11-01-2009 05:58 AM
Good idea you have (sorta). I'm going with a variation. I'm going to remove NIS 2010 and use Microsoft Security Essentials instead. I'll try NIS 2010 again at a future date once some fixes have been released.
11-01-2009 06:09 AM
I just want to add my two cents. I think the exclusion process is getting to complex with three different areas that one has to handle: scan exclusions, AP exclusions, and signature exclusion. One should not have to tweak a number of things to make an exclusion work.
As far as the original issue with SONAR, like everything Symantec's defaults should protect ignorant PC users, but the controls should be provided that the product may be configured in any manner the user desires if they are willing to accept the consequences.
11-01-2009 06:29 AM
Actually if you take the download zip astlog.zip, and scan it with NIS it contains AsteriskLogger and is quarantined. AsterosskLogger is the Type: a potentially unwanted application. If you look this up on the Symantec site it says "Once executed, the potentially unwanted application can reveal the passwords concealed behind the asterisks in standard password text boxes".
You are installing an application that has a security risk because clearly it reveals passwords that are not intended to be revealed.
It is nothing like Sysinternals. It is "safe" only because you are installing it and running it and no doubt revealing your own passwords, but it is not "safe" from a community point of view because Norton has to rightly assume that someone is loading this application on your PC with a view to stealing your passwords.
In short, the responses you are getting from Norton are entirely correct and proper. I have restored the executable and find no Sonar activity.
11-01-2009 08:04 AM - edited 11-01-2009 08:07 AM
I appreciate you trying to help. I have uninstalled NIS 2010 and installed MS Security Essentials (as I said I was going to do).
I am not attempting to run all of the NirSoft utilities. I am installing a "launcher program" which, by default, installs all the NirSoft utilities --- that's why I was encountering issues with NirSoft utilities.
AsteriskLogger, the example that you gave, is not a utility that I plan to use. I am well aware of the capabilities of some of these utilities. My comments have all been about the frustrations that NIS gave me because of false positives (e.g. MyDefrag) and not giving me (a very experienced PC user) the ability to override the various protections that NIS is providing. Also, (1) some parts of NIS do not work (e.g. where you tell SONAR to ignore a particular threat in the future) and (2) the NIS user interface needs a LOT of work -- one can hardly figure out what to configure where.
When I installed MS Security Essentials today, it gave me a serious warning about AsteriskLogger --- it did not just delete it without giving me any choice in the matter. I chose not to install it. That's the way NIS should work. Also, MS Security Essentials did not erroneously flag a whole of the other NirSoft utilities and just delete them.
11-01-2009 08:10 AM
There are programs that are and will never be a security issue that SONAR is deleting. Example, every program compiled with Intel Visual Fortran is flagged and deleted by SONAR. IMHO Norton has a very bad piece of code in SONAR that needs to be either corrected or deleted.
11-01-2009 08:23 AM
11-01-2009 08:42 AM
Will someone from Norton please tell us that this is being sorted. There is such a lot of detailled feedback on how/why to address this being provided that I cannot believe that this is still being given a 'by design' tag or diverted into the 'endless what is malware loop'..
Presumably it will get taken seriously once it hits PC-Pro etc.
Amusing thought - Norton 2050 robo-home guard dog.
My Robo-Dog Attacks harmless visitors because it hasn't seen them before and they are carrying potentially dangerous baggage like fireworks and cigarette lighters. Then attacks then them next week after being given their ID and details because their hair has grown and they are wearing different coat. Some visitors just disappear completely while others can be retrieved from the dogKennel
This behaviour is by design. Please do not allow visitors to your home who have not already somehow survived a visit to all the other homes down your street. If you have such visitors please consider reverting to Guard-dog 2009 (The living learning canine variety)
Ok, time for my sleep :-)
11-01-2009 10:39 AM
Sorry you have dropped NIS 2010. There is no point me trying to assist further then. I took AsteriskLogger because I chose it at random from the list you gave. I do not see an issue yet with which I would get involved.I would be happy to champion an issue if I felt there was one. For example I do not yet see that Sonar is not working as designed.