I neglected to mention that my false positive submissions were for executables...files with .exe extension.
I've no notion what Norton does with .html submission.
[...] and check out Malwarebytes and see if they pick up anything.
I think you'll enjoy and learn from Malwarebytes Malware Removal Help experience. I follow Malwarebytes Forums. Malwarebytes staff & experts seem ready to help all. Malwarebytes subscription is not needed. Malwarebytes staff & experts will gather & analyze logs and run custom scripts & tools. I feel you'll get best advice and you'll feel reassured. $0.02
One last question, it does look like the sample has been submitted now but how will I know what the results will be?
I imagine the theory is that a convicted file sent to jail (quarantine) and then later exonerated...would be released from jail. I've not...as I recall...seen that theory in practice.
When I've had a feeling (on my daily rider machine) that a convicted file was a false positive. I'll submit the file...wait 48 hours...restore the file to my desktop and check File Insight against the file. Sometimes, I'll restore and exclude (later clearing IDs excluded). Sometime, I'll restore and see what Norton does. Unfortunately, Norton submission process does not update status. for example: [here]
Note: I also have an old dust collector machine for testing. I also have Backup and Restore software.
I honestly don't know if the old one was a false positive or not (I wasn't sure how to find out if my sample got submitted and how to learn about the results) and I kind of freaked out and reformatted everything just in case. I'll try and see if following your directions can force the submission and check out Malwarebytes and see if they pick up anything. Thanks for all the help.
And I'm not entirely sure about the location that the file was in. It's a place where I've previously, a few years ago, had a threat detected and everything in there seems to be junk from an old Outlook email account. The threat that was found there a few years ago was email related to one I had received over 10 years ago and had never viewed on this PC. I've not viewed this one either and have no idea why I would have files like that saved to my PC.
Was threat from a few years ago...a false positive?
Sounding more like an old dormant file that Norton flagged...at this time...for whatever reason.
Maybe, Heuristic Protection = Aggressive.
Caveat: It's not my machine. So, you'd know best your machine.
Were my machine and I wanted reassurance.
I'd ask Malwarebytes Malware Removal Help Forums to check my machine.
Ok, just checked and it's still pending on the submission. I've been idle for well over 15 minutes solid though.
And I'm not entirely sure about the location that the file was in. It's a place where I've previously, a few years ago, had a threat detected and everything in there seems to be junk from an old Outlook email account. The threat that was found there a few years ago was email related to one I had received over 10 years ago and had never viewed on this PC. I've not viewed this one either and have no idea why I would have files like that saved to my PC.
Curious, had you called-viewed the \Attachments\Direct Debit Notice[20].html...before this detection?
Was the \Attachments\Direct Debit Notice[20].html in a mail folder/office program?
Osana:
It does but when I click it I'm told that it will submit during idle time. Unfortunately I don't exactly know what qualifies as idle time to Norton nor do I see a way to check if it's actually been uploaded yet. I have no idea why there isn't a "submit now" option...
Idle Time Out default is 10 minutes.
Background Tasks run at Idle Time.
Maybe, look in Security History > Norton Community Watch.
Norton Community Watch collects information about potential security risks from your computer and sends the information to NortonLifeLock for analysis. This helps Norton identify new threats and where they originated more efficiently and provide solutions to block them.
Norton Community Watch only collects information on running processes, visited URLs, or general system information from your computer when Norton detects a possible risk. It sends data for analysis during a LiveUpdate session or when a scan is run.
It does but when I click it I'm told that it will submit during idle time. Unfortunately I don't exactly know what qualifies as idle time to Norton nor do I see a way to check if it's actually been uploaded yet. I have no idea why there isn't a "submit now" option...
No, I don't need the file at all. I was actually running the heuristic detection on aggressive though. Is there no way to submit the sample without removing it from quarantine? Seems risky just in case it is malicious.
I ran Norton Power Eraser and did a rootkit scan right afterwards with nothing else showing up.
NPE does not detect malware (that is what Norton Security is for), it presents you with a list of files that could be malware. It is meant to be run when your Norton program does not detect anything malicious but you still suspect that something may be acting suspiciously on your PC. If there doesn't appear to be anything wrong, the results returned by NPE will almost always be safe files that belong to applications on your system. NPE doesn't tell you much about a file because it really doesn't know much about the files it presents - that's the whole point, if Norton knew whether the file was actually malicious or not you would not have to run NPE, as Norton Security would catch it if it was malicious and NPE would not flag it if it was a known good file. 2018'
Norton Power Eraser uses our most aggressive scanning technology to eliminate threats that traditional virus scanning doesn’t always detect, so you can get your PC back. Because Norton Power Eraser is an aggressive virus removal tool, it may mark a legitimate program for removal. However, you can always undo the results of a scan. It can also help detect and remove Potentially Unwanted Programs. For instructions on using Norton Power Eraser, see the tutorial.
The NPE is a very aggressive scanner that was designed to be used as a rescue tool in emergency situations when your operating system becomes unstable or you believe you have deeply embedded malware that cannot be detected by a standard antivirus / anti-malware scan. The NPE is prone to false positive detections and can sometimes remove important system files and registry entries [...] 2018'
One thing to keep in mind is that NPE does not positively detect known malware - that is the job of your regular Norton Security product. NPE instead looks for files that might warrant investigation if you suspect that you are infected and regular scans come up clean. NPE will flag many legitimate files, so never assume that what NPE finds is truly malicious. 2018'
The simple answer is NPE uses a heuristic reputation scale. Something that is very new, even with a Symantec signature, can be flagged as unknown. 2018'
Yes, I was running a full scan with detection level set to the highest rather than default. It says removed there but when I look into my Norton history it labels it as quarantined.
Do you need the file? Do you know the source of the file?
You can leave file in quarantine...for now.
only way I'd know re False Positive is to restore file from quarantine to desktop and then submit file to VirusTotal & Norton.
may be false positive...IDK
were you running Heuristic Protection = Aggressive?
Norton has been around for years providing cyber protection for devices like computers, smartphones and tablets. The subscriber base of Norton is worldwide. LifeLock has also been around for years providing identity theft protection in United States.
In the year 2017, Symantec (a parent company of Norton at that time) completed the acquisition of the LifeLock company.
In the year 2019, Symantec went apart from Norton to join Broadcom Inc.
At the same time, Norton and LifeLock became one company: NortonLifeLock Inc.
My understanding:
Symantec threat write-up pages hosted on symantec.com domain from the past were removed after the Broadcom's acquisition of Symantec enterprise business. There is no alternative content, at this time.
Since there are no threat write-up pages anymore, all the threat info pages have been redirected to the generic Security Center Emerging Threats page.
