• Todas as comunidades
    • Todas as comunidades
    • Fóruns
    • Idéias
    • Blogs
Avançado

O que você está procurando? Pergunte a um especialista!

This forum thread needs a solution.
Kudos5 Stats

Has Norton Security blocked my svchost.exe?

Today I received the following notification from Norton Security: “We have identified a program that does not work as expected on your computer. This program has been blocked.”

The threat level is High and the name of the threat is SONAR.SuspPE!gen8. However, the problem is that the file mentioned is svchost.exe, a Windows system file without which I don’t think my computer will work very well. I can still see svchost.exe in C:\Windows\System32 so at least that file hasn’t been put in quarantine.

Can anyone tell me what ramifications the above message actually has? Has NS just blocked the activity caused by the SuspPE!gen8 threat, or has it blocked svchost.exe altogether? For now I'm almost afraid to shut off my computer, not knowing if it will boot up again.

Respostas

Kudos2 Stats

Re: Has Norton Security blocked my svchost.exe?

To answer my own question in case someone else will have the same issue: When contacting Norton support, I was assured that the blocking doesn’t refer to the svchost.exe as such, but only to the specific process that was found executing the suspicious activity. I think the notification message could have been a bit more clear on this point though.

Kudos0

Re: Has Norton Security blocked my svchost.exe?

i got this too yesterday while manually updating chrome browser. chrome still managed to update.

Kudos0

Re: Has Norton Security blocked my svchost.exe?

I have also seen this as of yesterday (4 jan). I cannot see the cause... but speculate it’s about the recent win10 update? It’s seems to happen on boot up. I agree that the message implies svchost.exe is infected. I’m glad it’s not.
Kudos2 Stats

Re: Has Norton Security blocked my svchost.exe?

Today, January 5th I got the same message. Only a few minutes before I had started Norton Security LiveUpdate and ran a Quick Scan. The scan didn't find any problem. Then I checked my E-Mails and only opened one pdf-attachment after checking the mail with Norton. After the Norton alert I ran Norton Security LiveUpdate and did a Quick Scan again. And again the scan didn't find any problem. I hope anybody will find a root cause for this alert.

Kudos3 Stats

Re: Has Norton Security blocked my svchost.exe?

I've seen this too.  One occurrence at 22:52 (UK time) yesterday - Jan 4th.   I checked with Task Manager:Processes and that showed several other instances of svchost.exe still running satisfactorily.

Re the comment by Spleenie, I don't think it's due to a Win10 update as I'm still on Win7 Pro 64 bit.  (Unless it's a similar issue in a Win7 update.)   I'm using NIS 22.11.2.7.

I agree with the comments by others - it would be much more helpful if the Sonar report identified the actual process that svchost.exe was hosting at the time.  As it stands, it is a nonsense to report a file that has been stable for over 8 years, is in use by millions of other Norton users, but is still considered "High Risk".

Kudos0

Re: Has Norton Security blocked my svchost.exe?

I had the same problem on January 4, 2018 (SONAR.SuspPE!gen8 pop-up alert).

I had just installed TurboTax and was in the process of changing some of TurboTax's preferences.

Since there is no common activity reported by those who have recently encountered this alert (and posted in this thread), then perhaps the heuristics used by SONAR for the SuspPE!gen8 threat are a bit too broad/sensitive (resulting in a FALSE POSITIVE).

I'm running Norton Security 22.11.2.7 on Windows 7. Ran a full scan after this happened, no threats found.

Is there anyone following this thread who can contact Norton about this issue?

Kudos3 Stats

Re: Has Norton Security blocked my svchost.exe?

Hi Everyone,

Thanks for reporting in Norton Community Forums. We are aware about this issue and our team looking into it. We will update once we have more information on it.  Also, please let us know if you encounter this message again. We would like to gather logs for further investigation.

Sunil_GA | Norton Forums Administrator | Symantec Corporation
Kudos0

Re: Has Norton Security blocked my svchost.exe?

As requested by Sunil_GA, here is an upload of my current NIS log files containing the above SONAR entry from 22:52 GMT on January 4th.  I don't have a saved image of the error report screen.  I have not seen a further occurrence of the problem.

