United States
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Norton Internet Security / Norton AntiVirus

Reply
Topic Options
bigtex01
Newbie
bigtex01
Posts: 1
Registered: ‎12-25-2008
Accepted Solution

NAV keeps deleting file as Suspicious.MH690 but I think it's safe...

Options

‎12-25-2008 11:08 AM

I downloaded a zipped file with an .exe in it for a program distributed from a commercial product website that I believe is safe. When trying to extract the file from the .zip, the .exe never makes it--it's always deleted under the threat name Suspicious.MH690 (which I've read elsewhere in another thread is a recent addition to NAV definitions).

 

I have to turn NAV off to get it to execute. I then have to exclude the file in Exclusions to get it to stay on the hard drive--otherwise, as soon as I turn NAV back on, it's gone.

 

I tried just scanning the file by itself after it was unzipped and excluded just to see if it detected any other threat after being successfully unzipped, and NAV deleted it with the same message: Suspicious.MH690.

 

I'm pretty comfortable this file is safe. I think just excluding the file from NAV is the way to go here, but is there a way to tell NAV not to delete it for Suspicious.MH690 but to look for other threats within the file? Is there a better way to get NAV to let the file unzip without turning NAV off for a few moments?

Report Inappropriate Content
Message 1 of 2 (4,894 Views)
0 Kudos
Volunteer
Volunteer
yogesh_mohan
Posts: 5,302
Registered: ‎07-29-2008

Re: NAV keeps deleting file as Suspicious.MH690 but I think it's safe...

Options

‎12-25-2008 11:29 AM

Hi bigtex01,

 

Merry Christmas!

 

Suspicious.MH690 is a recently added behavioral detection. Here is what Symantec says about it :(Thanks to TomiRed for posting this in a similar thread) 

 Symantec’s antivirus products contain a highly sensitive detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers.

If one or more files on your computer have been classified as having a Suspicious.MH690 threat, this indicates that the files have suspicious characteristics and therefore might contain a new or unknown threat. However, given the sensitive nature of this detection technology, it may occasionally identify non-malicious, legitimate software programs that also share these behavioral characteristics. Therefore, it is recommended that users manually check all files detected as Suspicious.MH690 by Symantec antivirus products for potential misidentification, and submit any suspect files to Symantec Security Response for further analysis. For instructions on how to do this, read Submit Virus Samples.

In rare cases where a legitimate file has been misidentified and subsequently quarantined, your computer may behave abnormally or you may find that one or more applications no longer function as expected. In such rare situations, you should open the Quarantine in your Symantec antivirus product. From here, you may review the list of all files detected as Suspicious.MH690 and, if you identify a potential misidentification, restore the file from quarantine and allow it to run normally.

 

 

If you 100% confident that the file is safe for your computer, then disable the compressed file scanning for time being as it is in .zip format. Otherwise, turn off NAV completely or exclude the .zip file from scanning.

 

Yogesh

 

 

Report Inappropriate Content
Message 2 of 2 (4,829 Views)

Products

Services

Support

Norton on Facebook
Norton on Twitter
Norton's YouTube Channel
Symantec on Linked In
Norton on Google+