topic Re: Harmless Risk...???? in Norton Internet Security / Norton AntiVirus

Harmless Risk...????

Shridhar — Sun, 19 Oct 2008 09:38:40 GMT

I have a disc which contains two risks ,which were detected by SONAR.

Currently I have NIS 2009.Before having NIS 2009 I used to install the disc without any threat notice shown by Norton,and even when I did not have Norton.

Now, I don't disagree that the files are risks or Viruses

the fact is, if they are security threats ,why they did not cause any trouble(it may be smaller or bigger)to my system ?

My system was working perfectly in above discussed cases also without showing any sign of misbehaviour or slowdowns.

I trust Norton hence I don't believe so..........but are they False Positives ?

Re: Harmless Risk...????

Floating_Red — Sun, 19 Oct 2008 11:09:47 GMT

Send the Files to symantec Security Response: https://submit.symantec.com/websubmit/retail.cgi.

Re: Harmless Risk...????

johna — Sun, 19 Oct 2008 11:44:26 GMT

Hi Shirdhar

If the risks are detected by SONAR, but are not in the Symantec Virus Definition base, then possibly they are benign.

As Floating_Red suggests, I would ask you submit the files to Symantec Security Response for analysis.

Can you let us know the results, thanks.

Edit: As an exercise, can you upload the files to Virus Total, and let us know if other vendors are picking them up as security risks, thanks.

Message Edited by johna on 10-19-2008 09:44 PM

Re: Harmless Risk...????

Floating_Red — Sun, 19 Oct 2008 11:44:26 GMT

johna wrote:
If the risks are detected by SONAR, but are not in the Symantec Virus Definition base, then possibly they are benign.

As Floating_Red suggests, I would ask you submit the files to Symantec Security Response for analysis.

Can you let us know the results, thanks.
Message Edited by johna on 10-19-2008 09:38 PM

Thanks for Editing your Message; now he has got two people "asking" the Thread-Starter to Submit the Files to s.S.R.. :smileysurprised:

Can you tell us what your Advanced Heuristic Protection is on, which can be located in the Computer Settings.

Re: Harmless Risk...????

johna — Sun, 19 Oct 2008 11:49:51 GMT

Thanks Floating_Red

Will be interesting to see what Virus Total comes up with.

John

Message Edited by johna on 10-19-2008 09:49 PM

Re: Harmless Risk...????

Shridhar — Sun, 19 Oct 2008 13:08:37 GMT

Floating_Red wrote:

Can you tell us what your Advanced Heuristic Protection is on, which can be located in the Computer Settings.

Hello Floating_Red

I have got Advanced Heuristic Protection as Aggresive .Every security option that Norton has got under Settings option is HIGH on my computer.

Re: Harmless Risk...????

Dieselman743 — Sun, 19 Oct 2008 13:10:42 GMT

Aggressive can give you FP's but it has not for me. I would rather have FP's then be less secure.

Re: Harmless Risk...????

johna — Sun, 19 Oct 2008 13:25:07 GMT

Hi Shridhar

Actually, as far as I know, aggressive heuristics only applies to scans and auto protect, not SONAR.

Did you upload the files to Virus Total?

Thanks.

Message Edited by johna on 10-19-2008 11:25 PM

Re: Harmless Risk...????

Shridhar — Sun, 19 Oct 2008 13:27:17 GMT

I will be applying it shortly and i'll let you know what happens andi've submitted it to Symantec as you said.

Re: Harmless Risk...????

Tech0utsider — Sun, 19 Oct 2008 13:34:16 GMT

Shridhar wrote:
I have a disc which contains two risks ,which were detected by SONAR.
Currently I have NIS 2009.Before having NIS 2009 I used to install the disc without any threat notice shown by Norton,and even when I did not have Norton.

the fact is, if they are security threats ,why they did not cause any trouble(it may be smaller or bigger)to my system ?

My system was working perfectly in above discussed cases also without showing any sign of misbehaviour or slowdowns.

I trust Norton hence I don't believe so..........but are they False Positives ?

It is extremely hard to get a "full" infection nowadays with all the Windows Patches. I had 5 instances of Vundo on my computer, according to N360, but there were no pop-ups, my desktop background stayed the same, and nothing suspicious really happened; high cpu usage, etc, except for a rundll in my Task Manager.

