• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos4

SONAR is deleting programs

We have turned off SONAR since it deletes programs that we wrote and which have been working for many years.

This is a BIG PROBLEM!!!

We develop and provide software to companies all over the world.  SONAR deleting programs wihtout having any chance to stop it is not reasonable behavior.   Such is the default.  Several programs were deleted on our and customer machines wihtout anyone understanding what was happening.

While this technology might be worthwhile, it is not made clear upon installation of Internet Security 2010 that such is going to happen.  2009 does not have this function available.

At this point we do not know that we can continue using NORTON products.  It would appear that the SONAR solution is to delete all programs and leave a PC that has nothing running on it.

Upon investigation of what SONAR was doing, it checked against a database that did not have record of our software.  Writing a new program will cause SONAR to delete it upon first execution.

To repeat, we are very unhappy.

Replies

Kudos0

Re: SONAR is deleting programs

Hi rft, welcome to the Norton Community :-)

We're sorry to hear about the problems you are experiencing with SONAR. 

Does SONAR quarantine the files? If you open your NIS product, you can restore these files from Quarantine (provided SONAR has not flagged them as high-risk items, in which case you cannot exclude them because they are removed at once) and you will be given the option to exclude the files and stop SONAR from flagging them as threats. 

Also, because this seems to be a case of false positives, please submit your files to Symantec via this form:

https://submit.symantec.com/dispute/false_positive/

Message Edited by Yaso_Kuuhl on 10-13-2009 11:06 PM
Kudos1

Re: SONAR is deleting programs

For some programs SONAR just deleted them.

To have to register every program that we write with NORTON does not seem reasonable.  We did not create this problem.

NORTON turns this malicious software on by default.  We innocently purchased NORTON Internet Security 2010 and programs started to disappear.  Why isn't this made clear during the installation and configuration process?

This is going to cost my company a lot of time and money to correct and when customers lose programs due to this it will hurt our business.  None of this ever reflects back to NORTON.

SONAR needs to be removed and re-engineered. 

Kudos0

Re: SONAR is deleting programs

You will also find that even though you exclude a program(with the hotfix installed) when you recompiled it SONAR will delete it again.  I believe that Norton is aware of this and are working on a fix.  I have the same problem with programs developed under Intel Visual Fortran.  I have sent in a file for testing some time ago, but I have no time frame when this problem will be addressed.  Maybe someone with Norton can provide this?
Kudos0

Re: SONAR is deleting programs

It's impractical to have to submit each rebuild of every application, to constantly have to un-quarantine and mark files for exclusion (that with the hot fix, still doesn't seem to be properly ignoring the file is to be excluded from future scans).

I've had to disable SONAR permanently and marked it to be ignored that it is off. My subscription ends in a few months and I am seriously considering trying something else. First the Firefox issue, now SONAR. Getting to be a real hassle.

John

Kudos3

Re: SONAR is deleting programs

Gentleman

This problem has already been reported and in the other thread I explained that when you "turn off" Sonar you are NOT disabling SOnar. You are only disabling the detection of low-certaintly threads. Sonar is still active in  detecting high-certaintly threads. The creation of an executable by various third party programes is considering by NIS as a low security thread.

At this time I suggest the only downside of disabling Advanced mode Sonar is that you will not get advised about other low-security threads besides your created executables.

Is this position acceptable or does anyone still feel uneasy?

Kudos1

Re: SONAR is deleting programs

I agree with rft and jbtran

We didn’t ask for SONAR, we didn’t buy 2010, and yet we now have it on one of our computers and it turns off and “quaratines” all of self-written applications. Tell us how we can get rid of it – we can’t run our company without those applications. Please also explain how this pest invaded our computer. To have it only partly turned off as described is NOT acceptable

Kudos2

Re: SONAR is deleting programs

We have users who are very disatisified with NORTON.  Many of the my colleagues have switched to Kaspersky.

The internal support cost of Kaspersky is trivial when compared to NORTON products. 

We currently have NORTON installed on a large number of computers internally, at our employee's homes, and at customers.  The problems created cost us money, time and possibly customers.

