Allowing hacktools and programs detected as trojans or virus's

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

You can restore it from Norton Quarantine and Restore, and choose to ignore the risk in future.

no you can not restore and choose to ignore, you can restore but that’s it. i checked for that option which was in 2006 but not available in 2007.

Here is the link which will show you exactly how to do this  Exclude files fro NIS scan.

 

Let us know if this works for you.

 

 

Message Edited by johna on 07-11-2008 11:19 PM

no now you're telling it to exclude that from scanning when you run a virus scan. i have tried that and it ( why i posted here ) does not protect it from when system finds it. in 2006 and prior you could tell norton when it popped up that you wish to ignore it which in a sence allowed you to use it. people that use keyloggers would need to configure it that way.

 

in 2008 there is no such option unless you know it's string but, then you are leaving yourself open for the real thing should it ever be downloaded from a website. thanks for the help but i am into computer/software support. so i am very aware what norton does and does not do. i was hoping that there was an edit or something that could be done to over ride such settings. norton is great for noobs who don't what is what. for the users who need certain programs they have a choice of getting a new anti virus or turning it off to use certain programs but they cannot be stored on ones computer.

 

not happy with norton at this point it has deleted numerous tools that i use and there is no way to keep them restored. even excluding them from scans only prevents that folder or drive from being scanned when a virus scan is ran but does not over ride the auto protect setting.

 

the proper way for you to allow it would be to exempt it's string and as i said before then you are leaving yourself open should someone put something malicious on there site. there should have been an exclusion to pick programs you wished to exclude from auto protect. in that way it would not let a website install a virus. it would only allow that program anything outside from that program with the same string would be protected by auto protect.

 

thanks for the link it may come in handy for someone else.

 

thank you,

clyde

 

 

Message Edited by clyde on 07-11-2008 11:45 PM

>>there should have been an exclusion to pick programs you wished to exclude from auto protect>>

 

You can exclude programs and files from Auto Protect, as well as Manual Scans, using the method in the link I provided. It specifically says: Add an exclusion to Auto-Protect and the manual virus scan. I just tried it, and as an example, excluded my HP program file from both Auto Protect and Manual scans. This does leave the program unprotected, but the only other way you will be able to do it is to notify Norton of a false positive reading, and they will come up with a patch. Then you can leave the program open to scanning and always be protected.

 

I understand that you want the option to permanently exclude the false positive reading you are getting, but you can only take a note of the specific file or component of the program being falsely detected, then add it to the exclusion list, then it will be excluded from both Auto Protect and Manual Scans.

 

John A.

 

 

Message Edited by johna on 07-12-2008 12:30 AM

i use haclktools and other programs which contain virus strings so in a sence they are not false positives. they cannot be excluded without excluding the string then as i stated you are leaving yourself open for website/bogus software virus's. 

 

thanks again for the help.

Message Edited by clyde on 07-12-2008 12:34 AM

>>i use haclktools and other programs which contain virus strings so in a sence they are not false positives.>>

 

Well that makes it even easier,  just go ahead and include the "hacktools and other programs" individually in the exclusion list. If you are running programs containg virus strings, I don't know of any program that allows you to exclude a particular "virus string" from being picked up, only the particular file or program linked to the string.

 

Hope it works out for you.

 

Message Edited by johna on 07-12-2008 12:43 AM

i figured it out. you have to turn off the auto protect then add it two both sections of the exclusions as you stated. i was going to do that tomorrow but since you are up and answering i felt i should have atleast tried again.

 

it did the first time or two around still detect it but not being detecected now. we'll see how it goes as i only added 1 virus string and 1 hacktool i'll add the rest tomorrow. thanks.

 

thank you,

clyde.

Message Edited by clyde on 07-12-2008 12:49 AM

That's great to hear! I'm glad it all worked out.

 

John.

 

ps Don't forget to mark this as solved. Cheers.

 

 

 

Message Edited by johna on 07-12-2008 01:00 AM

yes i marked it solved. now lets hope it doesn't detect them when i auctually run them i have gotten 3 virus strings and 1 hacktool installed now. the hack strings you must use a command prompt to use them. so we'll see when i have time.

 

still alot of trouble to exclude something. now i wonder if that paticular string will be allowed access to my computer via a website or a malicious program other then the one i allowed.

 

norton should go back to the way it used to be and prior to quarenteeing it asked what you wanted to do with high risk items. i can understand if it's being ran from a website then yes just quarentee or block it. software or other exacutables that you know you downloaded and are safe should have the option to ignore/exclude from scans.

 

yes norton allows you to exclude strings but that's not really safe. "signature exclusions"

Message Edited by clyde on 07-12-2008 01:08 AM
Message Edited by clyde on 07-12-2008 01:08 AM

I can see your point, but I think the reason may be that some people didn't know how to respond when given the pop-up option, and allowed malicious things onto their computers.

 

About the signature exclusion thing, I think that only relates to low risk Spyware and Intrusion Prevention signatures.  Here is an example: Example 

 

Message Edited by johna on 07-12-2008 01:29 AM

yeah thats exactly the option i meant and i wont do that at all. just hope when and if i download something something similiar without me knowing it contains such similiararities norton doesn't think well he excluded another program so we'll ignore this as well.

on the hacktool i think norton has stripped it in someway. it was snadboy and it reveals text that is encrypted on your computer and i get nothing. i find it odd that a password recovery tool which was considered a threat is no longer a threat yet a program that was never a threat is now a threat.

 

i better get on to emailing them to add an exclusion for superscan (network port scanner) before they count that as a threat. 

<< yet a program that was never a threat is now a threat. >>

 

To the best of my knowledge "hacktool" which is in a couple of my downloaded bootable CD files has always been flagged by Norton, at least as long as I've had those image files and I've had to tell it to Ignore.

 

But I'm glad you have found the solution.

 

You might want to install NIS2008 which is a free update while your 2007 subscription is still in force since it is much lighter on the system.