In its default settings, Norton Antivirus deletes executables only because it hasn't seen them before. Let that sink in. Norton doesn't even check the executables. It just deletes them because they're new, wreaking havoc everytime you push an update to your clients.

Signing your software with an expensive "Extended Verification Code Signing Certificate", costing around 700$ for a couple of years, doesn't help.

Only large software corporations have a workaround. They know the right people at Norton Antivirus to get their Code Certificates registered in the Norton databases. This way, they can push updates that are not affected by this practice.

Small software developers and startups have nowhere to go. With its massive share in the antivirus market, Norton holds us hostage.

The practice is described here on the Broadcom website (new owner of Norton Antivirus):

https://knowledge.broadcom.com/external/article/191764/endpoint-protection-detects-known-good-a.html

I quote:

> The most common cause of this is a change to the file, such as a new version of an application. [...] If the file is too new or doesn't have enough usage to determine if the file is trustworthy, the SEP client returns a detection of WS.Reputation1. However, this does not indicate that the file is a threat, only that it is not trusted based on the prevalence in the larger Broadcom community based on usage, age, and other factors.