Endpoint Protection client install packages are being detected as WS.Reputation.1 by Download Insight
Last Updated February 09, 2018
Download Insight is detecting an exported Symantec Endpoint Protection (SEP) client install package (single executable) as WS.Reputation.1. The logs indicate that the scan type is AutoProtect, the subcategory shows as Insight Network Threat, and Current Reputation indicates "There is strong evidence that this file is untrustworthy". This is observed when downloading the package from any HTTP or HTTPS URL, i.e. good drive, drop box or BOX.
Single executable install packages have not been signed by the SEPM.
Symantec is aware of this issue and will update this document when a solution becomes available. It is not necessary to log a support case on this issue. Please subscribe to this article to be notified of any updates
Possible workarounds to avoid being detected by Download Insight:
Zip the install package with a password and download it over http or https.
Use 7-Zip (.7z) to archive the install package with a password and select "Encrypt file names."
Create a SEPM exclusion for the environment for the specific install package name.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe