12-17-2010 01:24 AM - edited 12-17-2010 01:30 AM
1) Most of us knew that Norton Trusted files are placed in white list and while run it - it will be not scanned by Norton - they can run easily and fast.
In summer 2010 I accidentally meet with Norton Trusted files but after upload to Virus Total (VT) Service was next results:
Each of 7 files is Norton Trusted (NIS 18.1)
In the past I saw 4-6 false positives (FP) from 25-30 VT antiviruses, but I saw that it was really FP - files was from well know Software and Antivirus vendors. Some of Norton Trusted files (in collection was about 70-80 files) was reported by VT as malware but with 0-20 antiviruses, but they was not so strong (in my eyes) and I say that may be they are wrong... but antiviruses with nowadays few false alarms reported me about 7 files that they are malware (based on Avira, Microsoft, ESET and Kaspersky detections).
To review them:
Submission has been sent Fri Dec 17 01:24:40 PST 2010
2) 2-bytesNorton Trusted file with content of two symbols:
is Norton Trusted too.
What is the payload of this included in while list item? How much users (more than 100,000 ?) and how often use this file? What for is this file - can it have the payload if it exits on some/many/every machines?
Solved! Go to Solution.
12-24-2010 02:15 AM - edited 12-24-2010 02:18 AM
Does not seem to be too dangerous but If you had submitted it to symantec what did they reply
12-28-2010 03:59 PM - edited 12-28-2010 04:11 PM
>WELL Hopefully SONAR will be able to detect these file.
SONAR will not proceed (or watching) this files as they placed in the white list of Norton trusted files as company itself.
>Have you submitted them to syamntec
Yes, as I wrote earlier
>Does not seem to be too dangerous
Some other great AV product vendors thinks with few false positives think not. Topic is started for finding an answer - wrong Norton Trusted entries or false positives from other famous and effective vendors too?
>but If you had submitted it to symantec what did they reply
Nothing as mainly many times before (not always) they save silent about this subject too...
Unfortunately in all likelihood since this is user-to-user help forum they more prefer to be silent in posting competent answers and post them only from time to time so many (about 80-85%) of interesting subjects (as I think) do not get any authoritative answers.
Posting like to something like space black hole. No one and nothing can escape from it and no replies from it, only gravity disturbance and light from other space bodies light distortion
Thanks for reviewing this article!
12-29-2010 01:23 AM
please be patient have you sent a PM to the any of the symantec Employee?
I got an instant reply.when I sent one!
please Wait for Gurus to come.
They can ask symantec employees to look into a prob. I think
12-29-2010 01:54 AM
Sorry I didn't reply any sooner.
Most of our employees are out of office and are enjoying their holidays. As a result, your message might not have received the appropriate attention. In the meantime, can you share the files with me so that I will be able to send these over to the team as soon as they're back.
Thank you for your understanding.
Norton Forums Administrator
Consumer Products and Solutions
12-29-2010 02:36 PM
>please be patient
here is two weeks, other topics months of waiting. Of cause in earlier topics will never be solved, months of waiting can't be, it is just skipping.
>have you sent a PM to the any of the symantec Employee?
1) I do not know who can answer in the observed field of product
2) Then I send a PM to some of admins with this subject and details, he tell me what this must be posted in forum. Apparently, all subjects must be posted in forum, so and this topic posted.
Send a PM of every post? Looks like paranoia. :) If post must be posted in forum, then may be a little attention to them may be brought without bombarding/spamming with PM. May be I am wrong, please tell me if it is so.
>can you share the files with me
Sorry, Venkat Jammalamadugu, for now I delete all collected files from my HDD who was waiting for answer as they and others was wating too long.
But earlier I submitted them to Symantec as listed in the first topic message (Tracking #18553851)
I just want to view the dinamics of possible changes, but if was no answers (on other topics too) I delete all relevant to subjects files and already put in my mind all this topics like unanswered.
Again, I do not want to just disturb Norton team, in opposite I only want to cooperate Norton team to make products more effective and user-friendly. May be I do something wrong, not in the needed way or direction...
Thanks to all who responded!
01-23-2011 07:48 PM - edited 01-23-2011 07:49 PM