08-31-2010 10:14 AM - edited 08-31-2010 10:28 AM
I noticed it this weekend because my new notebook was not flaging any of the files I was downloading. seems like it does it the most with firefox and some sites more likely then others. happens with Windows xp pro and windows 7 home pro 64bit.
also should point out it doesn't record them in the event log ether. but it does do a IPS detection statistical submission on the file.
08-31-2010 08:05 PM
Symantec has seen the problem and is looking into it. I'll be sure to update this thread once I hear anything back.
09-04-2010 12:11 PM - edited 09-04-2010 12:15 PM
This is an EXTREMELY serious bug (present in NIS2011) - it means Sonar, which relies on Download Insight information, cannot function correctly, and you can potentially be infected by malware as a result - here is a direct example:
09-04-2010 12:44 PM
Download Insight is not the same thing as Sonar. In other words even if Download Insight does not give you a safe/unsafe rating on a file you just downloaded, does not in any way mean that Sonar would not be able to protect you when you try to run that file.
Symantec is aware of this problem and is looking into it.
Here are a couple of Protection Blogs with more information.
Another post of interest:
09-04-2010 01:01 PM
I've tested Norton against quite a lot files, and seen that shutting Insight has some devastating effects on Sonar. In other words, Sonar won't really work. See the attached:
By shutting Insight, I managed to infect the machine badly, with no option of recovering windows...
09-04-2010 01:11 PM
Download Insight and Sonar along with all the other methods used by NIS all work together to give us the "full" protection package, no denying that.
What I am cautioning against is drawing the conclusion that just because Download Insight does not give you the rating at the end of the download that it means you will automatically get infected if the file is malicious.
This is not the case. People do get infected all the time either because they give "permission" for some file to run, visit risky websites or because a particular piece of malware has found a way to bypass your security software. This happens with any security software out there.
In the end all I am saying is that this problem with Download Insight does not in itself mean you will get infected.
Yes this is a problem and one in which Symantec is working on and will hopefully have a resolution soon but I don't think it is one which is "devastating".
My two cents worth.
09-05-2010 02:01 AM
I find few fixes for Download intelligence wrt to Firefox download went in to NIS 2011 and as Bombastus mentioned I find this issue fixed in NIS 2011. Please wait for few weeks untill the latest NIS is released officially and available as free upgrade to NIS 2010, to get this fix. Do let us know if your issue is still not fixed.
I have also noticed this problem. Also is it only supposed to work with .EXE files. What about .DLL files?
Download intelligence in NIS 2011 is suppose to work for all PE files (i.e) - Filename extension .cpl, .exe, .dll, .ocx, .sys, .scr, .drv, .tlb
Well I can most definitely say it is not working properly then Thalir.
09-05-2010 10:14 AM
Thalir posted the reply before this problem had been recognized and reproduced. Subsequent to that Symantec was able to reproduce this problem and are still working on it.
09-09-2010 04:22 PM
Thanks everyone for bringing this to our attention. We have identified a fix and it is currently undergoing testing. Once testing is complete, the fix will be deployed via LiveUpdate later tonight or sometime tomorrow. I will put up another post to let everyone know when the fix is available.