Error install norton driver updater

Other Norton Products/Services
1

I installed Norton Drivers Update and during installation the Bitdefender program found a virus as per the attachment. Can anyone tell me why? err: The file C:\Program Files\Norton\Driver Updater\NortonDriverUpdSvc.exe has been infected with Gen:Suspicious.Cloud.1.@F2@au8Lw1
Issue abstract:

Detailed description:

Product & version number:

OS details:

What is the error message you are seeing?

If you have any supporting screenshots, please add them:

2

Was the detection reported by Bitdefender Advanced Threat Defense?

How to stop Advanced Threat Defense from blocking a trusted app
https://www.bitdefender.com/consumer/support/answer/2393/

Report a False Positive or False Negative detection to Bitdefender Labs
https://www.bitdefender.com/consumer/support/answer/29358/

How to exclude files and folders from Bitdefender Antivirus scan
https://www.bitdefender.com/consumer/support/answer/13427/

====================================

I’m not finding the attachment.

Driver Updaters are suspicious by what they do and how they do it.
Driver Updaters are often deemed PUP/PUA. Potentially Unwanted Program/Application.

Gen:Suspicious.Cloud sounds like a heuristic detection designed to generically detect malware.
Files reported as Gen:Suspicious.Cloud may not necessarily be malicious. Should you be uncertain as to whether a file is malicious or a false positive detection, you can submit the affected file to VirusTotal to be scanned with multiple antivirus engines.

A key function of a driver updater is to replace or update system drivers. From a security standpoint, this is a highly sensitive action. Bitdefender may flag the program for attempting to delete, overwrite, or replace existing driver files, especially those not supplied by the original hardware vendor or through official channels like Windows Update.

Caveat: I’m not running Bitdefender nor Norton Driver Updater

===============================================

When Bitdefender flags Norton Driver Updater, it is likely due to the application’s behavior and category rather than a specific malicious threat. This is a common occurrence with utility software from one security vendor being flagged by a competitor’s product.

Key reasons why Bitdefender may flag Norton Driver Updater:

  • Competing software: Bitdefender, a top-tier cybersecurity product, can detect and warn against software from competing security vendors, such as Norton, during installation. This is done to prevent conflicts and ensure the smooth operation of its own security suite.
  • Potentially Unwanted Application (PUA) or Riskware: Bitdefender may classify Norton Driver Updater as a “Potentially Unwanted Application” (PUA) or “Riskware”.
    • This is not a verdict of a specific virus but rather a warning that the program could be annoying, aggressive in its promotions, or perform actions (like modifying system drivers) that require special caution.
    • Many antivirus programs flag third-party driver updaters this way, especially when they are sold separately or through aggressive “upselling” tactics.
  • System integrity concerns: In the past, third-party driver update tools have been known to cause system issues like crashes, blue screens of death (BSODs), and malfunctioning hardware. Bitdefender’s detection is a cautious approach to prevent these potential problems and maintain system stability. Many experts advise against using these tools in favor of relying on updates directly from the hardware manufacturer or Windows Update.
  • “Scare tactics” and aggressive marketing: Critics accuse Norton of using “scare tactics” by frequently generating pop-up notifications claiming that drivers are outdated or vulnerable to encourage users to purchase the driver updater. While not technically malware, this behavior can be flagged by a competitor’s software as a potentially unwanted behavior.

What to do if Bitdefender flags Norton Driver Updater

  • Ignore the warning: If you trust the Norton product and want to continue using it, you can create an exception in Bitdefender for Norton Driver Updater.
  • Uninstall the driver updater: If you are unsure, the safest course is to uninstall the Norton Driver Updater and rely on your operating system’s built-in tools. For Windows users, the Device Manager and Windows Update are the safest ways to manage driver updates.
  • Use manufacturer drivers: If you need to update a specific driver, download it directly from your hardware manufacturer’s official website (e.g., NVIDIA, AMD, HP).

---------------------------

Bitdefender can flag Norton Driver Updater with different detection names, typically categorized as a Potentially Unwanted Application (PUA) or as Riskware. The exact name can vary depending on the specific version of the software, the Bitdefender engine’s detection rules, and the behavior observed on the system.