This SONAR bug just ruined our office administrator's computer.  It is taking me away from other tasks to get her computer back on line.  It has cost a colleague three working days to trouble shoot the problems created by this malicious software on one of our production machines.

I'd rather leave my systems "open" than install supposed security software that is worse than most of the  beasts roaming in the wild. 

Kudos0

Re: SONAR is deleting programs


jforrest wrote:

I agree with rft and jbtran

We didn’t ask for SONAR, we didn’t buy 2010, and yet we now have it on one of our computers and it turns off and “quaratines” all of self-written applications. Tell us how we can get rid of it – we can’t run our company without those applications. Please also explain how this pest invaded our computer. To have it only partly turned off as described is NOT acceptable


To completely turn off SONAR in NIS2010, you will have to remove the product.  Since you didn't buy the product or install it on your company computer, it should not matter if it is removed.  The Norton Removal Tool can be found here; you can also run the Uninstaller from the program menu group in the START menu.  Sorry for your inconvience.
Win7 x32 SP1
Kudos2

Re: SONAR is deleting programs

It is well and good to disable SONAR so that new programs do not get silently deleted.  We develop software and new programs are constantly being created and tested.

The problem that SONAR is enable by default and the new NOROTN Internet Security 2010 installation does not give any opportunity to tailor the installation.  It is enabled and does its damage before a user can even turn it off.

SONAR should never be installed or enabled by default.  User who install NIS 2010 as an upgrade/renewal get no warning and applications disappear startling rapidity.

As far as I can see SONAR is only useful for someone who uses their computer as a net appliance, i.e. email, web browsing, and simple office suites.

This is not the world that I, my colleagues and customers live in.

Kudos0

Re: SONAR is deleting programs

SONAR has been in the Norton products since the introduction of the 2009 product lines.  It is an integral part of the product and can not be separated from the rest.  SONAR is the heuristic scanning engine / process in the AV side of the Norton consumer products. 

I, as a programmer / developer, understand your frustration but since Norton is a consumer product and will be on a great many consumer systems, I make sure the developed programs work with it.

Win7 x32 SP1
Kudos0

Re: SONAR is deleting programs

These systems all had NIS 2009 installed and there were no issues.  I do not recall seeing any references to SONAR in the 2009 options.

From what you are saying NIS 2010 is a consumer, i.e. non-computer literate, no programming, scriptng or other customization of programming activites, product.  What product should one be using if one does more than email, web browse, and office suite functions?

We have been using NORTON security products for at least 10 years.

What are NORTON's intentions with respect to software engineers and other sophisticated users?

Kudos0

Re: SONAR is deleting programs

You might want to check on the Symantec Business side of the company.  Endpoint Security may be a better fit for the "industrial" type user.  SONAR may not have given you much problem in the NIS2009 version; it did me and others.  It was refered to in the Settings under Computer Scans as Advanced Heuristic Protection.

Win7 x32 SP1
Kudos1

Re: SONAR is deleting programs

rft

I am affraid that English may not be your native language and that therefore I may be misinterpreting your remarks. AFAIK SONAR causes no damage, it merely quarantines files, and you can recover those files from quarantine. In that process you can decide whether the file is to be ignored in future from SONAR. If Sonar acted immediately after installationa and before you became acquainted with the software or able to modify the configuration settings, then you have only to recover the files.

I note your comments.

It is interesting that you are looking for a security and AV product to protect your systems that are not connected to the net in any way. The vast majority of users, I suggest, of NIS are those wishing to protect themselves because they are connected to the web and that is their potential source of virus and other pests.

I am sorry I cannot help further.

[edit: Please keep post content respectful per the Participation Guidelines and Terms of Service.]

Message Edited by shannons on 10-19-2009 11:55 AM
Kudos1

Re: SONAR is deleting programs


cgoldman wrote:

rft

I am affraid that English may not be your native language and that therefore I may be misinterpreting your remarks. AFAIK SONAR causes no damage, it merely quarantines files, and you can recover those files from quarantine. In that process you can decide whether the file is to be ignored in future from SONAR. If Sonar acted immediately after installationa and before you became acquainted with the software or able to modify the configuration settings, then you have only to recover the files.

I note your comments.

