Good idea you have (sorta).  I'm going with a variation.  I'm going to remove NIS 2010 and use Microsoft Security Essentials instead.  I'll try NIS 2010 again at a future date once some fixes have been released.

 

Cheers.

I just want to add my two cents.  I think the exclusion process is getting to complex with three different areas that one has to handle:  scan exclusions, AP exclusions, and signature exclusion.  One should not have to tweak a number of things to make an exclusion work.

 

As far as the original issue with SONAR, like everything Symantec's defaults should protect ignorant PC users, but the controls should be provided that the product may be configured in any manner the user desires if they are willing to accept the consequences.

Kalahari

 

Actually if you take the download zip astlog.zip, and scan it with NIS it contains AsteriskLogger and is quarantined. AsterosskLogger is  the Type: a potentially unwanted application. If you look this up on the Symantec site it says "Once executed, the potentially unwanted application can reveal the passwords concealed behind the asterisks in standard password text boxes".

 

You are installing an application that has a security risk because clearly it reveals passwords that are not intended to be revealed.

It is nothing like Sysinternals. It is "safe" only because you are installing it and running it and no doubt revealing your own passwords, but it is not "safe" from a community point of view because Norton has to rightly assume that someone is loading this application on your PC with a view to stealing your passwords.

 

In short, the responses you are getting from Norton are entirely correct and proper. I have restored the executable and find no Sonar activity.

cgoldman,

 

I appreciate you trying to help.  I have uninstalled NIS 2010 and installed MS Security Essentials (as I said I was going to do).

 

I am not attempting to run all of the NirSoft utilities.  I am installing a "launcher program" which, by default, installs all the NirSoft utilities --- that's why I was encountering issues with NirSoft utilities.

 

AsteriskLogger, the example that you gave, is not a utility that I plan to use.  I am well aware of the capabilities of some of these utilities.  My comments have all been about the frustrations that NIS gave me because of false positives (e.g. MyDefrag) and not giving me (a very experienced PC user) the ability to override the various protections that NIS is providing.  Also, (1) some parts of NIS do not work (e.g. where you tell SONAR to ignore a particular threat in the future) and (2) the NIS user interface needs a LOT of work -- one can hardly figure out what to configure where.

 

When I installed MS Security Essentials today, it gave me a serious warning about AsteriskLogger --- it did not just delete it without giving me any choice in the matter.  I chose not to install it.  That's the way NIS should work.  Also, MS Security Essentials did not erroneously flag a whole of the other NirSoft utilities and just delete them.

There are programs that are and will never be a security issue that SONAR is deleting.  Example, every program compiled with Intel Visual Fortran is flagged and deleted by SONAR.  IMHO Norton has a very bad piece of code in SONAR that needs to be either corrected or deleted.

I will tell you something else that makes this whole thing more complex than it needs to be.  Scan results history and quarantine includes flagged files from email attachments as well as local files.

Unfortunately, my PC is bombarded daily with virus attachments.  Thus, a review of scan results and/or quarantine has such a low signal to noise ratio that these informational displays are practically useless.  Email results need to be split off from local storage results.

BruceA,

 

Thanks for the humorous analogy.

Kalahari

 

Sorry you have dropped NIS 2010. There is no point me trying to assist further then. I took AsteriskLogger because I chose it at random from the list you gave. I do not see an issue yet with which I would get involved.I would be happy to champion an issue if I felt there was one. For example I do not yet see that Sonar is not working as designed.