|
|
|
|
|
Norton Community :
Norton Users Discussion Forum :
Norton Internet Security / Norton AntiVirus :
Re: SONAR is deleting programs
|
|
|
|
|
|
|
|
|
Re: SONAR is deleting programs
|
|
dbrisendine 
Rootkit Eradicator
Posts: 3802
Registered: 10-06-2008
Message 11 of 59
Viewed 1,980 times
|
|
|
SONAR has been in the Norton products since the introduction of the 2009 product lines. It is an integral part of the product and can not be separated from the rest. SONAR is the heuristic scanning engine / process in the AV side of the Norton consumer products. I, as a programmer / developer, understand your frustration but since Norton is a consumer product and will be on a great many consumer systems, I make sure the developed programs work with it.
|
|
|
|
10-14-2009 08:29 AM
|
|
|
|
|
|
|
Re: SONAR is deleting programs
|
|
rft
Visitor
Posts: 8
Registered: 05-20-2009
Message 12 of 59
Viewed 1,974 times
|
|
|
These systems all had NIS 2009 installed and there were no issues. I do not recall seeing any references to SONAR in the 2009 options. From what you are saying NIS 2010 is a consumer, i.e. non-computer literate, no programming, scriptng or other customization of programming activites, product. What product should one be using if one does more than email, web browse, and office suite functions? We have been using NORTON security products for at least 10 years. What are NORTON's intentions with respect to software engineers and other sophisticated users?
|
|
|
|
10-14-2009 09:07 AM
|
|
|
|
|
|
|
Re: SONAR is deleting programs
|
|
dbrisendine
Rootkit Eradicator
Posts: 3802
Registered: 10-06-2008
Message 13 of 59
Viewed 1,967 times
|
|
|
You might want to check on the Symantec Business side of the company. Endpoint Security may be a better fit for the "industrial" type user. SONAR may not have given you much problem in the NIS2009 version; it did me and others. It was refered to in the Settings under Computer Scans as Advanced Heuristic Protection. 
|
|
|
|
10-14-2009 09:19 AM
|
|
|
|
|
|
|
Re: SONAR is deleting programs
[ Edited ]
|
|
cgoldman
Super Spam Squasher
Posts: 1067
Registered: 06-25-2008
Message 14 of 59
Viewed 1,964 times
|
|
|
rft I am affraid that English may not be your native language and that therefore I may be misinterpreting your remarks. AFAIK SONAR causes no damage, it merely quarantines files, and you can recover those files from quarantine. In that process you can decide whether the file is to be ignored in future from SONAR. If Sonar acted immediately after installationa and before you became acquainted with the software or able to modify the configuration settings, then you have only to recover the files. I note your comments. It is interesting that you are looking for a security and AV product to protect your systems that are not connected to the net in any way. The vast majority of users, I suggest, of NIS are those wishing to protect themselves because they are connected to the web and that is their potential source of virus and other pests. I am sorry I cannot help further. [edit: Please keep post content respectful per the Participation Guidelines and Terms of Service.] Message Edited by shannons on 10-19-2009 11:55 AM
|
|
|
|
10-14-2009 09:27 AM
|
|
|
|
|
|
|
Re: SONAR is deleting programs
[ Edited ]
|
|
rft
Visitor
Posts: 8
Registered: 05-20-2009
Message 15 of 59
Viewed 1,946 times
|
|
cgoldman wrote:
rft I am affraid that English may not be your native language and that therefore I may be misinterpreting your remarks. AFAIK SONAR causes no damage, it merely quarantines files, and you can recover those files from quarantine. In that process you can decide whether the file is to be ignored in future from SONAR. If Sonar acted immediately after installationa and before you became acquainted with the software or able to modify the configuration settings, then you have only to recover the files. I note your comments. It is interesting that you are looking for a security and AV product to protect your systems that are not connected to the net in any way. The vast majority of users, I suggest, of NIS are those wishing to protect themselves because they are connected to the web and that is their potential source of virus and other pests. I am sorry I cannot help further.
