• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

SONAR.Heur.RGC!g519, Norton Security keeps Removing "backinthegroove.exe" (Steam-Toe Jam & Earl), Why ???

SONAR.Heur.RGC!g519 Trojan found in my Toe Jam & Earl Client, so says Norton SONAR.

I bought & downloaded the newly released Toe Jam & Earl: Back in the Groove via Steam.

Every time I hit the Play button Norton SONAR jumps in and removes "backinthegroove.exe" saying that above mentioned Trojan has been found. I even tried verifying the Toe Jam & Earl game via Steam. Steam replaced the "backinthegroove.exe". But then Norton SONAR again removed the exe.


I contacted the creator's of the Toe Jam Game but they said to contact Norton.

Is this a False Positive where Norton is actually wrong, or is this Trojan Claim actually Valid ?

Please Advise, Thanks

Replies

Kudos0

Re: SONAR.Heur.RGC!g519, Norton Security keeps Removing "backinthegroove.exe" (Steam-Toe Jam & Earl), Why ???

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: SONAR.Heur.RGC!g519, Norton Security keeps Removing "backinthegroove.exe" (Steam-Toe Jam & Earl), Why ???

How to report false positives

Krusty13, Thanks for the Reply.

I submitted the File "backinthegroove.exe" via that Link a few minutes ago, it will be interesting to see what Norton says about that File.

Kudos0

Re: SONAR.Heur.RGC!g519, Norton Security keeps Removing "backinthegroove.exe" (Steam-Toe Jam & Earl), Why ???

Please tell us what Norton is telling you regarding this event.

For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.

For second opinion choose File &/or Search hash at VirusTotal (link is external)

Kudos1 Stats

Re: SONAR.Heur.RGC!g519, Norton Security keeps Removing "backinthegroove.exe" (Steam-Toe Jam & Earl), Why ???

I received an Email Response from Norton. They are going to "Whitelist" this Trojan Detection.

   "Whitelist", Meaning they will stop listing backinthegroove.exe as a Threat ?

Contents of their response is listed below:

falsepositives@symantec.com

5:25 AM (18 hours ago)

to me

In relation to submission *******

Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

    File name: backinthegroove.exe
    MD5: 5B1B29AAC920F7A3902009321E7475A3
    SHA256: B523C949B30F11F6B7C987EF973CBE21CA1C8680439B1ADB5655D17713E7F89C
    Note: Whitelisting may take up to 72 hours to take effect via Live Update

If detection persists, please contact support:
* Norton: https://support.norton.com/sp/en/us/home/current/info
* SEP: https://support.symantec.com/en_US/endpoint-protection.54619.html

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.

For more information on best practices to reduce false positives:
https://www.symantec.com/content/en/us/enterprise/white_papers/b-to_increase_downloads-instill_trust_first_WP.en-us.pdf




Sincerely,
Symantec Security Response
https://www.symantec.com/security-center

This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.
 

ReplyForward

Kudos0

Re: SONAR.Heur.RGC!g519, Norton Security keeps Removing "backinthegroove.exe" (Steam-Toe Jam & Earl), Why ???

Yep!  That means it will be white-listed, but it may take up to 24 hours.  My experience though, it will not take that long.

A little bit of knowledge is... well a little bit of knowledge.

This thread is closed from further comment. Please visit the forum to start a new thread.