August 19, 2019, 12:00:41 am

Author Topic: Certain AV programs misidentify windows client as virus  (Read 1142 times)

0 Members and 1 Guest are viewing this topic.

Offline MicroGuy

  • @realMicroGuy
  • Administrator
  • *****
  • Posts: 3447
  • Karma: +47/-0
  • "Shoot for the Stars!"
    • View Profile
    • MicroGuy.com
Certain AV programs misidentify windows client as virus
« on: July 25, 2016, 02:05:24 pm »
I've received 2 reports from new Goldcoin adopters that our desktop client is setting off their virus software.  :think:

I'm posting this for public record and community discussion. Please find the original emails and my reply below:

~~

Original email A

Code: [Select]
Name: Stephen Ashley

Email: [email protected]

Subject: Problem Downloading wallet

Comment: My PC will not allow me to download wallet. Norton AV kicks in and removes.

For your info I have included the brief report from Norton in the hope it helps you guys:

WS.Reputation.1 - Removal

Updated: February 15, 2012 3:15:47 PM

Type: Other

Risk Impact: High

Systems Affected: Windows 2000, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP

Behavior

WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s
community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s
reputation-based security technology. Because this detection is based on a reputation score, it does not represent
 a specific class of threat like adware or spyware, but instead applies to all threat categories.

The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of millions of end users) connected to
cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious
software in an entirely new way beyond traditional signatures and behavior-based detection techniques.


Hope this helps

Regards

Stephen

Time: July 25, 2016 at 6:13 am
IP Address: 101.176.218.196
Contact Form URL: http://www.gldcoin.com/contact-us/
Sent by an unverified visitor to your site.

Original email B

Code: [Select]
From: Stephen Ashley
Sent: Monday, July 25, 2016 7:17 AM
To: [email protected]
Subject: [GoldCoin (GLD)] Contact Us
 
Name: Stephen Ashley

Email: [email protected]

Subject: Downloading Wallet

Comment: Further Info from NORTON AV...

Filename: goldcoin-0.7.2.1-win32-setup.exe

Threat name: WS.Reputation.1Full Path: d:\users\*****\downloads\goldcoin-0.7.2.1-win32-setup.exe

____________________________

____________________________


On computers as of
25/07/2016 at 8:38:48 PM

Last Used
25/07/2016 at 8:58:46 PM

Startup Item
No

Launched
No

Threat type: Insight Network Threat. There are many indications that this file is untrustworthy and therefore not safe


____________________________


goldcoin-0.7.2.1-win32-setup.exe Threat name: WS.Reputation.1
Locate


Few Users
Fewer than 50 users in the Norton Community have used this file.

Mature
This file was released 5 months ago.

Medium
This file risk is medium.


____________________________


http://www.gldcoin.com/downloads/goldcoin-0.7.2.1-win32-setup.exe
Downloaded File from gldcoin.com
Source: External Media

goldcoin-0.7.2.1-win32-setup.exe

____________________________

File Actions

File: d:\users\*****\downloads\ goldcoin-0.7.2.1-win32-setup.exe Removed
____________________________


File Thumbprint - SHA:
3dc1f5430f8db7a6700944b42f3b5fe2886a0866ba52731a86ad12a737a7faa6
File Thumbprint - MD5:
Not available

Time: July 25, 2016 at 6:17 am
IP Address: 101.176.218.196
Contact Form URL: http://www.gldcoin.com/contact-us/
Sent by an unverified visitor to your site.


My reply

Code: [Select]
Hi Stephen,
 
Certain antivirus programs sometime misidentify the Goldcoin wallet as a virus.
 
There are 2 ways of solving this issue. You can manually create an exception for the application (see program docs) or
you can disable your antivirus. Creating an exception is the preferred method. Once we have 50 Norton users running
the program, this false alarm should disappear.
 
Please let me know if you have any other questions or concerns.
 
Sincerely,
 
Greg Matthews
(864) 335-9068
 
« Last Edit: July 25, 2016, 04:55:50 pm by MicroGuy »
"The heart of any cryptocurrency can be found in the spirit of its community."