Endpoint Protection

 View Only

  • 1.  Symantec Reports 'Suspicious.Insight' in Scan@VirusTotal.com Response

    Posted Aug 03, 2010 12:00 PM
    Symantec Team,

    Recently I had an attachment in my mailbox which before downloading I forwarded to scan@virustotal.com for clearance. I do have a desktop AV but just to play safe from any alluring threats I normally do this before bringing the alien application to my desktop.

    Symantec was reporting nothing in the file whereas there was a tail-piece info or disclaimer with a hyperlink to http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99

    I believe the moment the file comes under this radar it means 80 per cent the file is not trusted and should be a malware with 20 per centage for a very new file that has come into existence.

    I would like to know what are the other categories similar to 'Suspicious.Insight'.


  • 2.  RE: Symantec Reports 'Suspicious.Insight' in Scan@VirusTotal.com Response

    Posted Aug 03, 2010 12:26 PM
    Hi Deepak,

    Have you seen the following article?  It lays out the info on suspicious.insight detections well:

    https://www-secure.symantec.com/connect/blogs/reputation-based-security-suspiciousinsight-detections-virus-total

    Also: it's a good idea to submit that file to Symantec Security Response if you are in any doubt.

    Please let the forum know if you have any additional questions!

    Thanks and best regards,

    Mick


  • 3.  RE: Symantec Reports 'Suspicious.Insight' in Scan@VirusTotal.com Response

    Posted Aug 03, 2010 12:41 PM
    Hi Mick.

    >>Have you seen the following article?  It lays out the info on suspicious.insight detections well: https://www-secure.symantec.com/connect/blogs/repu...

    I was actually looking out for similar content only to clarify on the thoughts. Thanks a ton.




    >>Also: it's a good idea to submit that file to Symantec Security Response if you are in any doubt.
    Yes. I did push it to ThreatExpert for their perusal and investigation. I think sending to scan@virustotal.com itself is anyway enough right? Symantec would share the file if I am right?
     



  • 4.  RE: Symantec Reports 'Suspicious.Insight' in Scan@VirusTotal.com Response

    Posted Aug 04, 2010 04:58 AM
    Hi Again Deepak,

    Virustotal.com is a completely different company.  This thread provides instructions on how to submit files to Security Response:

    https://www-secure.symantec.com/connect/forums/how-send-suspicious-file-symantec-lab

    Please let the forum know if there's anything else that the community can help with, or feel free to mark this thread complete/solved if the question has been answered. &: )

    Thanks and best regards,

    Mick