virus?

[hymie0]

Greetings.

I've been trying to download https://github.com/NoMoreFood/putty-cac/blob/master/binaries/x64/pageant.exe which I believe is version 0.70.2 .

My Symantec Endpoint Protection is marking it "Infected" with "WS.Reputation.1"

I found version 0.70.1 and it appears that Symantec is happy with this version.

Can you please look into this?

(Side note -- I know this is a github thing and not a you thing, but the "tags" are sorted in a weird way, so 0.70 is above 0.70.u2 and 0.70.u1 even though 0.70.u1/2 are newer.)

[NoMoreFood]

A reputation hit just means of people haven't downloaded it enough for Symantec to consider it trustworthy. It's not a virus. If you want a previous release, look on the releases page. Please close the issue if this response is satisfactory.

…

On Thu, Aug 17, 2017 at 7:52 AM hymie0 ***@***.***> wrote: Greetings. I've been trying to download https://github.com/NoMoreFood/putty-cac/blob/master/binaries/x64/pageant.exe which I believe is version 0.70.2 . My Symantec Endpoint Protection is marking it "Infected" with "WS.Reputation.1" Can you please look into this? In the meantime, do you have older versions archived someplace where I can download them? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#11>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AMSMf1rsgnRuVoBfbdKuYEAF62pmrhYoks5sZClTgaJpZM4O6Jyh> .

[hymie0]

Thanks.

[bluikko]

Kaspersky is also detecting infections, only on 0.70u2:

• PuTTY: "Shelma.ah" and "Shelma.ao"
• PSCP: "Shelma.bb"

Those are signature-based false positives and not due to reputation or heuristics.

[NoMoreFood]

Alright. I'll take a look at the files when I get home tomorrow. They obviously aren't viruses so maybe they just need a resign to change the hash.

…

On Thu, Aug 17, 2017 at 9:27 AM bluikko ***@***.***> wrote: Kaspersky is also detecting infections, only on 0.70u2: - PuTTY: "Shelma.ah" and "Shelma.ao" - PSCP: "Shelma.bb" Those are signature-based false positives and not due to reputation or heuristics. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#11 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AMSMf_54UbhZF_SQ1ne5Qj9sgIF5Pji9ks5sZD_SgaJpZM4O6Jyh> .

[NoMoreFood]

@bluikko, @hymie0 Before I take action on this, can you confirm you're scanners are still finding an issue after their latest virus update? I fed the file through https://virusdesk.kaspersky.com/?_ga=2.173162666.84273751.1503098125-1435948688.1503098125 and it does not report an issue so maybe they fixed it.

[bluikko]

@NoMoreFood The false positive was present on database from 2017-08-14 (at least) until 2017-08-16 (did not test databases after this). On the latest database from today 2017-08-19 there is no more false positive.

So indeed Kaspersky seems to have fixed this issue.

[hymie0]

Sorry for the delay. I am now able to download, install, and run pagent 0.70.2 without virus warnings.

Thank you for your help.