• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos2 Stats

Question regarding Sunil_GA's "False Positives" Notification

I'm hoping for a little further clarification on Sunil_GA's recent "False Positives" notification (currently pinned at the top of this forum)...

Should this also be done "proactively" by everyone who has been LiveUpdated from NSwB v22.2.0.31 to v22.5.0.124 as a recommended (perhaps even necessary) preventative prior to the next automatic running (via Background Tasks) of the "Full System Scan" occurrence - so as to avoid any quarantining incidents like those currently being reported by users who have been Liveupdated from v21 products to the v22.5 replacements?

Thanks,
John
 

Replies

Kudos0

Re: Question regarding Sunil_GA's "False Positives" Notification

Hello John

I would say to do it as a workaround and as a preventive measure to avoid all those false positive malware and quarantine avoidance. At least an attempt to avoid it.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Question regarding Sunil_GA's "False Positives" Notification

Hi Flo,

My "sixth sense" tells me similarly, but it would be nice to hear a confirmation on it from an official "Red Badge". 

As it stands, the notification seems (to read as being) intended as a remedial directive, rather than (also) as a preventative measure...

Thanks!
John

Kudos0

Re: Question regarding Sunil_GA's "False Positives" Notification

Hello John

Will notify Sunil to clarify it for you and others.

@Sunil_GA

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Question regarding Sunil_GA's "False Positives" Notification

Thanks again, Flo!  

Kudos0

Re: Question regarding Sunil_GA's "False Positives" Notification

You folks are reading my mind ... I've got the same question.  Although I'm still on NIS 21.7, it sounds like a proactive step EVERYONE who is updated to or on 22.5 (of NS/NIS/N360 etc ...) should run the 'intelligent updater' before a full system scan?  If done proactively will this fix the heuristic issue??

And does IU have to run each/every time before a full scan?  I'd hate to see a week or so from now that others start reporting 200+ false positives and the solution is ... oh, you need to run IU again

Kudos0

Re: Question regarding Sunil_GA's "False Positives" Notification

Based on the official silence, I guess I have posed an unreasonable inquiry ...

I don't know about others here, but I'm finding the long strings of minimalist official responses followed by prolonged periods of total silence (on the part of company officials) rather disturbing...

Perhaps upper-management (presumably under advisement of corporate council) has dictated an edict that all customer-facing employees posture an "ostrich-mode" until the thicker of the smoke clears from this battlefield?

So now I'll be a bit more blunt - Is this concern (the Background Tasks "Full System Scan") a ticking time-bomb, and if so, does the aforementioned remedial action serve to preemptively neutralize it?

Kudos0

Re: Question regarding Sunil_GA's "False Positives" Notification

hi

May I just add my experience not sure it adds much as most people will come onto the forum when they hit a problem.

I have three devices with N360 installed.

I downloaded v 22.5.0.124 on my Windows 8.1 Surface via the Help/New Version Check. The new version downloaded and installed with no problem and took about 30 seconds to Activate. I used the tablet normally and ran a full scan a day or two later. No "Heuristic Virus's" were found, no problems other than the known ID Safe and a couple of settings are greyed out and can't be changed. Other than this it is working very well much better than the previous version.

I then did the same for my Windows 7 Ultimate laptop with exactly the same result.

The next day I installed the new version on my father Windows 7 Home Premium laptop but carried out a full scan soon after the normal restart Norton needs to properly install. Unfortunately on this laptop the scan found the "Heuristic Virus's" luckily only about 25. I found a couple of programs were not working so I reinstalled them and everything is as above with no further difficulties. I do appreciate that for some many more programs were affected so reinstall of them would have been a much bigger job.

I can't help but think that the automatic download with Live Update caused problems along with running a full scan soon after the installation.

Other than the known problem with ID Safe and the greyed out setting the new version I have to say is running like a dream on my devices and has been getting better after being installed for a few days. My devices are performing much better I can only think that this is the new version being even lighter on resources than the previous as nothing else has changed on any of my devices.

 I do appreciate that users have had terrible problems and not trying let Norton "off the hook" for the time and difficulties the new version installation has caused many people. Just a little insight to my experience.

Michael

Kudos0

Re: Question regarding Sunil_GA's "False Positives" Notification

Hi Michael,

Thanks for the report that (for the most-part) your upgrades have all gone well - Congratulations!

However, my question has (IMHO) little to do with the success results of a .124 derivative upgrade/installation, but rather with a very specific aspect of the v22.4.0.124 NS and NSwB product itself. Nor does the question involve any of the v21 to v22 Liveupdate issues being reported.

Since for (most) NS and NSwB users this was a (non-elective) v22 to newer v22 update it's a rather precise and unique situation.

But FWIW, I too can say that all of my systems (save one) updated to the .124 derivative without issue - with the one "problem system" initially having difficulties with a previous (and subsequently pulled) v22 Liveupdate push (the .120 derivative, to be precise). Also - All of my systems are presently successfully transitioned onto the .124 derivative (and have been so for several days), and none have any grayed options settings...

Anyway, back to the point I'm trying to make...

