• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos5

Let the user decide whether or not to quarantine a file

IN NIS 2011, when File Insight detects an apparently risky file (e.g. a downloaded ".exe"), it immediately deletes the file and quarantines it, even if the user is happy to accept the file.  It is very inconvenient having to then go to quarantine every time to restore it, especially if the user is confident that it is a safe file.

The same argument also applies to sofware developers, whose executable files they have developed appear to suffer the same fate without being consulted first.

Therefore, could you please give the user the option of whether or not to delete/quarantine such a file instead?  All it needs is extra buttons on the File Insight notification screen (e.g. "Allow this file" or "Remove") with a suitable warning re the consequences of doing so.  With the filename also displayed, the user can then decide whether or not to let the file through if he recognises it or get it quarantined if he does not.

By the way, it is not good enough just to ask the user to "Trust" the individual file each time, because chances are every time a file is downloaded it will have a different name, so the "trust" list could end up with a huge number of files (unnecessarily).

Please note - "Computer software exists as the servant of the user, not the other way round."

Thanks.

Replies

Kudos0

Re: Let the user decide whether or not to quarantine a file

Hello together

In the German forum, we speak about it. Many of us want this option. Please let the user decide what they delete.

Sorry for my language.

Basler

Kudos0

Re: Let the user decide whether or not to quarantine a file

Does false positives appears so frequently?

Not so few cases then a malware sample is recognized as a Safe file (about the one in every 30 downloaded files)

> By the way, it is not good enough just to ask the user to "Trust" the individual file each time, because chances are every time a file is downloaded it will have a different name, so the "trust" list could end up with a huge number of files (unnecessarily).

a few piece of info:

Security data is binding with file checksum (for example you can see it in wikipedia as md5 ,sha-256 and other hash algorithms). checksum is changing if only file content was changed (filenames and extentions may be anything you want - it will not change the checksum).

(see video http://community.norton.com/t5/Norton-Protection-Blog/New-Feature-for-Norton-Internet-Security-2010-Download-Insight/ba-p/113827 )

Kudos0

Re: Let the user decide whether or not to quarantine a file

Hello Niko233,

Thank you for your feedback, now to give you more details about the problem :

It would be ok if Norton would show this Insight Message for all threats, but it is detecting some applications as false positive and it deletes (quarantines) them instantly, which causes some inconveniences to restore the file and then create a scan exclusion :

There is a switch between auto / manual for the low threats but not for the higher ones. Should it be changed for the future versions of Norton ?

Best regards,

John

Kudos0

Re: Let the user decide whether or not to quarantine a file

Hello

I agree with this thread!

Manuel

Grüße, Manuel
Kudos0

Re: Let the user decide whether or not to quarantine a file

i totally agree with the suggestion, that the user has to decide himself, to quarantine or not. Michael.
Kudos0

Re: Let the user decide whether or not to quarantine a file

Good Idea. Signed!

Kudos0

Re: Let the user decide whether or not to quarantine a file

I agree because I just face the problem that NIS not allow me to upgrade the software because of false alarm.

Kudos0

Re: Let the user decide whether or not to quarantine a file

More generally, NIS should not do anything to my system that I cannot easily undo.

Kudos0

Re: Let the user decide whether or not to quarantine a file

I support the idea.  Symantec: are you listening?

Kudos0

Re: Let the user decide whether or not to quarantine a file

Do it. This is the main reason I am not using Norton at the monent.

Kudos0

Re: Let the user decide whether or not to quarantine a file

+1 on this.

You could always make it a setting that is off by default so the actual behaviour remains unchanged and at the same time also cater to the more computer-savvy audience.

This would make an excellent addition and I'm sure you would get more support for that.

Kudos0

Re: Let the user decide whether or not to quarantine a file

Yes, I would like to see this option added as well.  I've been nailed a few times by NIS auto-deleting files that I know are OK and have had to turn it OFF to get it out of the way temporarily.

Kudos0

Re: Let the user decide whether or not to quarantine a file

I vote yes.

Kudos0

Re: Let the user decide whether or not to quarantine a file

My original post was about a month ago and its status is still "New Idea".  When is it likely to be updated to (e.g.) "Under Consideration"?

Do Symantec consider all new Norton Product ideas or are some ignored without comment?

It would be nice to get some feedback from Symantec on this one, especially as it has gained so much support from other users.

Many thanks.

Kudos0

Re: Let the user decide whether or not to quarantine a file

Consider this signed.  Until it is addressed, Sonar is turned off.

Kudos0

Re: Let the user decide whether or not to quarantine a file

I think it should scan the file then ask the user is it safe to store *.somefile name to " safe directory" where the file can be opened and tested ( ex... like win zip) to see if it is a reliable file and that there is no hackware or spyware in it. if there is a issue then ask user if they want to fix problem or bypass and continue install. when it is installed or ran not shal use a monitor of the program and make sure that it don't change any key settings in the o.s. (ex... like a self duplicator) and check to see were it "dials home" at and check to make sure that it is a reliable source (ex.. like a popup trojan or back dialer) Norton allready does this automaticly but doesn't let the user have any input... input would be nice!