I am using Norton Internet Security version 22.11.2.7, running under Windows 7 Pro SP1 64-bit.

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Symantec. Endpoint Protection Small Business Edition :NIS-22.9.3.13 Cloud Agent 3.00.10.2737

Logs included.

Error Occurred after updating Windows 10 Pro to 1709, one of the many KB's updated after.
Around the error time, there was also an error updating OneDrive, in which a popup occurred and clicking OK to update OneDrive produced IE opening to http://livedog. May or may not be related.

Filename: svchost.exe
Threat name: SONAR.SuspPE!gen8Full Path: c:\windows\system32\svchost.exe

____________________________

____________________________


On computers as of 
1/5/2018 at 2:39:03 PM

Last Used 
1/5/2018 at 3:03:08 PM

Startup Item 
No

Launched 
Yes

SONAR Protection monitors for suspicious program activity on your computer.


____________________________


svchost.exe Threat name: SONAR.SuspPE!gen8
Locate


Many Users
Millions of users in the Symantec Community have used this file.

Mature
This file was released 3 months ago.

High
This file risk is high.


____________________________


Source: External Media


____________________________


File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available
 

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Filename: svchost.exe
Threat name: SONAR.SuspPE!gen8Full Path: c:\windows\system32\svchost.exe

____________________________

____________________________


On computers as of 
1/2/2018 at 6:25:09 PM

Last Used 
1/5/2018 at 9:44:45 PM

Startup Item 
Yes

Launched 
Yes

SONAR Protection monitors for suspicious program activity on your computer.


____________________________


svchost.exe Threat name: SONAR.SuspPE!gen8
Locate


Many Users
Millions of users in the Norton Community have used this file.

Mature
This file was released 3 months ago.

High
This file risk is high.


____________________________


Source: External Media


____________________________


File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available
 

Kudos2 Stats

Re: Has Norton Security blocked my svchost.exe?

Hi Sunil

I just encountered this detection.

Things happen. Export/Backup your Identity Safe data.
Kudos1 Stats

Re: Has Norton Security blocked my svchost.exe?

I suggest that the title of this thread be changed to something like this:
SONAR.SuspPE!gen8  on svchost.exe - False alarm


Users searching for information on this issue might be more likely to find this thread if it had a different title.


Here is a copy of my log file from the incident ... it is just like the others ...
(if you want/need more information, please provide details on where to find it)

Filename: svchost.exe
Threat name: SONAR.SuspPE!gen8Full Path: c:\windows\system32\svchost.exe

____________________________

____________________________


On computers as of
10/13/2012 at 5:27:14 PM

Last Used
1/4/2018 at 3:32:35 PM

Startup Item
Yes

Launched
Yes

SONAR Protection monitors for suspicious program activity on your computer.


____________________________


svchost.exe Threat name: SONAR.SuspPE!gen8
Locate


Many Users
Millions of users in the Norton Community have used this file.

Mature
This file was released 7 years 7 months ago.

High
This file risk is high.


____________________________


Source: External Media


____________________________


File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available

Kudos0

Re: Has Norton Security blocked my svchost.exe?

I have been getting these messages regularly since running Windows Update today (1/5/18).  Clearly Norton is detecting a valid Windows process as a "virus".  I will be disabling SONAR until this can be resolved, and I recommend others do the same.  BTW, I am running Windows 7, not 10, so it is happening to both systems since the most recent round of updates.

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Here's what I encountered this morning:

Filename: svchost.exe
Threat name: SONAR.SuspPE!gen8Full Path: c:\windows\system32\svchost.exe

____________________________

____________________________


On computers as of
19-10-2014 at 16:39:48

Last Used
6-1-2018 at 6:33:08

Startup Item
Yes

Launched
Yes

SONAR Protection monitors for suspicious program activity on your computer.


____________________________


svchost.exe Threat name: SONAR.SuspPE!gen8
Locate


Many Users
Millions of users in the Norton Community have used this file.

Mature
This file was released 8 years 5 months ago.

High
This file risk is high.


____________________________


Source: External Media


____________________________


File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Hello .. I just encountered this detection.  (yap , zh-TW ) 
after LiveUpdate today ... Norton Security blocked my svchost.exe ... 