My specific concerns, which I've tried to express in this thread are:
1) Confirming if there is an issue with doing/allowing a Full System Scan on these newly "Liveupdated" .124 derivative NS & NSwB platforms.
2) Although not yet an issue, is this about to become an issue - thanks to the "background tasks" periodic Full System Scan function integral to these products?
3) Does Sunil_GA's prescribed remedial action (for already damaged systems) serve as a prophylactic measure to prevent such an issue from occurring to (as yet) undamaged NS and NSwB .124 updated/protected systems? 

Thanks again for your input Michael,
John

Kudos0

Re: Question regarding Sunil_GA's "False Positives" Notification

John, here's my take from my experience with the Intelligent Updater.

I feel the updater was in fact updated to avoid flagging the false positives - ie during the product update to a new version, somehow the whitelist became the blacklist during a virus def update - but only for a short period of time.  So that's why some folks are experiencing this fiasco and others are not.  Now once the Intelligent Updater is updated and placed on your system, subsequent Virus def's update will also include the "fix" that was in the previous Intelligent Update.  Hope you follow this.  Yes, probably many other scenarios possible, but just wanted to suggest a "what if".

I would be curious at this point in time if those who have followed Sunil's prescribed actions (after experiencing the false positives) have encountered any more situations with a Full System Scan (background)?

Just wanted to add, that any changes to the Intelligent Updater,  after those users have downloaded and run manually per Sunil, should be included in future auto LiveUpdate of virus defs.

Kudos0

Re: Question regarding Sunil_GA's "False Positives" Notification

yank:

I feel the updater was in fact updated to avoid flagging the false positives - ie during the product update to a new version, somehow the whitelist became the blacklist during a virus def update - but only for a short period of time.  So that's why some folks are experiencing this fiasco and others are not.  Now once the Intelligent Updater is updated and placed on your system, subsequent Virus def's update will also include the "fix" that was in the previous Intelligent Update.  Hope you follow this.  Yes, probably many other scenarios possible, but just wanted to suggest a "what if

That make's sense.  Sort of a bug in the update that needs a 'one-time' patch from IU before running a full scan.  That may also explain where some folks mentioned to wait a few days / reboots before running a full scan and then did not see the false positives on those systems.  Is it possible that Live Update picked up a newer whitelist update/version after a day or so which fixed the bug similar to IU? 

Kudos0

Re: Question regarding Sunil_GA's "False Positives" Notification

Hi Yank!

Yes, I fully follow your reasoning...as it it sounds very plausible...

But -  - I'd still like to hear it from an official Red Badge...

That said...

How many (if any) thread responders thus far (whom are currently using NS or NSwB v22) after being updated (via Liveupdate push) to the .124 derivative, have since receiving said update, manually ran a Full System Scan sans application of the aforementioned remedial?  And if manually done to completion with success, have also checked their Administrative "Background Tasks" to verify that the (default installation generated) scheduled Full System Scan has also ran to completion with equal success (post the .124 liveupdate)?

As always, thanks for your thoughts Yank!

Cheers!
John

Kudos0

Re: Question regarding Sunil_GA's "False Positives" Notification

I understand totally John what you are looking for and can't blame you for waning a red badge to respond with absolute fact!

FWIW,  I have received the first "notched" update - did nothing, but wait for the second update and received both thru LiveUpdate.  I did not do the remedial Intelligent Updater, nor have I had any false positives. I ran a scheduled Custom Scan of C: drive last night (does that count?) with the exact result I expected - all clean.

Let me do an @Mohan_G   to seek a response for additional info.

Kudos3 Stats

Re: Question regarding Sunil_GA's "False Positives" Notification

Sorry for my delayed response. I’d like to clarify a few things, to make it easier. The initial question of running the intelligent updater proactively: this action is still not confirmed as a solution, but our team still working on this issue to find the root cause and fix. I recommend that only those seeing the False Positive detection should use the workaround - restore the files quarantined and get the latest definitions for the product via intelligent updater. Something else to note is that the False Positive detection issue has not been seen on every upgrade to 22.5, which would make a bit of unnecessary work for many people.

Additionally, while we’re still working on the underlying issues regarding this issue, we have made some backend adjustments that will fix the situation for most customers. If you’re still seeing the false positive detection, please provide details on which specific detection is seen. This will help us further refine things. 

Thanks,
Sunil G A
Norton Forums Administrator
Symantec Corporation

Sunil_GA | Norton Forums Administrator | Symantec Corporation
Kudos0

Re: Question regarding Sunil_GA's "False Positives" Notification

Thank you Sunil G A,

So it is yet to be determined if the remedial action also works as a preventative insurance against the issue occurring on (as yet) unaffected systems and more importantly, you advise against its use (as a preventative) until such a determination can be made - or different prevention can be formulated...

I also take it that you are not (yet) 100% assured as to the preventative efficacy on the other corrective "backend tweakings" you've mentioned...

In that case, might it be advisable to switch the Product's Tasks Scheduler to Manual mode until that "all clear" determination has been made?

As you can see (below), the Automatic mode "Full System Scan" has yet to run on my system - nor on any of my systems (yet) - after receiving and installing the .124 derivative Liveupdate push...

I have not seen any "False Positive" quarantining occur on any of these systems (not yet, anyway) - - -

My concern at this point is purely of a preventative nature, since all the reports (that I've seen) thus far for this issue, revolve around the issue occurring commensurately with a Full System Scan.

Thank you again for taking the time to respond here!  

Kind regards,
John

This thread is closed from further comment. Please visit the forum to start a new thread.