the environment for the specific install package name.