• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos0

How to exclude/ignore a "threat"?

A recent scan revealed both a threat of high importance (a perceived virus in a safe file) and a threat of low importance (a tracking cookie).  The only option with the former is 'remove', but the latter has 3 options, inlcluding exclude and ignore.   

How can I ignore or exclude the perceived virus?  Is there a whitelist?

Even more odd, if I dismiss the dialogue asking me how I'd like to proceed immediately following the scan, this threat list (both aforementioned threats) presents itself in the history section as 'Unresolved Security Risks' but cannot directly be dealt with.  In this 'history' module there are no buttons to enact the recommended actions.  That is, there doesn't seem to be a way to quarantine or fix those risks without either A.) a rescan of those threats and fixing the threats in the dialogue following the scan, or B.) browsing to the files containing the threats manually and deleting them.   Am I missing something?  

FWIW, I use NIS2009.7 with Win7, but I suspect my question would apply to any version of NIS2009. 

Message Edited by floepie on 05-21-2009 10:32 AMMessage Edited by floepie on 05-21-2009 10:34 AM

Replies

Kudos0

Re: How to exclude/ignore a "threat"?

OK thanks.  I do see now how one can restore quarantined threats.  The option to do so is available only when logged on as an admin.

Let's just say here that I HATE how this is implemented.  If the developers do not want to give the limited user the ability to elevate rights with an admin password prompt via the user interface, then PLEASE show the options as grayed out or as unavailable so that users who run their machines as limited users are shown where and how to do stuff that's integral to a functioning piece of software.  

Now, if someone could tell me how to whitelist a threat after it has been restored, that would be great.  When I scanned a restored item, Norton recognized it as a threat once again.  Is this the intended behavior associated with NIS2009 running on XP and Vista?   

Kudos0

Re: How to exclude/ignore a "threat"?

A recent scan revealed both a threat of high importance (a perceived virus in a safe file) and a threat of low importance (a tracking cookie).  The only option with the former is 'remove', but the latter has 3 options, inlcluding exclude and ignore.   

How can I ignore or exclude the perceived virus?  Is there a whitelist?

Even more odd, if I dismiss the dialogue asking me how I'd like to proceed immediately following the scan, this threat list (both aforementioned threats) presents itself in the history section as 'Unresolved Security Risks' but cannot directly be dealt with.  In this 'history' module there are no buttons to enact the recommended actions.  That is, there doesn't seem to be a way to quarantine or fix those risks without either A.) a rescan of those threats and fixing the threats in the dialogue following the scan, or B.) browsing to the files containing the threats manually and deleting them.   Am I missing something?  

FWIW, I use NIS2009.7 with Win7, but I suspect my question would apply to any version of NIS2009. 

Message Edited by floepie on 05-21-2009 10:32 AMMessage Edited by floepie on 05-21-2009 10:34 AM
Kudos0

Re: How to exclude/ignore a "threat"?

I think I may have found a fix for your problem.

 

I looked through my resolved security risks history in norton and picked a random tracking cookie that had been resolved. I clicked on help to see if there was a way to set a security risk a trusted or to simply keep norton from notifying me about it and the help section explains several methods of doing this based on what you are trying to white list. The list of different courses of action to take is kind of long so I'll just give you the jist of it.

 

TRUST - Allows a program to freely work on the computer and its network.

ALLOW - Allows a program to freely access the internet.

STOP NOTIFYING ME - Keeps norton from notifying you when it blocks a certain attack signature.

 

From the looks of things the way to white list a threat in the norton history varies greatly by the kind of threat it is. To see the full page in norton help that I am talking about open norton, click on help, and search for "about the advanced details window."

 

Sorry if I haven't explained it in enough detail but it is somewhat difficult to understand in norton help. There are too many different courses of action possible and they all apply to different types of security threats.

Kudos0

Re: How to exclude/ignore a "threat"?

Thanks, those options you mention apply only to firewall warnings.  Specifically, I'm interested in simply restoring files that have been quarantined that I have deemed safe.  There is an option for that.  However, there is no option to 'restore AND ignore'.  I think it's odd that the scanner cannot remember that the file has been restored and quarantines it once again if the scanner encounters it.  It seems the only way to ignore the file is to manually add it to the list of exclusions.  
Kudos1

Re: How to exclude/ignore a "threat"?

01. In the "Unresolved Security Risks", is there an Option to Submit the File(s) to symantec Security Response?  If not, please Submit them via this Web Link: https://submit.symantec.com/websubmit/retail.cgi.  Please could you also P.M. me the File that Norton is Detecting as a Threat.

02. Add the File(s) to Exclusions: Open Norton 2009 Product > Computer Settings > Exclusions/Low Risks.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: How to exclude/ignore a "threat"?

Hi floepie,

 

You're correct. There is no option to restore and ignore the files. Manually excluding the files from scan will be the immediate workaround.

 

However, there is another workaround that I would suggest. If you think Norton has quarantined a file that you think is genuine, or in other words a false positive, you can submit the file so that they can look into it. Here is the link to submit the files.

https://submit.symantec.com/false_positive/index.html

The next time the definitions are updated; Norton will run what is called as a Quarantine Scan. This will check for the files in the Quarantine folder against a list of known applications that are acknowledged by Symantec. This may be a time consuming process, but definitely will be a permanent solution.

 

If they don't acknolwedge the file as a False Positive; then I would not want to run the risk of having the file in my computer.

 

Let me know if this makes sense.

 

-MbR

Message Edited by mythbuster on 05-23-2009 06:14 AM
"Mythbuster is now a SUPER keylogger crusher" - MbR
Kudos0

Re: How to exclude/ignore a "threat"?

Yes, it does.  Thanks.   I still think it's odd this software does not give you the ability to whitelist something when it encounters a suspect file.  At least NIS could quarantine it, and present you with the option to whitelist it from within the quarantine list.  
Kudos0

Re: How to exclude/ignore a "threat"?

This may be more of a thing to ask in the norton windows 7 beta forums but I will try to answer based on NIS 2009 for XP.

 

In the settings by default all medium and high level threats are set to be removed upon detection. In the settings there is also a choice of three courses of action to take when tracking cookies are detected. I believe they were remove, ask (giving you the option of choosing what course of action to take when each cookie is detected), and ignore, however it is possible that this was modified slightly in the windows 7 version of NIS 2009. I for one set this to remove so that quick scan becomes an instant tracking cookie remover.

Replies are locked for this thread.