It is interesting that you are looking for a security and AV product to protect your systems that are not connected to the net in any way. The vast majority of users, I suggest, of NIS are those wishing to protect themselves because they are connected to the web and that is their potential source of virus and other pests.

I am sorry I cannot help further.


I do not find your response professional.  In fact it is insulting.

I have over 40 years experience in computer systems, O/S design, and networks.  I am the CTO for my corporation and our customers include many of the Fortune 100.  I deal with IT professionals at those corporations on a daily basis.

If this is NORTON's concept of customer relationship management, we will have to eliminate all NORTON and Semantec products from our systems.

[edit: Fixed quote error.]

Message Edited by shannons on 10-19-2009 11:56 AM
Kudos0

Re: SONAR is deleting programs

I don't believe this thread should've gotten this far.

rft,

 I understand your frustration over this matter, and I agree that you should switch to a different AV suite that would suite you more than Norton does...no pun intended.

cgoldman,

I believe that a forum Guru should not make posts like the one you posted. A person of your power on this forum should never be saying such things to posters who are having problems, but that is just my opinion.

Message Edited by Maestro on 10-14-2009 02:54 PM
Kudos14

Re: SONAR is deleting programs

Hi Rft,

Firstly I would like to apologize about the SONAR-related problems you have been experiencing. The SONAR team as well as other teams at Symantec have been actively looking at various solutions. Newly created executables on developer's machines present unique challenges because of the fact that they are new and hence have low reputation. However I want to stress that just because we have not seen a file before it doesn't mean that SONAR will convict it (more on this later).

Here is a synopsis what we have been working on:

1. In the Settings pane under Exclusions/Scan Exclusions, you have the ability to enter path names you don't want the Real-time scan to scan. Currently, anything you put in this list will only be honored by the Real-time signature scanner AutoProtect, and not SONAR. We are going to change this so that any pathnames you enter here will be honored by both. This fix is tentatively scheduled to be released in the November time-frame. We are testing the fix at the moment. Software developers can use this option to exclude any folders on their development machines where they are constantly creating new binaries.

2. SONAR2 is a real-time behavioral engine. It monitors behaviors of all running processes, looking for suspicious behaviors or traits in the exe that appear similar to malware. A running process has to pass a minimum threshold of bad behaviors before it becomes a candidate for being deleted. In addition to this we also check the Quorum backend looking at the file's reputation across the entire customer base which in the case of newly created files would be not be very high.

The point here being that  just because we have no info on a file on the backend, doesn't mean it will get convicted. This is a common misconception. The process had to have exhibited malicious traits, either static e.g. its packed, or has suspicious imports etc. or dynamic behaviors e.g created a run key etc., in order for the SONAR scoring engine to convict itWe look at hundreds of such behaviors and growingWe are actively looking at the scoring algorithms in light of this issue and currently testing a new one.

3. We are looking at a change to the UI to allow customers to configure SONAR to always ask before deleting anything. Currently SONAR only prompts the user when it is not fully confident that what it has detected is in fact a threat.

Just as an FYI, Symantec like many software companies signs all binaries it releases with a code-signing Class-3 certificate from a reputable CA like VerisignDoing this has a number of advantages. We encourage other vendors to do the same. If your exe is class3 verisign signed, SONAR will not delete it.

Hope this helps.

Thanks,

Shane.

Message Edited by shane_pereira on 10-21-2009 11:46 AMMessage Edited by shane_pereira on 10-21-2009 11:47 AM
Kudos0

Re: SONAR is deleting programs

Hi:

Interestingly enough, this is similar to the problem in my thread:

http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=82237

Any ideas? The version of SONAR in NIS 2010 is a bit annoying, like the UAC deal in Vista.

TIA

Message Edited by Plankton on 10-21-2009 09:44 PM
      Plankton - MCSE, CSQE     - NIS 2009 • NIS 2010 -Windows XP • Vista • 7 • IE 8
Kudos0

Re: SONAR is deleting programs

rft

I apologize for the offence that my remark gave. It actually was not intentional. I truly believed, having regard to your posts, that I was in danger of misinterpreting your remarks.

Least of all I am not challenging your industry experience.



cgoldman wrote:

rft

I am affraid that English may not be your native language and that therefore I may be misinterpreting your remarks. ....


