10-09-2010 07:26 AM
IN NIS 2011, when File Insight detects an apparently risky file (e.g. a downloaded ".exe"), it immediately deletes the file and quarantines it, even if the user is happy to accept the file. It is very inconvenient having to then go to quarantine every time to restore it, especially if the user is confident that it is a safe file.
The same argument also applies to sofware developers, whose executable files they have developed appear to suffer the same fate without being consulted first.
Therefore, could you please give the user the option of whether or not to delete/quarantine such a file instead? All it needs is extra buttons on the File Insight notification screen (e.g. "Allow this file" or "Remove") with a suitable warning re the consequences of doing so. With the filename also displayed, the user can then decide whether or not to let the file through if he recognises it or get it quarantined if he does not.
By the way, it is not good enough just to ask the user to "Trust" the individual file each time, because chances are every time a file is downloaded it will have a different name, so the "trust" list could end up with a huge number of files (unnecessarily).
Please note - "Computer software exists as the servant of the user, not the other way round."
10-10-2010 04:44 AM
Many users in german forum want this too.
The option of whether or not to delete/quarantine such a file is a very good idea.
In Training at WTT Classroom
10-10-2010 07:21 AM - edited 10-10-2010 07:22 AM
In the German forum, we speak about it. Many of us want this option. Please let the user decide what they delete.
Sorry for my language.
10-10-2010 06:55 PM
Does false positives appears so frequently?
Not so few cases then a malware sample is recognized as a Safe file (about the one in every 30 downloaded files)
> By the way, it is not good enough just to ask the user to "Trust" the individual file each time, because chances are every time a file is downloaded it will have a different name, so the "trust" list could end up with a huge number of files (unnecessarily).
a few piece of info:
Security data is binding with file checksum (for example you can see it in wikipedia as md5 ,sha-256 and other hash algorithms). checksum is changing if only file content was changed (filenames and extentions may be anything you want - it will not change the checksum).
10-11-2010 07:27 AM - edited 10-11-2010 07:29 AM
Thank you for your feedback, now to give you more details about the problem :
It would be ok if Norton would show this Insight Message for all threats, but it is detecting some applications as false positive and it deletes (quarantines) them instantly, which causes some inconveniences to restore the file and then create a scan exclusion :
There is a switch between auto / manual for the low threats but not for the higher ones. Should it be changed for the future versions of Norton ?