09-24-2011 03:26 PM
Norton 2012 have a great Bug with quarantine restore
Norton found a False Positive as "Trojan.Gen" and quarantine this File , now you go to Quarantine and Restore this False Positive File over the Default in the Window with the Exclusion check .
Norton now do not exclusion this File, Norton do exclusion the Signatur "Trojan.Gen" , that means in the Future you are not protected against "Trojan.gen" .
The error has been confirmed by other Users.
10-05-2011 09:43 AM - edited 10-05-2011 09:57 AM
I am very surprised that there is no Symantec feedback on this Security Issue , on German Norton Forum Users ask if this Signature Exception is correct or not on File Restore with Quarantine.
It is time that this issue is taken seriously.
10-05-2011 04:17 PM
I've been having some internal discussions about this for a few days now. The English restore screen looks like this:
Notice to modify this change you are directed to "Signature to Exclude from scan". Checking this box does, indeed, disable the signature that triggered the detection.
This topic is currently being discussed inhouse to see how the wording and/or default behavior can be improved. Until such changes are made available you can manually exclude the file via the Items to Exclude from Scans setting to prevent future detections.
10-06-2011 12:20 AM
You see we have only this 1 Exclude Marking and most People think this is the right Exclusion Marking and disable their Protection against gen. Signatures.
The Point is how many People are now affected and what will Symantec do that these People are protected in the Future.
10-06-2011 07:36 AM
It does seem a bit risky to exclude the signature of a heuristic detection, which I believe is the point that Voyager10 is making. While each Trojan.Gen may have a different behaviour or characteristic, how does Norton handle the exclusion. If it excludes ALL Trojan.Gen detections this is dangerous. If it excludes on the behaviour, this is also dangerous. Perhaps a heuristic detection should not have an option for exclusion at all, but remain in quarantine until exonerated.
10-06-2011 09:46 AM - edited 10-06-2011 09:49 AM
While each Trojan.Gen may have a different behaviour or characteristic, how does Norton handle the exclusion.
Norton found in my Virus Folder thousands of files as Trojan.Gen or Packed.Generic.322 or Trojan.ADH .. are you sure with the exclusion of 1 signature the files can be kept apart with Norton? I would not take this risk.
The crux of the matter is Symantec should delete ALL Signature Exclusions with the next Patch , to protect the User.