topic NIS 2010 Annoyances in Norton Internet Security / Norton AntiVirus

NIS 2010 Annoyances

secc — Wed, 04 Aug 2010 18:20:24 GMT

Hi all, I have Norton Internet Security 2010 installed and would dearly love somebody to give me a solution to my problem. I work on a lot of business networks and obviously need to keep some 'suspect' applications like password resetters etc etc on my system. The problem is that Norton seems to think its OK to remove my files WITHOUT asking first!!!! I have added certain folders for Norton to ignore which have my 'special' apps in but as i buy new apps on a regular basis its rather TEDIOUS continually adding these folders to the ignore list. Once Norton 'detects' a file - IT makes the decision to remove/quarantine it etc - NO, NO, NO, NO, NO - MY SYSTEM - I DECIDE!

I am left with a box (action required) that pops up at each restart with some files that norton doesn't like but there is no option to 'restore and ignore', just 'fix' but i DON'T WANT NORTON TO FIX THEM - just leave them alone!!!

I was on to their 'tech support' but unfortunately the guy i got onto was typical 'IT Support' - i knew more than he did about HIS own product LOL so that was a waste of time. Is there a way to hack Norton to ALWAYS ALWAYS ALWAYS offer the restore and ignore option? There are 5 files in the 'action required' box at the moment that either offer the 'fix' option or 'delete' option - Neither of which i want to do. Why doesn't Norton realise SOME people actually have a clue what they are doing and have an 'advanced user'/admin level where we can change these rediculous settings at our own risk?

Secc

Re: NIS 2010 Annoyances

AllenM — Thu, 05 Aug 2010 03:55:50 GMT

Hi Secc,

Welcome to the Norton Community. What version of NIS 2010 do you have from Help & Support > About? What OS and SP level do you have and is it 32 or 64 bit?

It sounds like these files are probably being detected by Sonar and not a regular scan. To confirm, from the main NIS window click on Quarantine. If any files are currently being held in Quarantine they will be shown here. It will also tell you whether Sonar or something else detected the file. At that point you can restore the file by clicking on Options near the top right hand corner of the screen. One of the options is to restore this file and after clicking that you will have an option to exclude this file from future Sonar actions.

A little about how Sonar works. Sonar is a behavioral based detection and it has two types of detections, LOW and HIGH risk. Low risk detections will always quarantine the file where you have a chance to restore and exclude from future actions. HIGH risk items will be outright deleted from your system and not quarantined.

Low risk items can either be restored from Quarantine and excluded or pre-emptively excluded by clicking on Computer Settings > Exclusions > Scan Exclusions. These files should be added to both the Scan exclusions and Real Time Protections Exclusions so that they will be honored for both scans and Sonar respectively.

Any files which NIS alerts on, be it from scans or Sonar should be submitted to Symantec as a False Positive so that they can make adjustments in their definitions to prevent this from happening in the future.

Please submit the files to Symantec at the following location:

https://submit.symantec.com/dispute/false_positive/

You might also find this thread of interest.

Now on to the subject that I think you really want to know which is how to tell NIS to always ask you by default before quarantining.

From the main NIS window, click on Computer Settings > Low Risks and set to Ask Me. Also in Computer Settings > Real Time Protection > SONAR Advanced Mode, set to OFF.

Please note that the Sonar setting only affects LOW risk detections. Any HIGH risk detection will still result in the file being removed.

If you are really sure you want to do this, this should solve the problem for you.

Hope this helps.

Best wishes.

Allen

Re: NIS 2010 Annoyances

AllenM — Thu, 05 Aug 2010 14:28:36 GMT

Hi Secc,

I forgot to mention that you can also turn off Sonar mode in Computer Settings > Real Time Protection > Sonar Protection, set to Off.

As before this only applies to low risk detections. High risk detections will continue to be detected and removed from your system.

Hope this helps.

Best wishes.

Allen

Re: NIS 2010 Annoyances

huwyngr — Thu, 05 Aug 2010 15:54:28 GMT

Allen,

I've encountered the problem described for example when I needed a password uncoder for a legitimate purpose on my own computer -- to check a Compuserve Forum log in password. In my case it was a boot disk file that I downloaded and like the user it was immediately deleted on the next scan (This was probably before SONAR came in).

Am I right that it cannot be dealt with by exclusions and while it could be prtoected from deletion from the drive if you put it inside a zip archive and turned ON Do not check inside compressed archives I suspect it would be deleted the moment one extracted it?

There really should be the ability for a user to enable Ask Me if that is what they need and are prepared to live with.

Just my 2¢ ...

Hugh

Re: NIS 2010 Annoyances

secc — Thu, 05 Aug 2010 19:45:47 GMT

Hey Allen, Thanks so much for your reply, i appreciate it. I actually would like to have the full protection enabled for obvious reasons but have the ability to always be asked BEFORE norton takes any action and if Norton does do something then why isn't there an option to ALWAYS restore and ignore?

To me at least this makes sense - i know what i download. For example, if i buy a new password app and i know Norton will not like it. On the other hand if i download say an MP3 which has a virus in the zip file then i want Norton to do its thing - the issue for me is the ability to always have an option to restore and exclude. With the above examples i would obviously restore and exclude the password resetting app but NOT the MP3 - i know what the password app is and accept what it does but the MP3 on the other hand i am happy that Norton protects me from a hidden virus within the zip file etc.