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Gonna throw my hat in here too. Was playing Elder Scrolls Online, game completely crashed, then I got a warning that explorer.exe was not working properly. Nortrton pops up saying SONAR blocked SONAR.SuspPE!gen8

~ Freelance Web Developer & Photoshop Guru Dual Display - Gateway DX4300, AMD Phenom II x4 820 @ 2.80 GHz, 6.0 GB RAM, ATI Radeon HD 5450Win7 (x64) * Firefox 21* IE 10 * NIS 2013 v. 20.4.0.40
Kudos0

Re: Has Norton Security blocked my svchost.exe?

Just happened to me.  

Windows 7 Home 64bit - fully updated including 2018-01 Security Quality Rollup for Windows 7 x64-based Systems(KB4056894) which was installed about 24hrs ago.  

Computer has been up and running for hours with Chrome and Firefox browsers open and no new websites that I don't go to every day.  Did just install a program used by many people created by the people at Binance for their cryptocurrency exchange.  It's been running for 2 days now with no problems and was scanned and deemed safe by Norton when downloaded.  

Nothing found during the Norton daily scan that occurred several hours ago.  Just out of the blue the window pops open saying Sonar Detected Suspicious Activity from svchost.exe and blocked it.  

File Attachment: 
Kudos0

Re: Has Norton Security blocked my svchost.exe?

As requested, here is the log for my occurence of this:

Filnamn: svchost.exe
Hotnamn: SONAR.SuspPE!gen8Fullständig sökväg: c:\windows\system32\svchost.exe

____________________________

____________________________


På datorer 
2017-12-12 kl 21:19:46

Senast använd 
2018-01-06 kl 08:59:22

Startobjekt 
Ja

Startades 
Ja

SONAR-skyddet söker efter misstänkt programaktivitet i datorn.

____________________________


svchost.exe Hotnamn: SONAR.SuspPE!gen8
Hitta


Många användare
Miljoner användare i Norton Community har använt den här filen.

Äldre
Filen släpptes 3 mån. sedan.

Hög
Den här filrisken är hög.


____________________________


Källa: Extern media


____________________________


Filens fingeravtryck – SHA:
Ej tillgänglig.
Filens fingeravtryck – MD5:
Ej tillgänglig.
 

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Me too. No instances of svchost are running so it has been blocked.
Why after 4 years has this file suddenly become a problem?
The last modification date for the file is July 14, 2009; that's a further 4 years earlier than (before) I installed the OS.

G
Kudos0

Re: Has Norton Security blocked my svchost.exe?

I encountered this Norton Security warning regarding SONAR.SuspPE!gen8 and its blocking of svchost.exe as a result. However, it occurred immediately after my computer had restarted from my having installed the 1/5/2018 Windows 7 Update (KB4056894) today on 1/6/2018 - a day late. Prior to that, there were no problems. No warnings.

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Me to:  but what i want to know is, why is Norton just blocking a suspected high risk Trojan there is no option to delete or remove it and if it os was a high risk Trojan then i would want to click on a removal button on the warning screen so it was dealt with there and then...... 

norton issue_0.png

Kudos0

Re: Has Norton Security blocked my svchost.exe?

(zh-TW)  svchost service block by Norton (SONAR.SuspPE!gen8. )

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Hello I need help

Today when I turned on my pc after few minutes I got msg about SONAR blocking svchost. Threat name is SONAR.SuspPE!gen8.

That's the first time I see SONAR block on my pc and I'm really worried about it

Kudos0

Re: Has Norton Security blocked my svchost.exe?

I created my own forum thread but now I see I'm not the only one with this problem. I have no idea what to do... is it a false alarm or real threat. And it's not about windows update cause I didn't update anything but POSSIBLE chrome update

Kudos0

Re: Has Norton Security blocked my svchost.exe?

I got the same problem but just excluded the file in Options and moved on.. it's a false positive..

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Norton has blocked my svchost.exe from the location Windows > System 32?
What am i to do, is this exe file required for my windows 8?
Should i ignore Norton warning and 'allow this behaviour in the future'....?
Anyone...Norton..please answer!

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Thanks Norton, but are we to manually override this warning coming from system 32 folder and allow in the future?
You haven't said so yet.

