05-21-2009 07:30 AM - edited 05-21-2009 07:34 AM
A recent scan revealed both a threat of high importance (a perceived virus in a safe file) and a threat of low importance (a tracking cookie). The only option with the former is 'remove', but the latter has 3 options, inlcluding exclude and ignore.
How can I ignore or exclude the perceived virus? Is there a whitelist?
Even more odd, if I dismiss the dialogue asking me how I'd like to proceed immediately following the scan, this threat list (both aforementioned threats) presents itself in the history section as 'Unresolved Security Risks' but cannot directly be dealt with. In this 'history' module there are no buttons to enact the recommended actions. That is, there doesn't seem to be a way to quarantine or fix those risks without either A.) a rescan of those threats and fixing the threats in the dialogue following the scan, or B.) browsing to the files containing the threats manually and deleting them. Am I missing something?
FWIW, I use NIS2009.7 with Win7, but I suspect my question would apply to any version of NIS2009.
05-21-2009 11:29 AM
This may be more of a thing to ask in the norton windows 7 beta forums but I will try to answer based on NIS 2009 for XP.
In the settings by default all medium and high level threats are set to be removed upon detection. In the settings there is also a choice of three courses of action to take when tracking cookies are detected. I believe they were remove, ask (giving you the option of choosing what course of action to take when each cookie is detected), and ignore, however it is possible that this was modified slightly in the windows 7 version of NIS 2009. I for one set this to remove so that quick scan becomes an instant tracking cookie remover.
05-21-2009 11:40 AM
OK thanks. I do see now how one can restore quarantined threats. The option to do so is available only when logged on as an admin.
Let's just say here that I HATE how this is implemented. If the developers do not want to give the limited user the ability to elevate rights with an admin password prompt via the user interface, then PLEASE show the options as grayed out or as unavailable so that users who run their machines as limited users are shown where and how to do stuff that's integral to a functioning piece of software.
Now, if someone could tell me how to whitelist a threat after it has been restored, that would be great. When I scanned a restored item, Norton recognized it as a threat once again. Is this the intended behavior associated with NIS2009 running on XP and Vista?
05-21-2009 04:02 PM
I think I may have found a fix for your problem.
I looked through my resolved security risks history in norton and picked a random tracking cookie that had been resolved. I clicked on help to see if there was a way to set a security risk a trusted or to simply keep norton from notifying me about it and the help section explains several methods of doing this based on what you are trying to white list. The list of different courses of action to take is kind of long so I'll just give you the jist of it.
TRUST - Allows a program to freely work on the computer and its network.
ALLOW - Allows a program to freely access the internet.
STOP NOTIFYING ME - Keeps norton from notifying you when it blocks a certain attack signature.
From the looks of things the way to white list a threat in the norton history varies greatly by the kind of threat it is. To see the full page in norton help that I am talking about open norton, click on help, and search for "about the advanced details window."
Sorry if I haven't explained it in enough detail but it is somewhat difficult to understand in norton help. There are too many different courses of action possible and they all apply to different types of security threats.
05-21-2009 06:21 PM
05-22-2009 01:03 PM
01. In the "Unresolved Security Risks", is there an Option to Submit the File(s) to symantec Security Response? If not, please Submit them via this Web Link: https://submit.symantec.com/websubmit/retail.cgi. Please could you also P.M. me the File that Norton is Detecting as a Threat.
02. Add the File(s) to Exclusions: Open Norton 2009 Product > Computer Settings > Exclusions/Low Risks.
05-23-2009 06:12 AM - edited 05-23-2009 06:14 AM
You're correct. There is no option to restore and ignore the files. Manually excluding the files from scan will be the immediate workaround.
However, there is another workaround that I would suggest. If you think Norton has quarantined a file that you think is genuine, or in other words a false positive, you can submit the file so that they can look into it. Here is the link to submit the files.
The next time the definitions are updated; Norton will run what is called as a Quarantine Scan. This will check for the files in the Quarantine folder against a list of known applications that are acknowledged by Symantec. This may be a time consuming process, but definitely will be a permanent solution.
If they don't acknolwedge the file as a False Positive; then I would not want to run the risk of having the file in my computer.
Let me know if this makes sense.
05-23-2009 08:41 AM