Kudos0

Re: SONAR is deleting programs

I have just found this thread and have the same problem - I think

A newly created 1-off executable file (a compiled web browser in development as a college project) triggers SONAR as high risk and is whisked away to quarantine whenever it is asked to run (New, Few Users, does stuff etc)

Excluding the file from normal and auto protect scans is ineffective  - but these normal 'signature' scans were not flagging it anyway .

Recovering it from quarantine has an option to ignore it in future scans but this does not stop SONAR quarantining it yet again immediately it is run.  = Incorrect behaviour from a promising looking option

The Context menu for the file in the directory provides a Norton File Insight tab where I can expressly trust the file.  The setting appears to be cleared or ineffective as SONAR again quarantines the file on the next run.

I hope I have documented this sufficiently to know if this is the general problem.  If so the issue appears to be that adequate options to resolve the issue exist but are not working as would be expected. 

In Particular if a user expressly trusts a single file with a static location and signature that should be good enough !

Is there any progress/ETA  on resolving this issue please ?

Kudos0

Re: SONAR is deleting programs

BruceA

Maybe its my reading of the msgs so far posted, but I am not sure that Symantec appreciate the problem you clearly describe. What you are saying, if I understand correctly, is that the option on recovery to ignore an exe from future Sonar does not apply to "high risk" sonar items. In that case it seems that the best thing to do is to provide to Symantec or a guru, one of the executables so they can confirm the issue. What Symantec need is a reproducable problem.

So perhaps you can create one of these executables that does very little (i.e. bring up a web page or something) but otherwise does not change the users' systems in any way.

Kudos0

Re: SONAR is deleting programs

We develop software that is used for mission critical applications at our customers.  The number of installations is small compared to retail applications.  We continually update the software, i.e. there are incremental improvements, major rewrites, and as we are forced by MICROSOFT, etc. to use their latest proprietary technologies, the "signature" of the .exe and .dll's constantly change.  For example the new INTEL compilers and MICROSOFT Visual Studio produce .exe and .dll files that are very different from the Visual Studio 6 environment, yet from an end-user prospective are identical.

Assuming that end users can be intercepted immediately after installing NORTON software utilizing SONAR to adjust settings so as to minimize problems, there is still the problem that software updates will be mistaken by SONAR and treated as high risk.

NORTON is just one of many vendors of solutions to "protect" computers from malware.  The overhead to keep ahead of SONAR is too costly.  There is not enough benefit realized to justify the extra labor and delays inherent in such.  To update customers in a real time basis will involve having cutomers either grant remote administration priviledges (we never allow such in-house and don't expect most customers to allow such) or have customers at each computer speciifically make changes to SONAR's exclusion lists.

This product is too early in its development to have been integrated into a "retail product".  SONAR should have been made available as an ALPHA test to those willing to provide feedback to NORTON and be prepared to deal with problems such software can create.

Kudos0

Re: SONAR is deleting programs

I'm having a problem simply making a BIOS update disk.

I run the .exe to create a bootdisk, but SONAR quarantines it.  I go to the quarantine, restore, exclude and re-execute and SONAR completes the exact cycle again.

The only way to run it is by disabling the feature.  If this is what has to be done every time, why bother with it in the first place?

Kudos1

Re: SONAR is deleting programs

I was developing applications on PCs more than 20 years ago.  I have used MANY versions of Symantec/Norton products since then.  I took a "Norton break" for 2 years as I felt the products were getting too large, unwieldy, and unnecessarily over-zealous in terms of quarantining applications.

I have found NIS 2010's "SONAR" the most annoying feature that I've seen a product for a LONG time!!!  There are programs that I know that are safe --- SONAR will  NOT let me run them --- it insists on DELETING/QUARANTING these programs.  I have searched and searched in the software configuration, help files, Norton web site, the Norton Community web site, etc. but it seems like SONAR cannot be controlled.  Two weeks ago, I tried contacting Support but I got a guy that could not even understand the issue --- let alone make any suggestions as to how to fix them!