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Not a whole lot to worry about. There's lots of help on the Internet on how to remove it. Just google:   SONAR.SuspPE!gen8

Kudos0

Re: Has Norton Security blocked my svchost.exe?

A point of detail to add to my previous posts and log file submissions - I have not yet applied the January Windows 7 updates (KB4056894) so, like Greendio, I don't think the problem relates to that and it's not a possible solution as flagged on the post by Hopscotch.

My last update to Windows was the December Monthly Rollup (KB4054518).

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Same issue.  What action should be taken at the Options -> 'Security Risk Detected' window?  If I don't select either option and just close the window, what will the future behavior be?

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Same issue in Win7 64bit - booting up today to finish applying Windows update KB4056894 and new update KB2310138 (MS Security Essentials)

Task manager shows multiple versions of svchost running

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Same issue. Occurred 1/4/18 6pm
Kudos0

Re: Has Norton Security blocked my svchost.exe?

So far I have only seen this block once. If it is something malicious, I'm glad Norton is blocking it. If it is a false positive, Norton should deal with it. But for now, I see no adverse affects from whatever has been blocked.

As svchost.exe is used by many different processes, it is best to leave it alone. If you check Windows Task Manager, you may find multiple instances of svchost.exe. The one process that is being detected has been blocked by Norton. Until Norton can check logs to see exactly what is happening, I am just going to let things be.

If you block svchost completely, you risk affecting all the other good processes and causing strange behavior of your system.

Things happen. Export/Backup your Identity Safe data.
Kudos0

Re: Has Norton Security blocked my svchost.exe?

Hello! My name is Dan. Got SONAR.SuspPE!gen8 in a svchost file in Win 10 System 32. It happened after downloading Google Chrome. If this information can be of any help it´s good. As I understand the comment from Norton, it´s not necessary to cut out this file. It will still work while the bad stuff in it is blocked by Norton Security. Hope I´m right. When this happened I haven´t downloaded Nortons protectionfiles for Google Chrome. The need for Google Chrome came because I bought Chromecast to stream files to my TV. Thank You.

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Filename: svchost.exe Threat name: SONAR.SuspPE!gen8Full Path: c:\windows\system32\svchost.exe ____________________________ ____________________________ On computers as of  9/29/2017 at 8:41:43 AM Last Used  1/6/2018 at 10:01:00 AM Startup Item  No Launched  Yes SONAR Protection monitors for suspicious program activity on your computer. ____________________________ svchost.exe Threat name: SONAR.SuspPE!gen8 Locate Many Users Millions of users in the Norton Community have used this file. Mature This file was released 3 months ago. High This file risk is high. ____________________________ Source: External Media ____________________________ File Thumbprint - SHA: Not available File Thumbprint - MD5: Not available
Kudos0

Re: Has Norton Security blocked my svchost.exe?

I have been hit by this as well.  I got the alert while playing Forge of Empires online using Chrome.

Filename: svchost.exe
Threat name: SONAR.SuspPE!gen8Full Path: c:\windows\system32\svchost.exe

____________________________

____________________________


On computers as of
12/9/2017 at 8:30:40 PM

Last Used
1/6/2018 at 10:11:01 AM

Startup Item
Yes

Launched
Yes

SONAR Protection monitors for suspicious program activity on your computer.


____________________________


svchost.exe Threat name: SONAR.SuspPE!gen8
Locate


Many Users
Millions of users in the Norton Community have used this file.

Mature
This file was released 3 months ago.

High
This file risk is high.


____________________________


Source: External Media


____________________________


File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Already reported to Norton. See this thread.   https://community.norton.com/en/forums/has-norton-security-blocked-my-sv...

Things happen. Export/Backup your Identity Safe data.
Kudos0

Re: Has Norton Security blocked my svchost.exe?

Hey greendio, check out this thread. Your not the only one & as of  05-Jan-2018 | 1:38PM Norton is aware of it so hopefully a solution is coming soon. From what I've read so far it may be a false positive though...

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Was just hit with it too, nothing was open though. Logged on, stepped away for a minute & when I came back saw the alert on the screen...

Kudos1 Stats

Re: Has Norton Security blocked my svchost.exe?

