Re: Exonerated by Community Watch?

car825 · ‎03-28-2009

The description for one of the Community Watch log entries says Statistical Submission: WS.Trojan.H Exonerated. It is followed by a string of numbers in the Submission Details section. No file name is given. What does that mean? How do you research it without a file name? Thanks for your help with this.

bjm_ · ‎09-07-2008

Hello car825

Respectfully, if you have any lingering concerns regarding your system.

You may be well served by visiting a free Malware Removal site.

An "All Clean" from experts always helps me when I have concerns.

I've visited with Bleeping Computer and What The Tech

I'm partial to Bleeping Computer's Forum ~ Am I Infected?

Other free Malware Removal sites - (credit Delphinium for links)

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

http://support.emsisoft.com/forum/6-help-my-pc-is- infected/

Thanks

car825 · ‎03-28-2009

bjm_ wrote:
Hello car825
Respectfully, if you have any lingering concerns regarding your system.
You may be well served by visiting a free Malware Removal site . . .

Thanks

My concern is that I’m getting mixed messages from this forum. On one hand I’m being told I can safely ignore all the entries in the Community Watch log (even the alarming ones) and assume that my system is safe if the Norton System Status says Safe and is green. On the other hand, I’m being told that I should not ignore them. Which one is it? I would be happy if I could just ignore them. This way Symantec doesn’t have to explain what they mean and I can forget it. But if they do require research, then it’s only fair that Symantec explain what they mean.

SendOfJive · ‎02-07-2009

HI car825,

Norton Community Watch submits files of interest to Symantec for analysis. None of these are known to be malicious. If they were, they would be removed from your system. NCW is not a protection component, like Auto-Protect or SONAR. It is simply a tool to allow Symantec to obtain and evaluate previously unseen files in the wild. Inclusion in a NCW submission is not an indication that a file is malicious, and so you should not draw any conclusions about the files from this.

bjm_ · ‎09-07-2008

Hello car825

I've searched my Norton Community Watch history. I did not find WS.Trojan.H

I appreciate your concerns and sense your frustration.

In a perfect world we would all be issued a Symantec to native language manual / dictionary.

The Norton Community is a user to user help venue.

The Symantec employees that participate as you know are volunteers.

Hopefully, a Symantec employee will chime in to satisfy your concerns.

I am also curious about these exonerated file submissions.

You can persist and wait for a Symantec employee volunteer to post a reply.

You can present your concerns to Symantec directly via Live Chat.

You can start a Topic at one the Malware Removal sites.

I always feel better getting an "All Clean" from experts.

You wrote: No file name is given. How do you research it without a file name? IDK

I usually naively trust that Symantec is doing the research.

When that does not satisfy me. I'll get a second opinion from Bleeping.

Thanks

elsewhere · ‎05-30-2009

car825 wrote:

The description for one of the Community Watch log entries says Statistical Submission: WS.Trojan.H Exonerated. It is followed by a string of numbers in the Submission Details section. No file name is given. What does that mean? How do you research it without a file name? Thanks for your help with this.

Interesting. Does your 'WS.Trojan.H Exonerated' log entry look like the one below? Are you seeing a row of underscore characters where the file name should be (________)? If it's different, then right-click on the log entry, select copy and paste the details into your next post.

I have six entries like the one below. I'll see if there is anything else in the log that can shed some light on this.

Description	Statistical Submission: Suspicious.Cloud.7.L Exonerated
Submission Details	___________________________ Detection Digest: 03 00 EA AF 0F 01 00 02 00 00 00 00 00 83 AC 71 ...............q 92 99 D5 F2 DB 00 00 00 00 4D 15 DD 6A 04 03 00 .........M..j... 00 32 19 03 05 00 01 02 02 00 00 .2.........

Please confirm.

Thanks

Atomic_Blast · ‎09-05-2011

Hi car825:

I have re-enabled NCW on my NIS 2012 boxes to evaluate what is being posted here.

However, the post by SendOfJive (post #14 in this thread) sums it all up pretty well.

It's the "exoneration" part for my technical curiosity, that really interests me.

Let's see what I come up with.

Best wishes,

Atomic_Blast :)

"Every day is just another increment on the bell curve of life."

car825 · ‎03-28-2009

elsewhere wrote:
car825 wrote:

The description for one of the Community Watch log entries says Statistical Submission: WS.Trojan.H Exonerated. It is followed by a string of numbers in the Submission Details section. No file name is given. What does that mean? How do you research it without a file name? Thanks for your help with this.
Interesting. Does your 'WS.Trojan.H Exonerated' log entry look like the one below? Are you seeing a row of underscore characters where the file name should be (________)? If it's different, then right-click on the log entry, select copy and paste the details into your next post.

I have six entries like the one below. I'll see if there is anything else in the log that can shed some light on this.

Description Statistical Submission: Suspicious.Cloud.7.L Exonerated
Submission Details ___________________________
Detection Digest:
03 00 EA AF 0F 01 00 02 00 00 00 00 00 83 AC 71 ...............q 92 99 D5 F2 DB 00 00 00 00 4D 15 DD 6A 04 03 00 .........M..j... 00 32 19 03 05 00 01 02 02 00 00 .2.........

Please confirm.
Thanks

My Community Watch log entry for WS.Trojan.H Exonerated had one underscore followed by a string of numbers and letters where the file name should have been.

car825 · ‎03-28-2009

Atomic_Blast wrote:
Hi car825:

I have re-enabled NCW on my NIS 2012 boxes to evaluate what is being posted here.

However, the post by SendOfJive (post #14 in this thread) sums it all up pretty well.
It's the "exoneration" part for my technical curiosity, that really interests me.

Let's see what I come up with.

Best wishes,

Atomic_Blast :)

Try running a full system scan and then checking the log. That's when the WS.Trojan.H Exonerated Community Watch log entries appeared in my log. The scan itself was clean. No problems were found.

floplot · ‎04-11-2009

Hello Car

I have the same type of entries as you have after my Idle Full System Scan ran on Sat. There were a whole bunch of exonerated files of different sorts. I remember the same files being exonerated in NIS 2011 also. They are just statistical submissions so that the rules can be adjusted.

Success always occurs in private and failure in full view.