Shane (Symantec Employee) said "In the Settings pane under Exclusions/Scan Exclusions, you have the ability to enter path namesyou don't want the Real-time scan to scan. Currently, anything you put in this list will only be honored by the Real-time signature scanner AutoProtect, and not SONAR."  I CAN NOT believe that Symantec would release a product where SONAR cannot be overriden by a user that wants to override it.  I cannot tolerate antivirus software that will not allow me to make my own decisions.  If I don't find a way, or if Symantec doesn't fix SONAR soon, I'm going to be demanding a refund and I'll never use another Symantec/Norton product again.

Kudos0

Re: SONAR is deleting programs

You know, the way NIS 2010 is configured, I don't even know if it's "SONAR" that's deleting certain of my application files or not.  The files are DELETED and they do not appear in the Quarantine list; they do not appear in SONAR Activity; but they appear in the Resolved Security Risks list.  And, as I said, the files are gone.  NIS 2010 gives NO way to restore these files.

I don't think I'm going to be spending much more time on this issue...  NIS 2010 is going to removed very soon...

Kudos0

Re: SONAR is deleting programs

kalahari

Can I ask if you provided an example of a file that gets deleted to a guru or Symantec employee?

Kudos0

Re: SONAR is deleting programs

cgoldman,

Yes, two weeks ago, when I tried Support, I told them about MyDefrag-v4.2.x.exe on MyDefrag Download   SONAR always quarantines the installer program  -- I have to deactivate SONAR for 15 minutes to get it to run every time there a new version!  MyDefrag is a safe defragger program so I don't know why SONAR makes me jumps through those hoops every time there's a new version of the program!  And it's just the installer that SONAR dislikes -- it has no problem with the installed application.  I actually found a NIS 2010 Patch on this forum which I applied yesterday which now allows me to specify that SONAR should allow that installer to run but I'll have to do it every time a new version is released.

One example that I'm having now, and I have sent each applicable app to Symantec for evaluation, is the set of utilities from NirSoft Utilities I have done a lot of investigation and everything indicates that this set of utilities is safe (it's similar to MS's SysInternals).  SONAR (and it is SONAR -- I had cleared the log at some point) says that some of the utilties have Hacktool, ProduKey,or AsteriskLogger.  SONAR immediately deletes them.  I have tried putting the apps into directory for "Scan Exclusions" but, as covered already, that doesn't stop SONAR -- it ignores the "Scan Exclusions" directories.

Message Edited by kalahari on 11-01-2009 06:17 AM
Kudos0

Re: SONAR is deleting programs

kalahari,

Did you try submitting the files SONAR quarantines and which you regard as false positives to Symantec over here?

https://submit.symantec.com/dispute/false_positive/

Kudos0

Re: SONAR is deleting programs

Yaso_Kuuhl,

No, I had not submitted them to Symantec using that form.  I had submitted them to Symantec through the option in NIS 2010 that allows submission to Symantec.

That being said, I have just used this form https://submit.symantec.com/dispute/false_positive/  nine times to report all those (what I think are) false-positives again.  :)

So, as you can see, I do try to supply all the necessary info.

Kudos1

Re: SONAR is deleting programs

Gosh I love the way these posts bounce round and round getting foggier and foggier.

There is a whole lot of missdirection here and we will never get it fixed if we don't get the issue clear:

Sending a 'false positive file' is in some ways a red herring.  The SONAR issue we are trying to discuss is that:

  • A file appears on the PC that is both New and Not often/ever found.   It can be saved to disk
  • It does not have a virus signature match so it is not a false positive.  It passes normal quick/ autoscans etc
  • It does however do something 'bad' when run  e.g Web browser that dares to contact the internet
  • SONAR at least quarantines it without choice or discusssion  - also reported to Delete if it is even 'badder'
  • Restoring the file and using the UI proposal to not scan it again restores but does not stop SONAR quarantining again next time

The issue therefore is that SONAR is doing what it was designed to do.  However its options to customise reactions or omit files in advance/subsequently are either absent or not currently working as expected.  I can't send you a file for copyright reasons but just believe that it is possible to compile and save to disk a safe file that does not match a virus signature but when run does look new, rare and web active.  The questions to Symantec :

1) how /are you going to allow people who make/use such files to create / use /work on them while enjoying NIS protection

2) how /are you going to allow other 'normal' people who want to receive / install /use such files to do so (manually or ideally as part of an installer script)

Hoping this is now clearer :-)

Kudos0

Re: SONAR is deleting programs

I got some other issues with NIS10, so I decided to revert to NIS09.