It seems that Norton is trying to 'baby' me by not offering the option, its either delete or fix, neither option i want to do. It seems such a simple thing to implement in their code, i'm willing to accept the consequences on my machines if i get it wrong.

I have used Norton on my home machines for about 10 years now, i recommend it to friends,family and my clients but this issue is really starting to annoy me so much that once my subscription is over i WILL be looking at alternative produts that don't treat me like an idiot! Symantec will be losing a long-standing customer because of one simple tweak to their application, what a shame.

Secc

Re: NIS 2010 Annoyances

DaveH — Thu, 05 Aug 2010 21:19:52 GMT

AllenM wrote:
Hi Secc,

I forgot to mention that you can also turn off Sonar mode in Computer Settings > Real Time Protection > Sonar Protection, set to Off.

As before this only applies to low risk detections. High risk detections will continue to be detected and removed from your system.

Hope this helps.

Best wishes.
Allen

Does this not completly turn off Sonar?

http://a.imageshack.us/img215/7505/sonaroff.jpg

I was faced with the same problem and constant battle with sonar.

It left me with 3 choices:

1) Do as Norton wants and get rid of these tools

2) Get rid of Norton

3) Turn off Sonar

Ironic that a security company like symantec would force someone to be "less secure" by not allowing the owner of the system (me) to decide what I want to keep on my system.

Dave

Re: NIS 2010 Annoyances

secc — Thu, 05 Aug 2010 21:28:54 GMT

Hey DaveH, looks like i'm not the only one with this problem. I totally agree with you that a security companies 'solution' to fix this problem is to make the security product less secure! Now thats funny!!!! I actually want total protection but also control over my own pc files.

I actually emailed Symantec a couple of times about this the last time i renewed my subscription and guess what........ several months later still no reply. I totally trust Norton products and its a shame that such a simple user request cannot be implemented to keep valued, long-standing customers happy. if they allow me access to their code, i'll write the feature in for them LOL!

Secc

Re: NIS 2010 Annoyances

DaveH — Thu, 05 Aug 2010 21:51:12 GMT

I turned it off and I'm waiting for 2011 to come out of beta, it's a little more customizable for sonar options. I have it on a test box but I don't think I tried some of these tools on it yet.

I'll give you an example of a problem I had that is just simply wrong.

I have (or had) a tool I use that will unmask passwords that are hidden by ******

I actually paid for this tool a long time ago, I used it enough to justify the cost (I think it was $29.95)

On my system at home I needed to find my router password a few days ago and I found this tool was gone. In my program menu was a non-working shortcut with no icon.

I looked in the NIS quarentine and it was not there, so it must have been sonar, right?

Before I installed NIS on that system I did a full image, since it was still in my image and no longer on my system it had to have been NIS and it had to have been sonar since I did not have the option to ignore, exclude, or restore it.

So I pulled it out of my image and now it only works in trial mode. Way back when I bought the thing I was using windows 98 and a different ISP and email address.

I can't find any of my old backups from then so I can't find the serial number for the program.

Sonar lost me good money, I'm sorry but there is no excuse for that!

Granted, I know that such a tool can be considered a "hacking" tool. people could use it for bad purposes but I bought the tool and use it because it was helpful to me. It's my system after all and if someone had phsical access to it they could have everything anyway.

What reason does Symantec use to justify permanently deleting stuff without user intervention?

Why is it that I could have a worm in something that could infect thousands of systems, or a nasy rootkit and those would be rightfully blocked and quarantined but my password recovery tool that I paid for is forever deleted?

Why can I restore a bad virus but not a tool that has legitamate uses?

Dave

Re: NIS 2010 Annoyances

AllenM — Fri, 06 Aug 2010 04:15:01 GMT

Hi Secc and Dave,

Dave, regarding being able to turn Sonar off, no as I understand it detection for high risk threats cannot be completely turned off nor does it appear that Secc wants to do that, do you? I have not had occasion to test this myself. High risk threats are considered an immediate threat to your computer.

Secc, you might want to take a look at the following post by a Symantec employee.

http://community.norton.com/t5/Norton-Internet-Security-Norton/SONAR-is-deleting-programs/m-p/163495/highlight/true#M82286

I would also encourage submitting any ideas you all have to the Norton Ideas Forum at the following location.

http://community.norton.com/t5/Norton-Internet-Security-Norton/idb-p/NIS_Suggestions

Symantec does listen to feedback from customers. Many of the features in the Norton products came from ideas submitted by customers so again I highly encourage doing this.

Best wishes.

Allen

Re: NIS 2010 Annoyances

DaveH — Fri, 06 Aug 2010 05:58:41 GMT

Thanks my friend.

I assumed it turned it off because it says "Sonar Protection ON-OFF" I was thinking "off" meant off.

But I guess "Sonar Protection OFF" really means "sonar protection for low risk items that you could restore and exclude is off"

I got it now, clear as mud.

But if you think that through, it really doesn't make sense. Why turn if off only for items that you can easily exclude?

Dave

btw- I'm not trying to cause a stink or anything and I don't want to seem like I'm complaining about loosing a program.

I just wanted to comment on this thread that I agree with Secc and tried to offer an option that may or may not work.