False positive

After I downloaded Steam app from official Steam website 5 times, but Norton detected threat 5 times yesterday.

Today, Norton blocked my internet.

I’m getting sick of ads popups even though I did changed Norton settings.

I’m going to rid of Norton after 13 years, how do I stop auto renewal?

Uploaded.

 

Sorry for the link, wasn't aware of that.

Recently I have downloaded a program called ATMA V (A Tenshi Mulling Application). For those familiar with Diablo 2, this program allows you to extract, store and import items between single-player characters.

 

The download consisted of only one file - atma_installer.exe (or something like that, zipped). Every time I attempt to launch it, or even to acces a folder with it, my NIS 2009 pops up a warning message, that Adware.DealHelper has been detected. When attempting to repair, NIS will say that its acces has been denied(cannot access file or something like that). But this may be caused by the fact that NIS deleted the file in the first time and did not remember that.

 

I am convinced this is totally harmless application I've been using for years. I found others complaining about that on the Internet with Kaspersky and NOD 32. 

 

Can somebody from Symantec confirm or deny this file is false positive?


Thanks

 

<<Edit: Post subject edited per the Participation Guidelines and Terms of Service. Please do not post links to potentially malicious files>>
Message Edited by TomV on 02-20-2009 02:07 AM

Hi Guido,

 

Welcome to Norton Community!

 

You can report suspected file based false positives by Norton Antivirus using this link here:

https://submit.symantec.com/false_positive/index.html

 

After you submit the details, Symantec will investigate the file and resolve the issue. Please ensure that you provide a URL for where this file can be obtained.

 

Yogesh

Hi Yogesh,

many thanks for the direct link to the false positive submission form.

 

Best regards,

Guido (FSL development team)

 


AllenM wrote:

HI ThumperSD,

 

What is your exact version of NIS from Help & Support > About. Also what is your OS and SP and is it 32 or 64 bit?

 

How are you sure the file is safe? It is one you yourself created or did you acquire it from somewhere else?

 

When you added this file to the exclusion, did you add it to both the scan and real-time sections?

 

I would also suggest that you attempt to get the vendor to submit the file to Symantec as a false positive. If the vendor can't or won't do it, then you can also submit it.

 

Files can be submitted to Symantec at the following link.

 

https://submit.symantec.com/false_positive/

 

Hope this helps.

 

Best wishes.

Allen


I know it is safe and that's all I have to say about that.

 

 

And yes I did add it to both scan and real-time... yet it is still popping up

I have a file on my computer that keeps showing up as a false positive. I went to Norton > Computer Settings > Scan exclusions and added the folder which contained the file yet it keeps popping up asking me to delete it.

 

How can I make Norton to stop notifying me about this file

Hi ThumperSD,

 

Can you confirm if this is being found by Sonar or File Insight? Do you see the file listed in Quarantine history? If so you can click on Options on the right hand side. Then click Restore this file and on the next screen it will have a checkbox for excluding the file from future scans.

 

If you have not allowed NIS to remove (quarantine) the file then you might want to give this a try so you can see if the above options will properly exclude the file from future action.

 

You might also want to try adding the specific file in both exclusion areas instead of just the directory level.

 

I also want to reiterate that submitting this file to Symantec is the only way to get this corrected. If Symantec agrees that the file is safe they will add it to their whitelist, etc.

 

Best wishes.

Allen

It is neither sonar or file insight I believe.

 

It says:

 

"Action required

 

NIS has detected threats that require your action"

Hi ThumperSD,

 

Does this occur when you attempt to run the program or at some other point? If it occurs when you attempt to run the program, chances are that it is Sonar.

 

What choices other than delete does the pop-up give you?

 

Please attach a screen shot of the message you get. To do this you can hit Alt + Print Screen when the window containing the warning message is active. Then bring up MS Paint application and hit Ctrl + V. Save to your desktop as a JPG image. Then you can attach to your reply by hitting the  symbol at the top of your reply editor.

 

Thanks very much.

Allen

Certain types of files will generally always be an issue.  Some tools used to repair machines, or gain access to them will still cause problems, as will illegal software.  Some of the tools used in the removal of malware cause the same problems.  You will know best which of these items might apply to your issue.  :smileywink:

Hi Delphinium,

 

Indeed! :smileywink:

 

Allen

 


ThumperSD wrote:

 


AllenM wrote:

HI ThumperSD,

 

What is your exact version of NIS from Help & Support > About. Also what is your OS and SP and is it 32 or 64 bit?

 

How are you sure the file is safe? It is one you yourself created or did you acquire it from somewhere else?

 

When you added this file to the exclusion, did you add it to both the scan and real-time sections?

 

I would also suggest that you attempt to get the vendor to submit the file to Symantec as a false positive. If the vendor can't or won't do it, then you can also submit it.

 

Files can be submitted to Symantec at the following link.

 

https://submit.symantec.com/false_positive/

 

Hope this helps.

 

Best wishes.

Allen


I know it is safe and that's all I have to say about that.

And yes I did add it to both scan and real-time... yet it is still popping up

What an odd response!  At this point, delete the "file", or remain at risk.  Sorry, but that's all I have to say about that.  Good luck ThumperSD!

 

 


AllenM wrote:

Hi ThumperSD,

 

Does this occur when you attempt to run the program or at some other point? If it occurs when you attempt to run the program, chances are that it is Sonar.

 

What choices other than delete does the pop-up give you?

 

Please attach a screen shot of the message you get. To do this you can hit Alt + Print Screen when the window containing the warning message is active. Then bring up MS Paint application and hit Ctrl + V. Save to your desktop as a JPG image. Then you can attach to your reply by hitting the  symbol at the top of your reply editor.

 

Thanks very much.

Allen


Not on the computer right now but this occurs when I am NOT attempting to run the program. There is no other option than delete.

 

There's got to be a way to stop norton from asking me this all the time

 

I had the same issue months ago but I forgot how I was able to stop norton from asking me over and over... delete or put up with it is not a fix

 

There has to be a better way so hopefully somebody here can tell me the answer

Hi ThumperSD,

 

I would still request that you attach a screen shot of what you see using the  symbol at the top of the reply editor.

 

The idea behind the delete was in hopes that it would then put it in quarantine where you could restore it and exclude it from future scans as part of the restoral from quarantine. You can always put a copy of the file somewhere else in case you are concerned about losing it altogether.

 

A screen shot would help out though.

 

Best wishes.

Allen

http://i68.photobucket.com/albums/i20/g0tVTEC/Capture-4.jpg

One question, what is the file detected as? Did it mention the virus name if you click on risks in compressed file.

 

One IMPORTANT QUESTION: Are you SURE the file is safe??? Many arrogant people can sometimes think that files they download are safe... or at least file downloaded from "reputable" sources,

searching redsn0w optimum on google comes up with one malware site and one site marked red by WOT:

 

http://www.google.co.uk/search?hl=en&rls=com.microsoft%3Aen-us%3AIE-SearchBox&q=redsn0w+optimum+rar&aq=f&aqi=&aql=&oq=&gs_rfai=

 

8400i905D5C0C3B3F0270

 


Tywin7 wrote:

One question, what is the file detected as? Did it mention the virus name if you click on risks in compressed file.

 

One IMPORTANT QUESTION: Are you SURE the file is safe??? Many arrogant people can sometimes think that files they download are safe... or at least file downloaded from "reputable" sources,


 

Yes I am sure it is safe. You guys just have to trust me as I am pretty computer savvy. TRUST ME!!

 

I just want to know how to make NIS stop asking me to delete the file... it's so darn annoying!!