May I suggest some of you revert to NIS09 temporarily until your problem is fixed?

Kudos0

Re: SONAR is deleting programs

Good idea you have (sorta).  I'm going with a variation.  I'm going to remove NIS 2010 and use Microsoft Security Essentials instead.  I'll try NIS 2010 again at a future date once some fixes have been released.

Cheers.

Kudos2

Re: SONAR is deleting programs

I just want to add my two cents.  I think the exclusion process is getting to complex with three different areas that one has to handle:  scan exclusions, AP exclusions, and signature exclusion.  One should not have to tweak a number of things to make an exclusion work.

As far as the original issue with SONAR, like everything Symantec's defaults should protect ignorant PC users, but the controls should be provided that the product may be configured in any manner the user desires if they are willing to accept the consequences.

Kudos0

Re: SONAR is deleting programs

Kalahari

Actually if you take the download zip astlog.zip, and scan it with NIS it contains AsteriskLogger and is quarantined. AsterosskLogger is  the Type: a potentially unwanted application. If you look this up on the Symantec site it says "Once executed, the potentially unwanted application can reveal the passwords concealed behind the asterisks in standard password text boxes".

You are installing an application that has a security risk because clearly it reveals passwords that are not intended to be revealed.

It is nothing like Sysinternals. It is "safe" only because you are installing it and running it and no doubt revealing your own passwords, but it is not "safe" from a community point of view because Norton has to rightly assume that someone is loading this application on your PC with a view to stealing your passwords.

In short, the responses you are getting from Norton are entirely correct and proper. I have restored the executable and find no Sonar activity.

Kudos0

Re: SONAR is deleting programs

cgoldman,

I appreciate you trying to help.  I have uninstalled NIS 2010 and installed MS Security Essentials (as I said I was going to do).

I am not attempting to run all of the NirSoft utilities.  I am installing a "launcher program" which, by default, installs all the NirSoft utilities --- that's why I was encountering issues with NirSoft utilities.

AsteriskLogger, the example that you gave, is not a utility that I plan to use.  I am well aware of the capabilities of some of these utilities.  My comments have all been about the frustrations that NIS gave me because of false positives (e.g. MyDefrag) and not giving me (a very experienced PC user) the ability to override the various protections that NIS is providing.  Also, (1) some parts of NIS do not work (e.g. where you tell SONAR to ignore a particular threat in the future) and (2) the NIS user interface needs a LOT of work -- one can hardly figure out what to configure where.

When I installed MS Security Essentials today, it gave me a serious warning about AsteriskLogger --- it did not just delete it without giving me any choice in the matter.  I chose not to install it.  That's the way NIS should work.  Also, MS Security Essentials did not erroneously flag a whole of the other NirSoft utilities and just delete them.

Message Edited by kalahari on 11-01-2009 11:05 AMMessage Edited by kalahari on 11-01-2009 11:07 AM
Kudos1

Re: SONAR is deleting programs

There are programs that are and will never be a security issue that SONAR is deleting.  Example, every program compiled with Intel Visual Fortran is flagged and deleted by SONAR.  IMHO Norton has a very bad piece of code in SONAR that needs to be either corrected or deleted.

Kudos1

Re: SONAR is deleting programs

I will tell you something else that makes this whole thing more complex than it needs to be.  Scan results history and quarantine includes flagged files from email attachments as well as local files.

Unfortunately, my PC is bombarded daily with virus attachments.  Thus, a review of scan results and/or quarantine has such a low signal to noise ratio that these informational displays are practically useless.  Email results need to be split off from local storage results.
Kudos1

Re: SONAR is deleting programs

Will someone from Norton please tell us that this is being sorted.  There is such a lot of detailled feedback on how/why to address this being provided that I cannot believe that this is still being given a 'by design' tag or diverted into the 'endless what is malware loop'..

Presumably it will get taken seriously once it hits PC-Pro etc.

