HIgh Risk Security Alerts - Trojan and Phishing

I recently downloaded the 1.0.8 Dubler update, Win 64bit, and got a High Risk Security Alert from Norton (see screenshots below) warning of a probable Trojan within the file. The security program deleted the file. I reported this to info@vochlea.co.uk and was told to create a Help ticket.

I know how to get around a security block, but I won’t. I won’t install something with a High Risk of a Trojan attack on my systems.

Then, on a separate device, I went to the link provided for the contest video uplink, and got a Malicious Website Warning of it being a known Phishing Attack site (screenshots also below).

What gives?
I’m thwarted, as I can’t update Dubler, and forget uploading the video I’ve worked on.

Is Norton Security excessively reacting? Are you using risky 3rd party code?
Did you really piss off someone at Norton?

I don’t know how to proceed with Dubler at this point.

Hey @PhotonBoy,

Thanks for all the details. It seems Norton is warning about two things which are seperate

  1. The Dubler app for Windows. No we definitely don’t use ANYTHING malicious in the app. The amusing thing is that Norton has detected that we “used advanced machine learning” which apparently qualifies as a risk? I take it as a bit of a compliment. It seems our only move is to contact Norton and somehow get verified.

  2. We use an external provider for hosting the competition, shortstack.com - and we’re definitely not hosting anything on our particular competition page that is malicious. Perhaps other people running competitions on shortstack have done, and that’s why it’s warning? Who knows. In our next competition, we will host our competition run on our own site written by us. We just don’t have the manpower at the moment - but that should change in the next month or two. Improving the app’s technology daily comes first - which is what I’m dedicated to at the moment.

Hi again @PhotonBoy,

I’ve submitted a false positive report to Norton, hopefully they whitelist us quickly.
You can submit your own to help the process https://submit.symantec.com/false_positive/

As you can see the “threat” is Heur.AdvML.C described here:

This means they block anything they’ve not whitelisted that uses high performance machine learning. Wow.

We have written our production high performance machine learning inference systems “by hand”, with matrices - not using some machine learning library. We did this for performance. We know exactly byte for byte what is in our system, and there’s nothing malicious at all.

Thanks for the detailed response.

I knew that the alerts were separate issues, but when the 2nd fell so soon after the first, I had to address it.

Glad to hear that the code was built by you guys, as I had originally expected. I edited my original post to remove the screenshots, as they served their purpose, and added strikethoughs.

I tried to report this to Norton, but the form wouldn’t accept my submission, alas.

As to the contest upload, I think I’ll continue to finesse the video, and wait for the next contest.