• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

NIS 2010 SONAR always detected Media Player Classic HomeCinema and quarantine it.

NIS 2010 SONAR always detected Media Player Classic HomeCinema and quarantine it.

I downloaded the latest Media Player Classic HomeCinema in this site.

http://www.xvidvideo.ru/content/category/1/1/2/

I downloaded X86, With installer.

svn 1280 is ok, but svn 1281, 1285, 1290 detected by SONAR, and then quarantine them.

I think it's a false-detect, can you check?

Replies

Kudos0

Re: NIS 2010 SONAR always detected Media Player Classic HomeCinema and quarantine it.

NIS 2010 SONAR always detected Media Player Classic HomeCinema and quarantine it.

I downloaded the latest Media Player Classic HomeCinema in this site.

http://www.xvidvideo.ru/content/category/1/1/2/

I downloaded X86, With installer.

svn 1280 is ok, but svn 1281, 1285, 1290 detected by SONAR, and then quarantine them.

I think it's a false-detect, can you check?

Kudos1 Stats

Re: NIS 2010 SONAR always detected Media Player Classic HomeCinema and quarantine it.

Submit those files to Symantec Security Response. If you find that Media Player Classic files are false positive, you can add those files to Scan Exclusions. If the SONAR again quarantines it, you can try the solution from this Symantec Support Article.Message Edited by yogesh_mohan on 09-29-2009 10:02 AM
Kudos0

Re: NIS 2010 SONAR always detected Media Player Classic HomeCinema and quarantine it.


yogesh_mohan wrote:
Submit those files to Symantec Security Response. If you find that Media Player Classic files are false positive, you can add those files to Scan Exclusions. If the SONAR again quarantines it, you can try the solution from this Symantec Support Article.Message Edited by yogesh_mohan on 09-29-2009 10:02 AM
It seems if I use submit page send to Symantec Security Response , it can't fix false-detect.
Because only SONAR detect it, not the virus scan.
And another reason, the Media Player Classic HomeCinema version changes several times a week, I can't send all of the files.
I think maybe they can always review the page and the latest version if they can.
Kudos1 Stats

Re: NIS 2010 SONAR always detected Media Player Classic HomeCinema and quarantine it.

Hi ONE,


We are currently looking into this issue and will contact your privately for more information and with a resolution.

Carlos Linares | Sr SQA Analyst | Symantec Corporation
Kudos3 Stats

Re: NIS 2010 SONAR always detected Media Player Classic HomeCinema and quarantine it.

Let me make sure I understand you correctly....  Are you seeing a prompt like this one?  This is what I'm seeing when installing the program you describe.



This is in fact a detection by SONAR 2.  However, it is not a conclusive one so we do not automatically take action.  Instead, we display this prompt to the user so he/she can make the decision.  To help, we supply a recommendation based on a combination of all our technologies - heuristic engine, the Norton Community prevalence information at the bottom of the window, static scanning, etc.

Since Media Player Classic is a trustworthy program with a long history of use by a wide community and downloading from this website (the publisher) ensures you get a "clean" copy... I went ahead and allowed this action.  I was able to complete installation and have been playing with it for a while.... neat little program :)

I've gone ahead and have added this website to our queue for site monitoring so that http://www.xvidvideo.ru is regularly monitored (might take a few days for data to be available to end users).

I've also started to track this FP on our side so that we can improve SONAR.

Thank you!

Carlos Linares | Sr SQA Analyst | Symantec Corporation
Kudos0

Re: NIS 2010 SONAR always detected Media Player Classic HomeCinema and quarantine it.

-ONE- has chosen the mode -> Sonar advanced Mode to Aggressive. and remove automatically.

;) 

Kudos0

Re: NIS 2010 SONAR always detected Media Player Classic HomeCinema and quarantine it.

Ah... well that explains why SONAR handles the detection automatically then.  Let me be clear, you should see the prompt above with default settings.  As stated in the help file (click ? next to "SONAR Protection" in NIS' settings):

"Aggressive

SONAR detects high-certainty threats and even the low-certainty threats with few suspicious characteristics.

SONAR removes all the high-certainty threats and notifies you about all low-certainty threats.

This setting is highly sensitive and might cause the legitimate files to be identified as threats. It is recommended for advanced users only."

Carlos Linares | Sr SQA Analyst | Symantec Corporation
Kudos0

Re: NIS 2010 SONAR always detected Media Player Classic HomeCinema and quarantine it.

Thank you for test.

Yes, but I can't finish installed MPC-HC.

I think maybe that's because my setting(I like to automaticlly remove.), so SONAR not asked me run it or not.

And another problem, I had clicked  "Trust Now" of Norton Insight, let the file become "user Trusted", but SONAR still work and quarantine it.

This is my setting.

.

Kudos1 Stats

Re: NIS 2010 SONAR always detected Media Player Classic HomeCinema and quarantine it.

Hi ONE,

We can also provide mitigation from false detections via Quorum - so please don't hesitate to let us know of any issues you have uncovered.   We have the mechanisms to prevent other customers from facing the same issues.

Zulfikar Ramzan

Kudos0

Re: NIS 2010 SONAR always detected Media Player Classic HomeCinema and quarantine it.


zulfikar_ramzan wrote:

Hi ONE,

We can also provide mitigation from false detections via Quorum - so please don't hesitate to let us know of any issues you have uncovered.   We have the mechanisms to prevent other customers from facing the same issues.

Zulfikar Ramzan


Thank you.
I want to suggest maybe you can let Symantec Submit and Threat Expert samples also send to Quorum Network.
I think maybe it's can increase much samples to make Quorum Network more better.

This thread is closed from further comment. Please visit the forum to start a new thread.