badjoe.blogg.se - Ws reputation 1 symantec endpoint protection

The act of digitally signing also allows the Windows operating system to check the file(s) for integrity verification. NOTE: There is a secondary benefit to using/insisting on signed software from vendors. In the event the file behaves in inappropriate ways, SEP should still detect and stop questionable or malicious behaviors. This method of mitigating the WS.Reputation1 detections in no way affects other modules/layers of SEP client.

If the file(s) detected as WS.Reputation1 is/are signed, the signing certificate can be exported from the file(s) and loaded into the Symantec Endpoint Protection Manager under Policies > Exceptions > Windows Exceptions > Certificate.īy importing the digital signature of the file (certificate), all software from the vendor that is also signed with this same digital signature/certificate is trusted for this type of file reputation detection. To extract a digital signature/certificate from a signed software file/package: How to extract a digital signature/certificate from a signed software file/package To add the digital signature of the file(s) to the Exceptions Policy

NOTE: This is a viable option, but only if the other two methods above are unsuitable for some reason, and should be used with caution.

Release the file(s) from Quarantine and allow them to run.

Submit the file(s) to Broadcom as a False Positive (FP) for review.

Add the digital signature of the file(s) to the Exceptions Policy.

There are several ways to resolve this type of situation.

However, the WS.Reputation.1 detection can and will effectively catch new legitimate threats in the wild, so please only follow this KB if you are 100% sure that the software being detected is legitimate and was supplied from a valid, trustworthy source. However, this does not indicate that the file is a threat, only that it is not trusted based on the prevalence in the larger Broadcom community based on usage, age, and other factors. If the file is too new or doesn't have enough usage to determine if the file is trustworthy, the SEP client returns a detection of WS.Reputation.1. When the new application version is deployed to a SEP endpoint, SEP client will look up the file from the Broadcom Insight database. The most common cause of this is a change to the file, such as a new version of an application. This detection conveys that the file's global reputation within the larger Broadcom community is not yet trusted based on information such as age, hash, and number of times seen. This SEP detection is from the Insight (File Reputation) feature of the SEP client. The WS.Reputation.1 detection indicates a suspicious file and not a traditional anti-virus/malware detection.