Hi jarrycanada,

Symantec has seen the problem and is looking into it. I'll be sure to update this thread once I hear anything back.

Best wishes.

Allen

This is an EXTREMELY serious bug (present in NIS2011) - it means Sonar, which relies on Download Insight information, cannot function correctly, and you can potentially be infected by malware as a result - here is a direct example:

http://community.norton.com/t5/Norton-Internet-Security-Norton/Serious-issue-with-SONAR-NIS2011/m-p/...

Hi begemot,

Download Insight is not the same thing as Sonar. In other words even if Download Insight does not give you a safe/unsafe rating on a file you just downloaded, does not in any way mean that Sonar would not be able to protect you when you try to run that file.

Symantec is aware of this problem and is looking into it.

Here are a couple of Protection Blogs with more information.

http://community.norton.com/t5/Norton-Protection-Blog/What-s-new-in-Norton-Internet-Security-2011/ba...

http://community.norton.com/t5/Norton-Protection-Blog/SONAR-3-A-new-level-of-behavioral-security-in-...

Another post of interest:

http://community.norton.com/t5/Norton-Internet-Security-Norton/Does-Symantec-analyze-files-categoriz...

Best wishes.

Allen

Hey Allen,

I've tested Norton against quite a lot files, and seen that shutting Insight has some devastating effects on Sonar. In other words, Sonar won't really work. See the attached:

 http://www.wilderssecurity.com/showpost.php?p=1741745&postcount=203

By shutting Insight, I managed to infect the machine badly, with no option of recovering windows...

HI eplose,

Download Insight and Sonar along with all the other methods used by NIS all work together to give us the "full" protection package, no denying that.

What I am cautioning against is drawing the conclusion that just because Download Insight does not give you the rating at the end of the download that it means you will automatically get infected if the file is malicious.

This is not the case. People do get infected all the time either because they give "permission" for some file to run, visit risky websites or because a particular piece of malware has found a way to bypass your security software. This happens with any security software out there.

In the end all I am saying is that this problem with Download Insight does not in itself mean you will get infected.

Yes this is a problem and one in which Symantec is working on and will hopefully have a resolution soon but I don't think it is one which is "devastating".

My two cents worth.

Best wishes.

Allen

mistake...

---

Thalir wrote:

I find few fixes for Download intelligence wrt to Firefox download went in to NIS 2011 and as Bombastus mentioned I find this issue fixed in NIS 2011. Please wait for few weeks untill the latest NIS is released officially and available as free upgrade to NIS 2010, to get this fix. Do let us know if your issue is still not fixed.

 

 

---

reactivate wrote:
I have also noticed this problem. Also is it only supposed to work with .EXE files. What about .DLL files?

---

Download intelligence in NIS 2011 is suppose to work for all PE files (i.e) - Filename extension .cpl, .exe, .dll, .ocx, .sys, .scr, .drv, .tlb

 

---

Well I can most definitely say it is not working properly then Thalir.

Hi Reactivate,

Thalir posted the reply before this problem had been recognized and reproduced. Subsequent to that Symantec was able to reproduce this problem and are still working on it.

Best wishes.

Allen

Thanks everyone for bringing this to our attention.  We have identified a fix and it is currently undergoing testing.  Once testing is complete, the fix will be deployed via LiveUpdate later tonight or sometime tomorrow.  I will put up another post to let everyone know when the fix is available.