Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

WS.Reputation.2

WS.Reputation.2

Updated:
January 03, 2017
Risk Impact:
High
Systems Affected:
Windows

Behavior

WS.Reputation.2 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories.

The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.

Antivirus Protection Dates

  • Initial Rapid Release version pending
  • Latest Rapid Release version January 12, 2017 revision 020
  • Initial Daily Certified version pending
  • Latest Daily Certified version January 12, 2017 revision 023
  • Initial Weekly Certified release date November 02, 2016
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Symantec’s reputation technology system tracks the attributes of software files (applications, drivers and DLLs) from multiple sources, including:


The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.

The system considers many aspects of a file, including file age, file download source, digital signature, and file prevalence. These attributes are combined using a proprietary algorithm to determine a file’s safety reputation. The system maintains a rating for all files rather than just malicious files. Each software file is given a GOOD, BAD or SUSPICIOUS rating.

Symantec’s reputation-based security engine continuously monitors all files and over time a file’s reputation may change.
WHITE-LISTING
Software developers who want to accelerate the reputation building process for their new software applications should submit new applications to the Symantec white-listing program. Details of that program can be found here .


DISPUTES
If you believe that a program has been incorrectly classified by the Symantec reputation-based security system, then you may submit a dispute using this Web form .


REMOVING A FILE FROM QUARANTINE
It is possible to restore a file from quarantine to its previous location on your computer. This should only be done if you are certain that the file is not malicious. Symantec strongly recommend that you submit the file that was detected even if you choose to restore the file from quarantine.