Hello, I recently encountered a legitimate program that creates a temporary executable with a different name in the form "Application-[random number * 4]" each time it is run, and subsequently uses this temporary executable to connect to the internet.
The problem is that because the temporary executable changes every time I run the program Norton does not remember my option to "Allow Always", and I am prompted each time regardless.
Is there an option to allow programs by md5 instead of name + location? Or alternatively use wildcards so i can allow "Application-****" always?
Hello, I recently encountered a legitimate program that creates a temporary executable with a different name in the form "Application-[random number * 4]" each time it is run, and subsequently uses this temporary executable to connect to the internet.
The problem is that because the temporary executable changes every time I run the program Norton does not remember my option to "Allow Always", and I am prompted each time regardless.
Is there an option to allow programs by md5 instead of name + location? Or alternatively use wildcards so i can allow "Application-****" always?
I agree that the method being used isn't great, but if you don't believe that I'm referring to a legitimate application then I'll elaborate...
The program in question in the Blizzard launcher for World of Warcraft; this new behaviour started since the last update and the Blizzard support have yet to respond about it, although others have posted about the issue on the world of warcraft forums so I confidant that it's not an infection in my file. Until this is brought to their attention and hopefully changed I would be greatful of a solution that will remove the Norton prompt every time I lauch the program.
I didn't mention that it was the Blizzard launcher to begin with as I didn't want to be dismissed to Blizzard support.
Thank you for the suggestion but unfortunately it had no effect.
The firewall component of Norton continues to ask to allow / deny the launcher each time it is run. It is also being created in the Temp directory, not the world of warcraft directory. I can't use the program control to allow it because it has a different path each time it is run.
I tried using a * in the exclusions list but it apparently does not support wild cards.
Here are some screenshots of the Issue... Oh and Norton is now miss-identifying the launcher as a different program as you can see , even though the file is digitally signed by Blizzard and named correctly.
Please respond if there is any way around the constant allowing of every new file created, clicking allow every time is annoying :P
[edit:improved thread formating, 1 graphic resized, extra line breaks added between to accomodate some browser issues.]
It looks like you are using NIS 2007. Since you are also receiving firewall alerts, I assume you have selected "Ask me what to do" in the Personal Firewall->General Settings tab. If you select "Automatically decide what to do", then you should not receive these alerts and NIS will automatically use its heuristics to decide whether to allow the application.
FYI, the firewall uses a combination of both the file path/name AND a hashing scheme -- which is more secure than having just one. If either of those change, you will receive an alert.
You are correct that I have enabled the "Ask me what to do" option and disabling this does solve my problem, however I like to know which programs are asking for internet access in general, because I do not always agree with Norton's recommended setting.
It is good to know that NIS uses hashing aswell as file name e.t.c. but if it is already in use, why can we not create advanced rules within the "program control" area that rely on one or the other? At the moment the only way to choose which program I want to allow / deny is with a file selection dialogue.
The real issue here is that if I want to keep the "Ask me what to do" option then the "Allow always" selection from the firewall alert will only allow it once, not always; this is why I would be grateful for more advanced program control features.
I appreciate your help on this issue and I appologise if my previous post was a little impolite.
It is an interesting case that Blizzard decided to generate different named EXEs to update. I am curious to see if each EXE is actually the same file (ie: same hash) or not. It could be that they embed different information into the file so it will hash differently each time.
In any case, it is not possible to create a "hash-only" rule. If you already know which EXEs you want blocked, you can manually create a block rule for it. Then you should be able to leave the firewall in automatic mode. If you do not agree with a firewall's decision, you can always re-block it in program control again.
While it doesn't completely address your scenario, that is probably the best I can suggest.