Re: Harmless Risk...????

johna — Sun, 19 Oct 2008 13:35:31 GMT

Hi Shridhar

It normally takes a couple of days to get a reply from SSR, let us know.

Thanks!

Re: Harmless Risk...????

Shridhar — Sun, 19 Oct 2008 13:39:06 GMT

thanks for quick replies

Re: Harmless Risk...????

Floating_Red — Sun, 19 Oct 2008 14:33:18 GMT

johna wrote:
Actually, as far as I know, aggressive heuristics only applies to scans and auto protect, not SONAR.

This does apply to S.O.N.A.R.; not sure about AutoProtect or Scans.

Re: Harmless Risk...????

johna — Sun, 19 Oct 2008 16:20:19 GMT

Hi Floating_Red

Advanced heuristics certainly applies to Auto Protect and Scans, as far as SONAR goes I'm almost certain it doesn't, let me double check to make sure.

Re: Harmless Risk...????

mijcar — Sun, 19 Oct 2008 16:40:16 GMT

The one thing unmentioned that I think is vital is this: Some security risks do not make themselves apparant. They are written to do their maliciousness invisibly, whether it is to steal identity information or to place timebombs, they will not do anything in the current moment to make the user aware of them. No slowdowns, no flashing messages with jokes or warnings, no obvious taking over of anything.

I am concerned by the number of people who say "I know my computer is not infected because I don't see any symptoms."

Unfortunately, it doesn't work that way. And that is why we need security software.

Re: Harmless Risk...????

Tech0utsider — Sun, 19 Oct 2008 22:42:37 GMT

mijcar wrote:
The one thing unmentioned that I think is vital is this: Some security risks do not make themselves apparant. They are written to do their maliciousness invisibly, whether it is to steal identity information or to place timebombs, they will not do anything in the current moment to make the user aware of them. No slowdowns, no flashing messages with jokes or warnings, no obvious taking over of anything.

I am concerned by the number of people who say "I know my computer is not infected because I don't see any symptoms."

Unfortunately, it doesn't work that way. And that is why we need security software.

Excellent theory; maybe that is another reason why Vundo was not so apparent on my system.

Re: Harmless Risk...????

Shridhar — Mon, 20 Oct 2008 10:50:18 GMT

johna wrote:

Hi Shirdhar

If the risks are detected by SONAR, but are not in the Symantec Virus Definition base, then possibly they are benign.

As Floating_Red suggests, I would ask you submit the files to Symantec Security Response for analysis.

Can you let us know the results, thanks.

Edit: As an exercise, can you upload the files to Virus Total, and let us know if other vendors are picking them up as security risks, thanks.

Hi johna !!!

I have uploaded the files to Virus Total but I they are not showing the file as risk or virus.

I repeat, the risk was shown by SONAR and not by Auto-Protect or Virus Sacnner .

For more information, here is the link: for one of the files-http://www.virustotal.com/analisis/b49592101ffb00a3b97eec534a4dbd6e

Another file is showing the same result on the site.

Message Edited by Shridhar on 10-20-2008 03:45 PM

Message Edited by Shridhar on 10-20-2008 04:19 PM

Message Edited by Shridhar on 10-20-2008 04:20 PM

Re: Harmless Risk...????

johna — Mon, 20 Oct 2008 11:08:47 GMT

Hi Shridhar

Try running the files again, and when SONAR blocks them, catch the name of the file detected, and it's location, and advise of same.

Thanks!

Re: Harmless Risk...????

Shridhar — Mon, 20 Oct 2008 12:27:11 GMT

johna wrote:

Hi Shridhar

Try running the files again, and when SONAR blocks them, catch the name of the file detected, and it's location, and advise of same.

Thanks!

Hi johna !!!!!!!

I did what you have said above and SONAR is showing the risks namely :shell_inst.exe and safemode_inst.exe .

Their locations are c:\documents and settings\shridhar\local settings\temp\shell_inst.exe

(Note :'shridhar' is the user name).

The other one is in that program's folder.

Re: Harmless Risk...????

Shridhar — Mon, 20 Oct 2008 12:32:22 GMT

Do you have any idea about this fact that Virus Total is not showing any alert but SONAR is showing it .

I am still waiting for response from Symantec Security Response before saying it to be a False Positive

Message Edited by Shridhar on 10-20-2008 06:02 PM