03-24-2011 08:28 AM
we have a software product, which makes automated updates from our web site. Unfortunately, when the exe file will be updated, Sonar makes false virus detection, and deletes it.
We have reported alredy this behaviour, and we received the answer, that our product will be placed on white list. Unfortunately the false detection after automated upgrade seems to be still existing, and we don't know how to avoid it.
Could you please advise what could be done to assure false detection free upgrades in our product?
03-24-2011 08:39 AM
Hi Welcome to Norton community!
sorry you had this problem!
Please submit in any of the following links
it will take sometime to analyse so till then
Restore the item from quarantine and tick mark the exclude option!!
03-24-2011 08:57 AM
we have submitted it more times already (also today, that was the third time).
The problem is, that the program makes automated updates, and it seems, the new updated exe is not protected from false detection. It seems that filling these forms does not solve the problem.
If the program is on the white list (which is the case already according to the answer of STAR), could it be upgraded without new false detection?
03-24-2011 01:18 PM - edited 03-24-2011 01:30 PM
Sorry to hear that Sonar is FPing on your Application. Can you tell me what the Application is? You can PM me, if needed.
Applications that get whitelisted should no longer get detected. We need to examine the program getting the update, as well as the update package that is being applied on the system.
NIS is designed to detect different types of applications and react accordingly.. If it is unknown, then our SONAR heuristic engine kicks in and examines the application before making any sort of conviction. So we need to look at the downloaded package, as well as the program doing the downloading and determine why the conviction is occuring. The more info on it, the better it will help us improve our detection accuracy.
SQA Manager, Symantec Corporation
Behavioral Analysis and System Heuristics
03-29-2011 02:48 AM
the application is AChat, we have reported the problem 3 times already. We have received the answer, that the false detection will be eliminated. It seems to be true with the existing product, but as soon as we try an upgrade the the exe file, Sonar will delete it immediately again.
As we make 2 upgrades every week to have satisfied customers, Norton Antivirus makes our life impossible, we can recommend to the customers only to switch off Sonar, as it is definitely a false detection, it was admitted by Symantec too. We run 7 antivirus softwares on our computers (should I list all of them?), and only Sonar makes this false detection at the moment.
We don't know what will be examined by Sonar, so we cannot modify our program to avoid false detection.
We can provide all information you need, we have done it already also via E-mail, when Symantec Security Response asked for it, without result till now.
Waiting for further help to avoid false detection.
04-07-2011 07:40 AM
Could you please tell us how could we avoid this false detection made of Norton Antivirus 2011? We have provided all required information and can answer all questions you have.
04-07-2011 03:47 PM
I'm not an employee but it sounds like you handed them a problem for which they had no instant answer
Please give them some more to find an answer and test it. I know a week can seem like a VERY long time but good work takes time
The team will respond just as soon as they are sure they have an answer you can depend on