10-11-2011 08:20 AM - edited 10-11-2011 08:39 AM
Apparently Symantec hasn't learned a thing. I recently upgraded to NIS2012 and at first nothing was wrong. But for the past couple of weeks, Norton has been informing me that threats have been found. Only, it hasn't actually found any threat, just a heuristic suspicion. This is NOT a confirmed threat, but Norton shows it as such, which is simply wrong.
Specifically, Norton has set its targets on installer files created with WIX version 3.6 (using the Burn bootstrapper). And mind you, this is no second-rate project, but rather a Microsoft-backed project, which will be used for future Microsoft products (starting with Visual Studio 11).
In case it isn't obvious (and that seems to be the case with Symantec). This is NOT acceptable. They are not even sure that there is a threat, and yet it is classified as "high risk". If they are not sure, they are certainly not high risk. All this is doing is teaching users to ignore a possible actual threat in the future - with disastrous consequences.
I want a button prominently placed that tells Norton that this file is OK and reports that fact to Symantec - and tells Norton to shut up about these things in the future. This rate of false positives is simply unacceptable.
This is the last time I will be putting up with this - next time I will be looking for a virus scanner that actually knows the difference between a virus and a legitimate installer.
10-11-2011 09:40 AM - edited 10-11-2011 09:48 AM
I noticed your posting and I have had a similar problem.
From what I understand, SONAR detection may erroneously block very obscure and little-used utilities.
I understand what you are saying about the prgram in question, but NIS might not detect it properly, just yet.
You should be able to permit the file to be Excluded (as a "Threat") and "User Trusted" as to it's validity, assuming you know that the actual source of your file is safe.
The product is quite new and there are some big fixes in the works, so I would suggest just holding on and let the product mature.
Try the above and let us know how you do.
Hope this helps a bit.
10-11-2011 10:23 AM
Yes, but the point is that this problem is not new. It has been like this ever since SONAR3 was introduced - and Symantec simply won't listen. Microsoft put out a faulty definition file for MSE the other day, which targeted Google Chrome by mistake. That was fixed within hours, along with an apology. Symantec simply does nothing. That is the problem.
Symantec wrongly assumes that if a file is not very widely distributed, it is a virus. That is not neccesarily the case. Symantec needs to admit that this assumption is wrong and adjust the UI accordingly. Currently, the "threat" is presented as high risk. That should be a new risk type called "Suspicious" instead. Then, there should be an Ignore option in the UI - and along with that a simple way to report a false positive from within NIS.
The above problems have all been in NIS for at least 3 years, with Symantec simply refusing to do anything. That is the problem, and that is why I have finally had enough of this crap.
10-11-2011 10:28 AM - edited 10-11-2011 10:34 AM
Well, you are entitled to your opinion and have some worthy ideas!
I'm curious, though. What product would you use instead?
Every product has it's pluses and minuses, right?