Norton Internet Security flagging odrive files as threats

I’m using odrive version 5049 on windows 10.

A Full System Scan on Norton Internet Security is giving me two threats:

  1. odrive.exe flagged as “Suspicious.Cloud.9” threat
  2. flagged as “Compressed” threat.

Hopefully these are false positives but do they need to be flagged somewhere to get them on a whitelist to stop this happening going forward?

I have screenshots from Norton with details of what was shown but only 1 image is allowed to be posted.

Any help and advice would be gratefully received. Hopefully these details will also help other users that come across this issue.

Thanks for the report. Their heuristic detection can be overly aggressive.

We do not have any malware in the product. I am going to try to submit a false positive report to Symantec for this. Can you give me the full path of each file it is reporting? I just want to make sure I have everything accounted for.


Hi Tony, Thanks for the response. Here is the path for “Suspicious.Cloud.9”:

And here is the path for “”:

Thanks! I have submitted to Norton’s false positive reporting service:

Got a response back and odrive.exe should be in the clear now, although it will depend on when they roll-out an update.

Thanks for following this up.

I will wait a few days and then remove it from the Exclude List. I will run the Full Scan again to see what happens.

Symantec is flagging “filodrive.exe” as a threat. Is this one of yours and should it be set to ignore?

Hi @Thomas_Buck

Is the error above what you are seeing? I submitted it for whitelisting to Symantec, so I am hoping it is rolled out soon.

That’s it all right.

The v5080 installer was flagged by our corporate Symantec Endpoint Protection (Windows) as a “suspicious file.” The business versions of Symantec products are less strict about deleting what it sees as threats. Looking through the logs it appears that Symantec got its knickers in a twist due to the combination of multiple internet accesses and Explorer shell injection.

Systems that upgraded directly to v5085, on the other hand, did not produce objections from Symantec Endpoint

I am trying to download odrivesync.6209.exe. Norton flags and removes the file immediately. Is the WS.Reputation.1 supposed to be in the download? Any suggestions will be appreciated. The path is c:\users\user1\downloads\odrivesyn.6209.exe, and a Norton screen shot is attached. I’m looking forward to using the product.

Hi @mesutton,
Annoying. Usually Norton is smarter than this, since our code signing certificate has been in use since early 2015. I guess because the file version is appended to the file, it somehow triggered this as a “brand new” application. I have submitted a false positive report to Symantec. You should be able to pull this out of quarantine and run it.

I also ran the file through VirusTotal, for good measure, and it came up clean:

Thank you. I pulled the file out of quarantine, and everything worked fine.

Thanks for confirming. Norton has also whitelisted us.