12-17-2011 02:04 AM
1. Wonder if it is possible for someone to explain how to exclude Norton 360 from stopping me downloading cain and abel from www.oxid.it
2. How to exclude norton 360 from scanning this program or blocking it. Files maybe cain.exe and abel.exe (but not sure yet as Norton blocks download)
Reason i need it
We are using Cain and Abel at Uni with Wireshark and is needed for assignment/phase test knowledge. (Network TCP/IP packets)
12-17-2011 02:30 AM
I not got to the part where it blocks the programs yet.. sure that will happen once I get to download it.
I am at the part where I try to download it and it says 'An intrusion attempt by w--.oxid.it was blocked. The connection was reset.. lol
It is blocking the ca_setup.exe from downloading.
I believe there is options to exclude sites and programs, but I can not find this?
12-17-2011 02:34 AM
BTW on the Cain and Abel forums it says to disable Norton till I got things downloaded and install. Thought I would come on here and see if there a work around from disabling all of Norton.. Seem drastic.
12-17-2011 02:57 AM
Create a folder in your desktop, say for example Exclude->Goto settings in N360->Antivirus-> Scans and Risks -> Items to exclude from auto-protect and sonar Click Configure-> Add that folder to the exclusion, Then do the same by clicking on Items to exclude from scans. Then right click the N360 icon next to the time/date->Disable firewall for 15mins->If you are using internet explorer->goto tools->manage addons->disable the Symantec Intrusion Prevention. Now download that file and save it in that exclude folder you had created.
After that enable all that you had disabled in Norton (Symantec Intrusion Prevention, Firewall). Then goto settings do the same procedure mentioned above to add an exclusion for the exact file inside that exclude folder.
You can follow this instructions but remember you are playing with fire by lowering your defenses...
12-17-2011 11:01 AM
What is the name of the threat that IPS is blocking?
If this were a Download Intelligence issue where a file was being blocked due to a reputation concern, it would not be a big deal to work around the block and download the file. IPS, on the other hand, is not prone to a lot of false positives. IPS does not look for malicious files. Rather, it looks for exploits of known software security vulnerabilities. It is seeing something on the download site that matches an attack signature. Be careful.
12-19-2011 11:49 AM
When trying to download the Caina nd Abel file (ca_setup.exe from ww_.oxid.it norton comes up with The connection was reset. Norton blocked an attack by: Malicious Site: malicious Web site, Dormain or URL 2.
I know it gets false posative from this iste. I also know it is a dangerous file to download form other site.. that why i go straight to the site who codes and supports the file.
Thanks for the tip on how to exclude the folder.. just need to get around Norton letting me download from this site. Turning firewall off for 15 mins doesn not help this time. This i need a way to let Norton know i want to download from this site for a while...
Any more ideas
12-19-2011 12:16 PM
What is the name of the attack itself? You could always turn off Intrusion Protection while you are downloading from this site. I would not recommend doing that, as Norton is actually alerting to something it detects, and you are simply making suppositions about the site based on past experience - which may have no relevance to what is hosted on the site currently. Certainly, if you do want to circumvent your security program you should have a very recent disk image backup available in case it becomes needed.