Kudos1

Re: Let the user decide whether or not to quarantine a file

No progress on this? I reinstalled NIS 2011 on my machines and am mostly happy with it. However, when I ran a full scan on my desktop machine it deleted 6 files I would rather it had not messed with. It would not let me restore 2 of them. It is my machine and they are my files. An internet security suite should be a tool, not something that takes over my computer.

Kudos0

Re: Let the user decide whether or not to quarantine a file

I've had this too, however in all but one case, the quarantine has been accurate.

The idea should be expanded, there should be 3 options; trust, quarantine, and remove, as there's always a possibility that the threat has an anti-quarantine counter-measure, or a 2nd threat comprimises your quarantine information.

I could dream forever, and never stop, I could think of life and beauty, the stars that fade in the sky, the hearts of lovers, the dreams of dreamers.
Kudos0

Re: Let the user decide whether or not to quarantine a file

I fully support this idea.

It is not ok that Norton is able to delete ( / quarantine - the problem is: in a few cases the file is not quarantined!) files without the confirmation of the user. There should be an option to "Trust" or to "Add the file to the secure zone" (not sure if that's the accurate expression in the English version).

Perhaps, Symantec doesn't want to add this option because the ordinary user could mistakenly allow a file which is infected. In this case, I suggest that this option shouldn't be available by default, but only after the (experienced) user has activated it. Any experienced user needs such an option!!

(Alternatively there could be the option to 'Block' the file - then, it can do no harm, too - no need to always delete it at once.)

There are apparently many people who refuse to buy / continue buying Norton because of this. For my part, I won't buy Norton after my trial periode. It is annoying that a software can delete on its own some of my files (some of which have been rated secure in previous scans! - So it's no help adding these files manually to the secure zone since you never know if Norton will rate your file 'evil' the other day...) Apart from that, adding a file to the secure zone is not always a help: as soon as you rename it or move it to another folder, the exception would be without any use).  

Please change this.

Kudos0

Re: Let the user decide whether or not to quarantine a file

Fully supported.  Do not take away user control.

But Michael_s has touched on a very serious variation of the theme - "in a few cases the file is not quarantined".

I have experienced instances of a false positive being detected, and for no given reason being removed without quarantining.  IMHO, this is unforgivable.

If you think that it's a pain to have to retrieve a file from quarantine, and then add it to an exceptions list to avoid recurrence, consider what it's like to have a 2-gigabyte file (a VMware virtual drive, containing hundreds of files that make up a virtual machine drive) inexplicably treated as infected, and removed without quarantining.  Our fault that we did not have a current offline backup, but it took some 10 hours to recover the lost data.

Interestingly, a separate copy of NAV was installed on that virtual machine, and even full scans had detected no infections.  Hence our conviction that we suffered a false positive on the host OS.  But that should not be relevant.  It should not be acceptable to have a program remove a file, with no option to restore it and no consent by the user.

(Both the host OS and guest/virtual OS were running fully-updated NAV 2010 at the time, shortly before the 2011 rollout.)

Kudos0

Re: Let the user decide whether or not to quarantine a file

After 4 months, still no response from the Norton Product Team as to whether this will be put "under consideration".  Is there anybody out there, Symantec?

Kudos0

Re: Let the user decide whether or not to quarantine a file

Symantec has The moderators have linked some of the newest ideas on the forum to this post, asking users to continue the discussion here, so I would hope they are Symantec is watching.

I also highly support this feature, and have had experience with the problem which Michael_s and ManFromOz mentioned, which is the outright deletion of certain detected files (I created a detailed suggestion here a while back).

+Kudos, and I really hope this gets integrated into a future release.

Kudos0

Re: Let the user decide whether or not to quarantine a file

The lack of this feature is the ONLY thing that prevent me from buying NIS 2011 or NAV 2011 as of now, I want to ultimately have the decision on what is quarantined not only be left to deal with the havoc that an AV's choices dealt to me. Implementation of this feature would be the only way to get me to buy this software.

Much love,

Tomwa Ivory

Kudos0

Re: Let the user decide whether or not to quarantine a file

Thank you all for the input. We have the "Ask Me" option available today under settings only for threats that are identified as low risk. The idea is we want to protect the users right away if there is a medium or high risk threat detected. I understand though that more advanced users would like to extend this setting to all Insight detections.
Kudos0

Re: Let the user decide whether or not to quarantine a file

Kudos0

Re: Let the user decide whether or not to quarantine a file

Yes! It is good  idea. There are some advanced users who need more control over protection. I hate automation, thats why I don't like Norton.