Common detection triggers for driver updater programs include:

  • Competing software detection: Antivirus programs like Bitdefender are designed to alert users when another security-related program, especially a competitor’s, is being installed. This is meant to prevent software conflicts and performance issues.
  • System changes: Driver updaters make deep system modifications, including alterations to drivers, which are crucial system files. Bitdefender’s threat detection engines are highly sensitive to these types of changes, as they can also be exploited by malicious software.
  • Behavioral analysis: Bitdefender’s behavioral analysis, called Advanced Threat Control (ATC), can flag the driver updater for performing actions that are characteristic of unwanted software.
  • Misleading or aggressive marketing: Many third-party driver updaters, including some from major vendors, are known for using “scare tactics” to pressure users into a purchase. They may display exaggerated or false warnings about outdated drivers to convince users to buy the full version. Bitdefender’s detection is likely influenced by this aggressive marketing style.

Example detection names

While the specific detection name can change, it often falls under a general category. Some likely examples of what you might see include:

  • Gen: A generic detection category used for threats or risks that don’t match a specific signature.
  • PUA: Potentially Unwanted Application. This is a common label for software that isn’t outright malware but is deemed undesirable due to its behavior, such as using misleading tactics, consuming resources, or bundling other unwanted programs.
  • Riskware: This classification is for software that, while not explicitly malicious, poses a potential risk to the system. This is a very fitting category for third-party driver updaters, which are notorious for causing system instability if they install the wrong or incompatible drivers.

How to resolve the issue

If you encounter this detection, you have two options:

  1. Trust Norton and create an exception: If you want to continue using Norton Driver Updater, you can add it to Bitdefender’s exclusion list. This will tell Bitdefender to ignore the program and its activities.
  2. Rely on safer alternatives: If you are unsure, consider uninstalling the Norton Driver Updater and using safer, built-in alternatives for driver management. For example, use the Windows Update feature or download drivers directly from your hardware manufacturer’s website.

---------------------

Bitdefender’s Advanced Threat Control (ATC) is a behavioral analysis engine that monitors the actions of running applications and processes in real-time. It identifies threats not by looking for known signatures, but by scoring the individual actions a process takes. Norton Driver Updater can trip this engine by performing a combination of actions that, while not malicious on their own, collectively look like a threat to system integrity.

Here are specific ways Norton Driver Updater’s behavior could trigger a flag from Bitdefender’s ATC:

  1. In-depth system interrogation
  • To check for outdated drivers, Norton’s tool scans a computer’s hardware and compares the versions against its own database.
  • From a behavioral perspective, Bitdefender’s ATC sees a process methodically and extensively querying system hardware, reading driver version numbers, and checking for specific hardware IDs. This behavior, particularly when combined with others, can be flagged as anomalous.
  1. Deep registry and driver-level access
  • Driver updaters need elevated privileges to interact with core system files. Bitdefender’s ATC is designed to monitor and safeguard critical registry keys and system folders from unauthorized changes.
  • When Norton Driver Updater accesses and modifies registry keys associated with drivers, the ATC assigns a higher “danger score” to that process. While a legitimate process can do this, an overly aggressive or buggy process doing so can trigger a detection threshold.
  1. Installing alternative drivers
  • Norton Driver Updater has a feature to install “alternative drivers” if a manufacturer has not released an update for an extended period.
  • Installing an alternative driver is an action that Bitdefender’s ATC is trained to flag. An unknown entity taking control of system-critical driver installation is a major indicator of potential risk. In a sandbox environment, such an action would immediately be classified as malicious.
  1. Competing product actions
  • The mere presence of a competing security or utility program can be a flag for some antivirus software. While not a classic malicious behavior, Bitdefender may be configured to raise a flag on software from a competing vendor to prevent conflicts.
  • Norton Driver Updater’s aggressive upselling and notification behavior, which critics have compared to “scare tactics,” adds to its risk score in a behavioral-based system. Pop-ups that aggressively push for purchases are a common trait of potentially unwanted programs (PUPs).
  1. Potential for system instability
  • Third-party driver updates have a historical reputation for introducing bugs, crashes (including the dreaded “blue screen of death”), and other system instability issues.
  • Bitdefender’s ATC, informed by this context, is configured to view the installation of drivers from third-party sources as a high-risk activity that could destabilize the system. This is a key reason many cybersecurity experts advise against using third-party driver tools.

By observing this collection of high-risk actions—including extensive system scanning, deep-level driver modifications, and installation of non-manufacturer-approved software—Bitdefender’s Advanced Threat Control can determine that Norton Driver Updater’s overall behavior crosses the threshold for a Potentially Unwanted Application (PUA) or Riskware.

------------------------------------------

Here are specific examples of how Norton Driver Updater’s system scanning could trigger Bitdefender’s Advanced Threat Control (ATC). Bitdefender’s ATC is a behavioral engine that assigns a “danger score” to running processes based on their actions. It focuses on the cumulative behavior of a program rather than a single malicious signature.

