Article from ghacks.net : http://www.ghacks.net/2012/06/25/how-to-bypass-symantecs-ws-reputation-1-system/
Every year companies like Symantec or Kaspersky are refreshing their security lineup, usually by adding a number of new features to the products and changing the year at the end of the product name. One of Symantec’s recent additions to its Norton consumer security product line includes a reputation engine. This is basically a cloud-based system that uses information from all Symantec programs to determine the reputation of a file or program on a computer system.
The idea here is that programs are likely safe if they are used by a large percentage of users, and that programs that are not used widely are more likely not to be safe to run on the system. The problem with this approach is that Symantec can quarantine files even if the program’s own scanner did not detect malicious code in them. The system has been designed to block unclassified malicious software from running on the system.
What is happening though is something completely different. Independent software developers like Andreas Löw began to notice that their programs were automatically classified as WS.Reputation.1 files due to their low reputation score. If that was not bad enough, Norton products automatically delete files classified as such and move them to the quarantine of the program.
Symantec notes:
WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories.
File Insight WS.Reputation.1
