03-15-2011 11:38 AM - last edited on 03-16-2011 09:20 AM by RebeccaO
Logical Continue Of
Improve Cloud Detection and SONAR
Provide in main product packet (e.g. NAV, NIS, N360 installers) the tools to recover normal system state to make user able each time after missed infections to restore normal state. This is as Norton can't block all malware actions. Kaspersky is already and a long time have such tools to help AV to keep OS and programs normally workable after missed infections.
Want to say more: include in this tools statistic submission module to view how many times and what users is mostly recover by themselves. Make detailed auto-submissions, in which will be stored detailed info that exactly was and bacame.
And than make (another) monitoring rule for this field (registry item).
It wil be good like Windows Defender on WinXP does but it is no good anough - not all actions.
You can do allow changes made by protocol them to user be able to restore (deny) them and so return to previous system state.
03-17-2011 09:30 AM
У Нортона есть такая утилита - это Norton Power Eraser. Кстати, я уже создал тему в которой я предложил внедрение способности карантина. Вот ссылка: http://community.norton.com/t5/Norton-Product-Idea
For non Russian-speaking people.
Norton has such tool, this is Norton Power Eraser. Besides I already opened the thread in which I proposed quarantine ability by NPE. You can follow it on http://community.norton.com/t5/Norton-Product-Idea
03-17-2011 12:53 PM
Glad to see here other people from Russia! :)
I saw this idea - I can't say that manual Quarantine ability needs in NPE - it can be prodices with main AV product.
But here I'm talking about restoring prev. state after some suspicious services was added, registry items such as disabling task manager and CMD and different others, deny ability of autorun entries and other at least provided by MS Windows Defender in WinXP OS. It is differ from just quarantine and removing quarantine samples - it is restoring of normal (prev.) setting of software and OS - it is malware footsteps what restrict normal user work and actions. They must be restored in all ways - some people looks for answers on the Internet, some reinstall some programms, some reinstall whole OS if this leaved settings are critical or their quantity is big.
Thus malware footsteps may be very-very annoing.
To prevent users from doing this - security product can contain such ability. If virus flowed - other manual methods of fixing it work may be applied and of cause it can leave its footsteps in OS.
Missed virus - it is AV fault - then provide user in power tools to resolve this issue, make auto-submission statistics on this - and see how it is useful (it will be very useful), make detailed statistics - that entries was corrected and on what. Than update your AV engine to monitor changes in this areas and such AV products will have more effectiveness then others.
So it is good for all - for end users and in effectiveness => reputation of AV engine
04-13-2011 05:51 AM
Already was at least in Kaspersky Iinternet Security 2010 (autumn-2009 - summer-2010):
"Отмена нежелательных изменений на вашем компьютере."
"Cancel ability of unwanted changes on your computer."