Aggressive and deep system queries

  • Enumerating hardware and drivers: A legitimate program may query system information, but a potentially unwanted application (PUA) like a driver updater might perform an unusually thorough and deep interrogation of hardware IDs and installed driver versions. Bitdefender ATC could flag this behavior if it is excessively frequent or done with high privileges, as similar actions are performed by malware looking for system weaknesses or specific targets.
  • Reading kernel memory: To check driver integrity, Norton Driver Updater might access and read data from kernel-level memory locations. Because the kernel is a highly privileged part of the operating system, Bitdefender is programmed to scrutinize any process that operates at this level. While Norton’s software may be doing this for a valid reason, ATC could assign a high risk score to the action, potentially causing a detection.

Unauthorized or suspicious registry actions

  • Scanning system-critical registry keys: Norton Driver Updater needs to access core registry keys associated with driver configurations to do its job. Bitdefender’s ATC specifically protects critical registry keys, such as those that handle the Security Account Manager (SAM). If Norton’s scanner accesses or attempts to modify these system-critical registry keys, the ATC may view this as an attempt at privilege escalation or a threat to the system’s security.
  • Monitoring changes to registry keys: Like a malware analysis tool, Norton’s updater must take “snapshots” of your registry’s state to detect changes. This behavior—taking and comparing registry snapshots—can be interpreted as suspicious by ATC because malware uses the exact same techniques to maintain persistence or to monitor system changes.

Potential for system instability

  • Conflicting driver information: Driver updaters, including Norton’s, operate by comparing system drivers to their own database. This database can sometimes contain drivers that are incompatible with a user’s system, leading to issues like Blue Screens of Death (BSODs). Because Bitdefender’s ATC is designed to prevent system instability, it may raise a red flag when it recognizes that an application is preparing to install drivers from an unverified, third-party source rather than a manufacturer’s official download.
  • Misleading or aggressive behavior: The scanning process is often a component of an aggressive marketing strategy. Norton’s tool may declare numerous drivers “outdated” or “vulnerable” to scare users into a purchase, even if the drivers are functioning properly. This aggressive and deceptive behavior can be flagged by Bitdefender’s behavioral engine as characteristic of a PUA.

Competing software conflicts

  • Interference with security processes: In some cases, a competing product like Norton’s might interfere with Bitdefender’s core security processes, such as its real-time scanning or update mechanisms. Bitdefender’s ATC would recognize and alert the user to such attempts to modify or interfere with its processes, as this is a common tactic used by malicious software.

(source AI Mode)

=====================================

Microsoft strongly recommends against using third-party driver updaters due to the security risks and system instability they can cause. Microsoft provides secure, built-in methods through Windows Update and its certified drivers, and advises obtaining drivers directly from the original hardware manufacturer’s website.

Key risks of using third-party driver updaters

  • System instability and malfunctions. These programs often install drivers that are incompatible with your specific system hardware, even if the drivers are from the same manufacturer. Incompatibility is a frequent cause of system crashes, including the Blue Screen of Death (BSOD).
  • Malware and bloatware. Some third-party driver tools bundle malware, adware, or other unwanted programs with their driver installations. Less reputable sources are particularly dangerous, and some applications are simply scams designed to push you to purchase a “premium” version.
  • Fake or outdated drivers. Some third-party tools can provide a list of “outdated” drivers that are actually perfectly up-to-date according to Windows. They may also install outdated or unofficial versions that can introduce security vulnerabilities and other issues.
  • Security risks. Granting a third-party application deep system access to install drivers presents a supply chain security risk. A compromised third-party tool can be used to execute malicious code on your system.
  • Unnecessary updates. Often, drivers only need to be updated to fix a specific problem or enable a new feature. These tools often encourage constant, unnecessary updates, which creates more risk than it solves.

Microsoft-recommended methods for updating drivers

Instead of relying on third-party software, use the following methods to ensure your system’s stability and security.

  • Windows Update: Windows automatically downloads and installs most driver updates and can provide optional updates as well. These drivers have been certified as compatible and stable by both the hardware manufacturer and Microsoft.
  • Hardware manufacturer’s website: For specific updates, such as GPU drivers for improved gaming performance, it is best to download them directly from the manufacturer’s official support website (e.g., Nvidia, AMD, Dell, or HP).
  • Pre-installed manufacturer tools: Many computer manufacturers, like Dell and HP, include their own driver update utilities that are customized for the hardware in their specific PCs.

(source AI Mode)

3

Hello @Sergio_Vaccher