Amusing thought - Norton 2050 robo-home guard dog. 

FAQ

My Robo-Dog Attacks harmless visitors because it hasn't seen them before and they are carrying potentially dangerous baggage like fireworks and cigarette lighters.    Then attacks then them next week after being given their ID and details because their hair has grown and they are wearing different coat.  Some visitors just disappear completely while others can be retrieved from the dogKennel

Resolution

This behaviour is by design.  Please do not allow visitors to your home who have not already somehow survived a visit to all the other homes down your street.  If you have such visitors please consider reverting to Guard-dog 2009 (The living learning canine variety)

Ok, time for my sleep :-)

Kudos1

Re: SONAR is deleting programs

BruceA,

Thanks for the humorous analogy.

Kudos0

Re: SONAR is deleting programs

Kalahari

Sorry you have dropped NIS 2010. There is no point me trying to assist further then. I took AsteriskLogger because I chose it at random from the list you gave. I do not see an issue yet with which I would get involved.I would be happy to champion an issue if I felt there was one. For example I do not yet see that Sonar is not working as designed.

Kudos0

Re: SONAR is deleting programs

Easternokie

I do not doubt that Sonar is deleted your programs. However, can you confirm that when you turn off Sonar Advanced Mode that the problem does not arise? Can you also please confirm that when you recover the file that is quarantined that Sonar does not attempt a 2nd or subsequent time to delete it, on the presumption that you take that option during recovery?

Lastly, although this exercise of recovery is annoying, do you agree that this is a workaround at this time?

thank you

Kudos0

Re: SONAR is deleting programs

Hi kalahari

Please clarify your experience with MSE for me... you wrote: When I installed MS Security Essentials today, it gave me a serious warning about AsteriskLogger --- it did not just delete it without giving me any choice in the matter.  I chose not to install it.


Do you know at what stage of the potential download / install of AsteriskLogger that MSE offered you the serious warning.   Did MSE permit the download and then from quarantine offer you the option not to install.  Since you wrote "it did not just delete it [...]" ....that sounds like AsteriskLogger was resident on your System somewhere waiting for you to act on the warning.   Maybe you feel SONAR is acting in haste or too aggressively.  Maybe it is...but, the alternative to allow potential malware to download and be quarantined to be removed at your request is reasonable only if all malware could be easily / completely / cleaned / removed from quarantine.   As you know not all malware goes quietly into the night.  I respectfully offer this info Here

I do not disagree with your assessment of SONAR.  I respectfully suggest Protecting the PC against Malware infection in the first place is always better than subsequently attempting to clean up the chaos created by an infection.

Regards

bjm_

NIS21.5 VistaSP2 FF32 IE9 Compaq A931NR
Kudos0

Re: SONAR is deleting programs

bjm_

Sorry, don't remember the exact sequence and have been unable to recreate -- maybe the MS product is remembering my earlier selections somewhere so I can't get the errors for this particular app to pop up again.  I think it quarantined AsteriskLogger and I could remove it from quarantine if I really wanted to.

AsteriskLogger (and all the rest of the NirSoft utilities) were in a single zip file that I had downloaded from NirSoft while NIS 2010 was installed and running.  So NIS 2010 allowed the download of the zip file with all of these utilities.  It subsequently declared them (after unzipping) to be Security Risks and then deleted them. (BTW, we are giving way too much attention to AsteriskLogger. That has the potential of mischief; I was concerned about others that were not for retrieving passwords but NIS said had "Hacktool".)

I think I should leave this thread for the original poster.  It was not my intention to hijack it.

Message Edited by kalahari on 11-01-2009 04:36 PM
Kudos0

Re: SONAR is deleting programs

SONAR deletes it only every time it is recompiled.   I have sent in a sample several months ago, never a reply from Norton.
Kudos0

Re: SONAR is deleting programs

Sonar is a big headache for those who are not tech savy and indeed I find the problem of deleting files that we hve asked to be restored reoccurring again and again ! Hope Norton/Symnatec can look into it!

