Error Message

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: WS.Reputation.1

PatchSetup.exe is signed by a valid Veritas Technologies LLC certificate and it can be safely installed. Symantec Endpoint Protection incorrectly reports this as warning. Symantec Endpoint Protection just uses the existing reputation of the file to inform that very few users are using this file in their community.

The Download Insight feature of Symantec Endpoint Protection scans all Portable Executable (PE) and MSI files (including .bat, .com, .dll, .drv, .exe, .msi, .ocx, .sys) when they are downloaded through or launched by a portal application. It is a protection technology based solely on the reputation of files (No signature or behavioral analysis is performed by Download Insight). Symantec Endpoint Protection clients use Intrusion Detection System (CIDS) to retrieve information about files being accessed.

For more details on WS.Reputation.1, refer to the following link:

https://www.symantec.com/security-center/writeup/2010-051308-1854-99

Perform the following steps:

1. Close the Symantec Endpoint Protection Notification warning window.
2. In the Symantec Endpoint Protection Detection Results window, right-click PatchSetup.exe and UpdatePatchUpgradeInfo.exe filenames and then click Exclude.
   This adds the PatchSetup.exe and UpdatePatchUpgradeInfo.exe file path into Symantec Endpoint Protection exception list.
   
   
   
3. Extract the Veritas System Recovery Installer package and run the PatchSetup.exe again.
   Symantec Endpoint Protection deleted the Veritas System Recovery PatchSetup.exe and UpdatePatchUpgradeInfo.exe when the WS.Reputation.1 warning appeared.