Hi ,
I recently noticed $av_nll folder with vault.db file in it created within my system and i tried removing it as i thought of it as virus later but couldn’t . Later when i tried to delete vault.db file it shown me that file is being used by norton .
Just wanted to understand if norton recently changed something which resulted to additional folder/files and what the purpose of the folder.
Hello. I do not see that folder in any of my Windows 10 or 11 devices. Please help us with the following answers:
What is your Norton product and its version?
What is your OS, its version and build?
SA
FWIW! This may answer your question about the folder. It appears to be quarantine related, the article specified Avast. Norton owns Avast and I have found Avast folder in drive C: before too. May be related.
SA
Just found the same $AV_NLL folder on my system and also am concerned about it’s origin. SoulAsylum’s response is helpful but not complete as the Microsoft reference is to a slightly different folder name. Soul could be correct, but I’d sure like to hear from someone in Norton to confirm that this is their file!
@SteveM_Humphrey All my subscriptions have expired and I am in the process of reverting all devices back to version 22.24.8.36 which was the version prior to 24.xx . On the two I have completed, I do not see that directory on either device. FWIW!! I have NOT setup backup on either of these devices to that may be where this directory comes into play. When I get one device done I will check for that and report here accordingly. More concerning is that I am trying to unfuggle an ugly account mess that somehow got created when the 24.xx push took place. NEW subs and product keys. I will know something to report soon hopefully.
SA
Update: I setup and ran an initial backup on my daily duster with version 22.24.8.36 installed. The $AV_NLL folder was not created on drive C:\ nor Drive D:\ where the backup was created.
SA
FWIW!! I do not have Norton Life Lock installed or being monitored. Wondering since last first part of the directory is NLL I think that may be the reason this is on some installs and not others. Feedback please.
SA
I have found the same directory and file on my system - on both my C-drive and D-drive. Both were created on 01 Dec 2024, the C-drive created @ 10:42:06 and the D-Drive created @ 10:55:18. A binary compare of the files indicate that the vault.db file are not identical. I would estimate that 80-90% of the file is common. So presumably the difference relate to the different drives.
Digging around Microsoft documentation I found the below AI generated information to share:
In Windows 10, a “$” symbol displayed next to a folder name typically indicates that the folder is a “junction point” - a symbolic link that points to another location on your hard drive, essentially creating an alias for a different folder.
Key points about junction points and the “$” symbol:
When you access a folder with a “$” symbol, you are actually accessing the files located in the target folder that the junction point is linked to.
Most often, system administrators create junction points for system management purposes, and the “$” symbol helps identify them as potentially sensitive or system-related folders.
While not a standard feature for regular users, you might occasionally encounter a folder with a “$” symbol in your personal file system, especially if you’ve manually created a junction point or if a third-party application has done so.
Can anyone select the folder then right click, open properties, see if it will show the path to the actual location of the parent directory?
SA
Hello @SoulAsylum
W10 Home 22H2
24.11.9615 (build 24.11.9615.891)
Note: fwiw ~
I’m not finding $AV_NLL on my W11 Home 23H2 (never had v22)
24.11.9615 (build 24.11.9615.891)
@bjm Thanks for the screenshots. Narrowing this down we indeed are. I didn’t have this on either Windows 10 or 11, with version 22.24.8.36 nor the 24.xx before reverting back. In your screenshot there is an additional directory named $AV_ASW which I haven’t seen and don’t remember that being reported as well. If it has someone please refresh our collective memory. That directory is a quarantine folder related to of all things, Avast. It is there due to the way Norton coded their installer. DO NOT delete it. Please read this MS article:
The directory initially posted was $AV_NLL, so if we put two and two together this too appears to be a “pointer” directory that was created with either the initial installation of Norton or, during one of the update processes since the initial 24.xx release. So there I believe we have it, that these directories are placed on some systems and are a part of Avast technology that was utilize for a common installer. Feedback please!!
SA
Hello @Ajaypal_Yadav , @SoulAsylum , @Dolphund , @SteveM_Humphrey
before first Quarantine event on machine
after first Quarantine event on machine
On one of my v24 machines my quarantine has about 20 entries ranging in date from recent back to 2018. I used notepad to look at the contents of the vault.db file in C:$AV_NLL$VAULT. There are about four full-screen pages, and to me it looks entirely like Asian-language symbols (e.g. Chinese, Korean, Japanese).
If you are using Norton, then you need to go to its settings interface “Setting”-“General”, turn off the “Product Tamper Protection” function, and then you can manually delete the folder. <<<<<<< <<<<<<<<< This is how you fix it, easy and simple and took me 1 minute.
FWIW!! DO NOT delete that directory, unless, you are sure the files that are quarantined are files you do not want to recover.
SA