Kudos0

Re: SONAR is deleting programs

Hi kalahari et al,

Thank you for your reply and additional comments.  The time between posts and your reply has forced me to re-think my perceptions.   I'm sure all user's desire a better mouse trap.  A better mouse trap always breeds a smarter mouse.   The focus to trap the smarter mouse has evolved out of necessity to a focus on blocking the smarter mouse from getting anywhere near the mouse trap.   To that end... Norton built a mouse trap with Quorum ~ Download Insight ~ Intrusion Prevention System ~ Norton Safe Web and SONAR 2.    Does this new & improved mouser need some tweaking.  Yes!   To that end...I have to believe the Norton's mouser will be tweak'd.  Will the tweak'd Norton mouser meet user expectations.  Time will tell.  For now I offer this mouser guide for your viewing pleasure.

Regards to all,

bjm_ 

NIS21.5 VistaSP2 FF32 IE9 Compaq A931NR
Kudos0

Re: SONAR is deleting programs

KLMystic,

You said "Sonar is a big headache for those that are not tech savvy..."   I'm saying it's a problem for tech savvy people like me :)  The deleting of files (or the quarantining of files) without the ability to override is a problem though.

bjm_,

Thanks for your response.  I have done some more thinking today too.  This morning, I uninstalled NIS 2010 and installed MS's product.  I have now uninstalled MS's product and re-installed NIS 2010.  If there is so much support for the NIS product on this forum, I think that it may make it worth working through my percieved "issues and problems" with it.

I will definitely take a look at the mouser guide that you provided a link too.  Thanks

Kudos1

Re: SONAR is deleting programs

Hello kalahari

Wow!  You had a busy day.  Thought we lost ya....Happy to hear your back (for now).   This Forum is really special ... you are a valued tech savvy member of the Community.   Remember, it's not just a Security product... it's an adventure.

The Forum has extended hours....we never close!   

Thanks and regards

bjm_

NIS21.5 VistaSP2 FF32 IE9 Compaq A931NR
Kudos0

Re: SONAR is deleting programs


bjm_ wrote:

Hello kalahari

Wow!  You had a busy day.  Thought we lost ya....Happy to hear your back (for now).   This Forum is really special ... you are a valued tech savvy member of the Community.   Remember, it's not just a Security product... it's an adventure.

The Forum has extended hours....we never close!   

Thanks and regards

bjm_


bjm_,

With a spiel like that, you ought to be getting paid!!

Kudos0

Re: SONAR is deleting programs


Brubaker wrote:

bjm_ wrote:

Hello kalahari

Wow!  You had a busy day.  Thought we lost ya....Happy to hear your back (for now).   This Forum is really special ... you are a valued tech savvy member of the Community.   Remember, it's not just a Security product... it's an adventure.

The Forum has extended hours....we never close!   

Thanks and regards

bjm_


bjm_,

With a spiel like that, you ought to be getting paid!!


ROFL

Kudos1

Re: SONAR is deleting programs

Just out of curiousity, I tried MyD & Astlog on NIS09.

With NIS09 on default settings, I downloaded MyDefrag-v4.2.5.exe without problem, installed without problem, executed without problem.

With NIS09 on default, I managed to download astlog.zip.  Upon unzipping, autoprotect removed the .exe (not recoverable from quarantine) and two other files, leaving an empty astlog folder.  Upon scanning astlog.zip, the .exe was removed from the zip.

With NIS09 Sonar Advanced Protection off, autoprotect still removed the .exe from the zip file, and also removed everything from the extracted folder.

Only when I had added "AsteriskLogger" into Signature Exclusions, did NIS09 let me extract without removal, and scan without threat detected.  The only thing I did not do is to try to execute the program.

Apparently, Symantec categorized this as "Potentially Unwanted App" here:

http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2009-090120-4032-99 

I think this is not a FP but a concern from a security point of view (that's why it is labelled "potentially unwanted").  If you let your friends use your computer, you can recover their passwords for whatsoever intentions you might have.  Nirsoft and other program developers might have good intentions, but it is like a knife, you can use it for good, and you can use it for bad.

I'm sure I'd like Norton to ask me: "This is a Potentially Unwanted App.  Do you want to continue...?  Click here for more info..."

Message Edited by cilixz on 11-02-2009 01:24 PM

Replies are locked for this thread.