I do not find your response professional. In fact it is insulting. I have over 40 years experience in computer systems, O/S design, and networks. I am the CTO for my corporation and our customers include many of the Fortune 100. I deal with IT professionals at those corporations on a daily basis. If this is NORTON's concept of customer relationship management, we will have to eliminate all NORTON and Semantec products from our systems. [edit: Fixed quote error.] Message Edited by shannons on 10-19-2009 11:56 AM
|
|
|
|
10-14-2009 09:56 AM
|
|
|
|
|
|
|
Re: SONAR is deleting programs
[ Edited ]
|
|
Maestro
Newbie
Posts: 1
Registered: 10-14-2009
Message 16 of 59
Viewed 1,904 times
|
|
|
I don't believe this thread should've gotten this far. rft, I understand your frustration over this matter, and I agree that you should switch to a different AV suite that would suite you more than Norton does...no pun intended. cgoldman, I believe that a forum Guru should not make posts like the one you posted. A person of your power on this forum should never be saying such things to posters who are having problems, but that is just my opinion. Message Edited by Maestro on 10-14-2009 02:54 PM
|
|
|
|
10-14-2009 02:51 PM
|
|
|
|
|
|
|
Re: SONAR is deleting programs
[ Edited ]
|
|
 shane_pereira
Symantec Employee
Posts: 58
Registered: 04-13-2008
Message 17 of 59
Viewed 1,717 times
|
|
|
Hi Rft, Firstly I would like to apologize about the SONAR-related problems you have been experiencing. The SONAR team as well as other teams at Symantec have been actively looking at various solutions. Newly created executables on developer's machines present unique challenges because of the fact that they are new and hence have low reputation. However I want to stress that just because we have not seen a file before it doesn't mean that SONAR will convict it (more on this later). Here is a synopsis what we have been working on: 1. In the Settings pane under Exclusions/Scan Exclusions, you have the ability to enter path names you don't want the Real-time scan to scan. Currently, anything you put in this list will only be honored by the Real-time signature scanner AutoProtect, and not SONAR. We are going to change this so that any pathnames you enter here will be honored by both. This fix is tentatively scheduled to be released in the November time-frame. We are testing the fix at the moment. Software developers can use this option to exclude any folders on their development machines where they are constantly creating new binaries. 2. SONAR2 is a real-time behavioral engine. It monitors behaviors of all running processes, looking for suspicious behaviors or traits in the exe that appear similar to malware. A running process has to pass a minimum threshold of bad behaviors before it becomes a candidate for being deleted. In addition to this we also check the Quorum backend looking at the file's reputation across the entire customer base which in the case of newly created files would be not be very high. The point here being that just because we have no info on a file on the backend, doesn't mean it will get convicted. This is a common misconception. The process had to have exhibited malicious traits, either static e.g. its packed, or has suspicious imports etc. or dynamic behaviors e.g created a run key etc., in order for the SONAR scoring engine to convict it. We look at hundreds of such behaviors and growing. We are actively looking at the scoring algorithms in light of this issue and currently testing a new one. 3. We are looking at a change to the UI to allow customers to configure SONAR to always ask before deleting anything. Currently SONAR only prompts the user when it is not fully confident that what it has detected is in fact a threat. Just as an FYI, Symantec like many software companies signs all binaries it releases with a code-signing Class-3 certificate from a reputable CA like Verisign. Doing this has a number of advantages. We encourage other vendors to do the same. If your exe is class3 verisign signed, SONAR will not delete it. Hope this helps. Thanks, Shane. Message Edited by shane_pereira on 10-21-2009 11:46 AM Message Edited by shane_pereira on 10-21-2009 11:47 AM
|
|
|
|
10-21-2009 11:42 AM
|
|
|
|
|
|
|
|
|
Re: SONAR is deleting programs
|
|
cgoldman
Super Spam Squasher
Posts: 1067
Registered: 06-25-2008
Message 19 of 59
Viewed 1,628 times
|
|
rft I apologize for the offence that my remark gave. It actually was not intentional. I truly believed, having regard to your posts, that I was in danger of misinterpreting your remarks. Least of all I am not challenging your industry experience.
cgoldman wrote:
rft I am affraid that English may not be your native language and that therefore I may be misinterpreting your remarks. ....
|
|
|
|
10-21-2009 08:18 PM
|
|
|
|
|
|
|
Re: SONAR is deleting programs
|
|
BruceA
Visitor
Posts: 3
Registered: 10-28-2009
Message 20 of 59
Viewed 1,120 times
|
|
|
I have just found this thread and have the same problem - I think A newly created 1-off executable file (a compiled web browser in development as a college project) triggers SONAR as high risk and is whisked away to quarantine whenever it is asked to run (New, Few Users, does stuff etc) Excluding the file from normal and auto protect scans is ineffective - but these normal 'signature' scans were not flagging it anyway . Recovering it from quarantine has an option to ignore it in future scans but this does not stop SONAR quarantining it yet again immediately it is run. = Incorrect behaviour from a promising looking option The Context menu for the file in the directory provides a Norton File Insight tab where I can expressly trust the file. The setting appears to be cleared or ineffective as SONAR again quarantines the file on the next run. I hope I have documented this sufficiently to know if this is the general problem. If so the issue appears to be that adequate options to resolve the issue exist but are not working as would be expected. In Particular if a user expressly trusts a single file with a static location and signature that should be good enough ! Is there any progress/ETA on resolving this issue please ?
|
|
|
|
10-28-2009 03:05 AM
|
|
|
|
|
|
|
|
|
|
|
