• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

NIS downlaod insight wrong on this one?

Vista Home basic lap top with NIS v 21.7.0.11 usinh IE9 Multiple family members use the same limited user account on our lap top. So from time to time I check the download insight history in the NIS 2014 logs to make sure all is cool. So the other day I see that something downloaded from ak. imgfarm. com and the NIS download analyzer gave it a green OK check mark to download. I was curious as to what it is so today I googled it and find all sorts of troubling information Is the information I am seeing on other websiites old and out dated? Why would Norton give it a green OK check to download if it were a malicious program? a full system scan has run several days since the download and showed no infection

Replies

Kudos1 Stats

Re: NIS downlaod insight wrong on this one?

http://safeweb.norton.com/report/show?url=ak.imgfarm.com
Does the download item have a name..?
Highlight the item in Download Insight > then go to More Options > Copy to Clipboard

For a second opinion on the download file > choose file and / or search hash at VirusTotal (link is external) or upload file to VirSCAN (link is external) and/or Jotti.   (link is external) and/or submit for review analysis How to report false positives

Kudos0

Re: NIS downlaod insight wrong on this one?

thanks. I cant recall the entire file, but that Norton safeweb link you gave, I saw that when I googled but my real confusion is why would Norton say its ok in download analyisis when its own safeweb page says its not?

Kudos0

Re: NIS downlaod insight wrong on this one?

SafeWeb appears to report Adware.Websearch on the site. 
So, sans the Download Insight information that's readily available by More Options > Copy to Clipboard....
I'd be guessing that the site has bad historical reputation and the download is ....without the information.  ?
Adware.Websearch > http://www.symantec.com/security_response/writeup.jsp?docid=2003-101516-4649-99

Kudos0

Re: NIS downlaod insight wrong on this one?

thanks I will try to get more info and report back. Thanks bjm_ To NORTON: I have to say this is disturbing. I count on Norton for protection. So download insight should have stopped this. If I did not look at the log, I would not even know about this. Have looked on the forums in the past, I assumed that one did not need to check logs. but then how would one know about this being a problem
Kudos1 Stats

Re: NIS downlaod insight wrong on this one?

I think you are confusing websites with downloaded files.  Safe Search lets you know about a website's reputation, Download Intelligence tells you about a downloaded file's reputation.  If Norton allowed the file to run, then it was not considered to be a malicious file. 

What strikes me though, is that the website is considered malicious and Norton blocks access.  Assuming this was the situation at the time of the download, then whoever used the PC to go to that site clicked through the warning to get to the site.  You can't really fault Norton if someone intentionally disregarded the page block to get to the site. 

Kudos0

Re: NIS downlaod insight wrong on this one?

true that- I wonder if it was another website that pulled the file to download? I will get more details Does norton really block that website? I notice the reviews on safeweb are all many years old But if I am understanding you correctly, then the file is NOT a problem if Norton allowed it?

Kudos1 Stats

Re: NIS downlaod insight wrong on this one?

I got a Norton malicious page block when I attempted to go to the site.  The file was most likely safe, though.  Adware.Websearch is detected by Norton.

Kudos0

Re: NIS downlaod insight wrong on this one?

yes thanks. So you cant really force to go to the website then? I am thinking that the family member may have not gone to that site but somehow got a download that originates from there. That sound possible?
Kudos0

Re: NIS downlaod insight wrong on this one?

Ok I was not able to copy the data from the history log, just due to time constraints. But I did see that the file was some type of doctopdf exe from mindspark. Now when I google stuff on this there seems to be a lot of malware issues involving the company. But then the malware seems to be more of a tool bar installment type of thing as opposed to something more dangerous. So I’m wondering if the file itself is not a biggie since Norton shows it as a safe file? And that it is more a nuisance file/toolbar? I also see something about a home page change to home. tb. ask. Com but then isn’t ask .com a legit search page? This is all so confusing
Kudos0

Re: NIS downlaod insight wrong on this one?

sorry all I have not yet gotten back to access the laptop with the issue in question. But I am curious if there could have been a link for 2 reasons-1. Could that doctopdf exe that was NOT taking the user to that web site per se, but the file came from that website? Not sure if I phrased it to make sense. and 2) the file as scanned by Norton seems to be ok, so could the issue with the website be more about PUPs(?) rather than full blown security risks? Hope you all know what I'm trying to say :(

Kudos0

Re: NIS downlaod insight wrong on this one?

frzhoc:

sorry all I have not yet gotten back to access the laptop with the issue in question. But I am curious if there could have been a link for 2 reasons-1. Could that doctopdf exe that was NOT taking the user to that web site per se, but the file came from that website? Not sure if I phrased it to make sense. and 2) the file as scanned by Norton seems to be ok, so could the issue with the website be more about PUPs(?) rather than full blown security risks? Hope you all know what I'm trying to say :(

doc to pdf sound like a conversion tool that may be online or resident tool 
try google

Kudos0

Re: NIS downlaod insight wrong on this one?

ok   this is the file it downloaded as noted in the download insight history entry ( I seperated the item so nobody clicks on it)

  fromdoctopdf  .ebd6213b4ff94dc6b9a1452001606398  .exe

and in the program folder of C drive there is this item (65res.dll)  I scanned it with Norton and it came up clean

This thread is closed from further comment. Please visit the forum to start a new thread.