Kudos0

Re: Let the user decide whether or not to quarantine a file

I completely agree, Norton needs to add this feature.  I am seriously considering dropping Norton altogether, I am an advanced user and I don't want it deleting downloaded files just because "very few users" have downloaded it.  Absolutely ridiculous.  I also use specialized software in my business and I have had Norton delete the executables without asking me simply because "very few users" have used the program.  Luckily I was able to figure out how to restore those files (after a few headaches), but I am tired of trying to figure out how to restore a downloaded executable that has been quarantined.

Kudos0

Re: Let the user decide whether or not to quarantine a file

i personally think it should be removed as it doesn't work and what really concerns me is that it targets open source software while leaving proprietary software alone only once has it targeted proprietary software the rest have been open source or indie software like it gives EA sims 3 software excellent ratings but a game like ai war gets poor ratings even though sims 3 is more of a risk because you have to disable DEP and it uses securerom infact i just did a rep scan its only open source/indie software in the unproven/poor category ai war, smplayer, libreoffice, firefox, mucommander, filezilla, and that nokia QT thingy not a single proprietary program ok ai war is there but thats indie.

question: does symantec get paid by proprietary software companies to give there products good ratings??

Kudos0

Re: Let the user decide whether or not to quarantine a file

gabranth has made the point. I suppose Symantec is paid by software vendors to catch keygens whether they suppose a threat to the user or not. So I sugget Symantec to live on that money because I will not pay them to keep on bothering me a number of times a day with a nasty message which I haven't any control against.

On the other side I have to keep disabling Auto-protect to install LibreOffice. EU lawyers should have a look at this.

So I am very glad that Symantec has this beautiful idea "Under consideration" but I am looking forward to my 81 days licence resting days to letting it expire and gladly substitute it for another option that transparently protects my interests and not big software vendors ones.

Kudos0

Re: Let the user decide whether or not to quarantine a file

*bleep* i submitted libreoffice to nortan ages ago as a false positive

We are writing in relation to your submission through Symantec's on-line Security Risk / False Positive Dispute Submission form for your software being detected by Symantec Software. In light of further investigation and analysis Symantec is happy to remove this detection from within its products.



The updated detection will be distributed in the next set of virus definitions, available daily, or weekly via LiveUpdate, depending on Symantec product version, or daily from our website at
Kudos0

Re: Let the user decide whether or not to quarantine a file

would be very nice if he had asked me before deleting what to do with the file - under threat at any level and support browsers (opera , maxthon , avant) and others

Kudos0

Re: Let the user decide whether or not to quarantine a file

Norton delete files and did not even told me about it

http://community.norton.com/t5/Norton-Internet-Security-Norton/Norton-delete-files-and-did-not-even-told-me-about-it/m-p/469504#M2830

In light of further investigation and analysis Symantec is happy to remove this detection from within its products.

Users do not have to upload his own files to some unknown company. This is break property of users to have their own files and not to do illegal copies without asking User!

Kudos0

Re: Let the user decide whether or not to quarantine a file

everybody knew that to ask what to do with file is the best, only Symantec is 'thinking' and 'thinking' and will be forever so.

Kudos1

Re: Let the user decide whether or not to quarantine a file

good idea.

Reputaion false positives are growing.we need more user permissions

Kudos0

Re: Let the user decide whether or not to quarantine a file

Still waiting for a fix.....

Kudos1

Re: Let the user decide whether or not to quarantine a file


KickAstronaut wrote:

Still waiting for a fix.....


Seems that we don't get a fix.

Do Norton 2013 products let the user decide whether or not to quarantine a file?

Cheers, Jo Graduate of the WTT Classroom
Kudos0

Re: Let the user decide whether or not to quarantine a file

I get "access denied" when trying to access the above link......

Kudos0

Re: Let the user decide whether or not to quarantine a file

IN NIS 2011, when File Insight detects an apparently risky file (e.g. a downloaded ".exe"), it immediately deletes the file and quarantines it, even if the user is happy to accept the file.  It is very inconvenient having to then go to quarantine every time to restore it, especially if the user is confident that it is a safe file.

The same argument also applies to sofware developers, whose executable files they have developed appear to suffer the same fate without being consulted first.

Therefore, could you please give the user the option of whether or not to delete/quarantine such a file instead?  All it needs is extra buttons on the File Insight notification screen (e.g. "Allow this file" or "Remove") with a suitable warning re the consequences of doing so.  With the filename also displayed, the user can then decide whether or not to let the file through if he recognises it or get it quarantined if he does not.

By the way, it is not good enough just to ask the user to "Trust" the individual file each time, because chances are every time a file is downloaded it will have a different name, so the "trust" list could end up with a huge number of files (unnecessarily).

Please note - "Computer software exists as the servant of the user, not the other way round."

Thanks.

Kudos0

Re: Let the user decide whether or not to quarantine a file

Many users in german forum want this too.

The option of whether or not to delete/quarantine such a file is a very good idea.

Cheers, Jo Graduate of the WTT Classroom