This happened to me two days ago on my windows 7 64 os, at the time I was doing nothing but running norton liveupdate. and it came up and gave me Sonar alart, I ran a full system scan, then superantispyware, and malwarebyles. Found nothing. checked out information on SONAR.SuspPE!gen8 on the web, it seems to be a plugin that gets installed in browsers I checked all three of them I am running found no clue of them on my system. only thing I did notice today is windows update service was not working anymore and needed to be restarted by turn the service off and then on. but even that now works back to normal. Not sure what Symantec did but I am starting to point my finger in there direction after this event. this is that time of year this kind of thing happens when people are away on holidays and code gets screwed up. food for thought.
Kudos1 Stats

Re: Has Norton Security blocked my svchost.exe?

SONAR.SuspPE!gen8  is a designation by Symantec/Norton for a malware detection. It is not the name of any plugin. See this information from Symantec on this detection.   https://www.symantec.com/security_response/writeup.jsp?docid=2017-081407...

Things happen. Export/Backup your Identity Safe data.
Kudos1 Stats

Re: Has Norton Security blocked my svchost.exe?

SONAR.SuspPE!gen8 is the name of a Trojan virus and the details of it can be found here. https://www.pcmalwaresecurity.com/trojan/eliminate-sonar-susppegen8-virus/ or as it's called by other company's W32.Emotet.B it gets installed by other programs and infects your system and installs strange plugins that work to redirect your browser. But you don't need to goto that site or worry as mr peterweb said it's most likely a false positive
Kudos1 Stats

Re: Has Norton Security blocked my svchost.exe?

If you did actually have an infection, Norton has dealt with it and you do not need to do anything to remove it or run scans with another piece of software. If you look at your Norton History in Resolved Security Risks you will see no action required.



And this still may be a false positive.

Things happen. Export/Backup your Identity Safe data.
Kudos0

Re: Has Norton Security blocked my svchost.exe?

I didn't say it wasn't a false positive, but was clearly showing that if it was a real threat, like you pointed out there would be a lot more happening in the background. like norton not working.
Kudos0

Re: Has Norton Security blocked my svchost.exe?

I think it's not false positive. 3 secs after SONAR block there is norton statistical submission "application name google/update/googleupdate.exe Offending URL (a lot of text) chrome_updater.exe?cms_redirect=yes (more text)

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Same here.... I was running avast pro for a couple of years and had no issues... From the moment I downloaded the 3 device $68.99 program my computer has slowed out of site and I also got this Sonar thingo a couple of days ago... iphone and ipad seems to be working ok but my lappy needs rebooting every hour due to very slow data entry and times that it seems Norton needs to catch up , sometimes a few minutes?... I am a very basic user, facebook, Emails , small search stuff , use about 25 gb a month, I am wondering if I have gone the right way with the Norton purchase?

Kudos0

Re: Has Norton Security blocked my svchost.exe?

greendio:

I think it's not false positive. 3 secs after SONAR block there is norton statistical submission "application name google/update/googleupdate.exe Offending URL (a lot of text) chrome_updater.exe?cms_redirect=yes (more text)

I have the same notation about the googleupdate.exe in my Norton History. 

Things happen. Export/Backup your Identity Safe data.
Kudos0

Re: Has Norton Security blocked my svchost.exe?

Filename: svchost.exe
Threat name: SONAR.SuspPE!gen8Full Path: c:\windows\system32\svchost.exe

____________________________

____________________________


On computers as of 
14/07/2009 at 9:01:13 AM

Last Used 
7/01/2018 at 7:24:14 PM

Startup Item 
Yes

Launched 
Yes

SONAR Protection monitors for suspicious program activity on your computer.


____________________________


svchost.exe Threat name: SONAR.SuspPE!gen8
Locate


Many Users
Millions of users in the Norton Community have used this file.

Mature
This file was released 8 years 5 months ago.

High
This file risk is high.


____________________________


Source: External Media


____________________________


File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available
 

Kudos0

Re: Has Norton Security blocked my svchost.exe?

Don't have this detection. May be someone exploits Maltdown and Spectre? :D

Kudos0

Re: Has Norton Security blocked my svchost.exe?

2 days and still clue what happened. My norton subscription ends soon and I'm not sure it's safe to use my credit card on this pc

This thread is closed from further comment. Please visit the forum to start a new thread.