Do you have "Remove infected compressed files" and "Compressed files scan" turned to on?" If they are off, Norton might only take the executables instead of the entire .rar.
Compressed files scan is ON
Remove infected compressed files is OFF
up
If you pull down the possible Actions (click on the arrow next to Delete in your image), what choices are offered? This isn't an area of the product that I'm particularly familiar with but I believe that once the detection has occurred, you'll be reminded that you have to take some action on it until you have. If Ignore is one of the choices, than ignoring may make the nag go away and setting the exclusions as you have already should prevent it from being detected again.
Ignore is not an option. The only option is to delete. I already set exclusions for the folder and the exact file but it still comes up.
What will happen if you let it delete the file and restore it from quarantine?
ThumperSD wrote:
Ignore is not an option. The only option is to delete. I already set exclusions for the folder and the exact file but it still comes up.
I think that it'll keep coming up until you actually perform an action. Since Delete is the only action listed, you may have to do that. Make a copy of the file in the same folder first, perform the delete action and then restore the copy.
reese_anschultz wrote:If you pull down the possible Actions (click on the arrow next to Delete in your image), what choices are offered? This isn't an area of the product that I'm particularly familiar with but I believe that once the detection has occurred, you'll be reminded that you have to take some action on it until you have. If Ignore is one of the choices, than ignoring may make the nag go away and setting the exclusions as you have already should prevent it from being detected again.
Hi ThumperSD,
If you recall this is the same thing I suggested that you try a while back in this thread.
However I never got a confirmation from you if you tried this or not.
Also, I just tested this process on a test file and told SONAR to delete the file. As I suspected it then puts the file in Quarantine. Afterwards you can restore the file as depicted below and exclude from future SONAR detection.
The earlier image you had attached appears to be from NIS 2010 whereas my image below is from NIS 2011. The process is similar and should result in the same thing. As mentioned before you can make a copy of the file somewhere to make sure.
Please let us know how it goes.
Best wishes.
Allen
reese_anschultz wrote:
ThumperSD wrote:Ignore is not an option. The only option is to delete. I already set exclusions for the folder and the exact file but it still comes up.
I think that it'll keep coming up until you actually perform an action. Since Delete is the only action listed, you may have to do that. Make a copy of the file in the same folder first, perform the delete action and then restore the copy.
Already tried that. Worked for a day then it started bugging me again.
Tywin7 wrote:What will happen if you let it delete the file and restore it from quarantine?
How do you restore it from quarantine? I can try that
AllenM wrote:
reese_anschultz wrote:If you pull down the possible Actions (click on the arrow next to Delete in your image), what choices are offered? This isn't an area of the product that I'm particularly familiar with but I believe that once the detection has occurred, you'll be reminded that you have to take some action on it until you have. If Ignore is one of the choices, than ignoring may make the nag go away and setting the exclusions as you have already should prevent it from being detected again.
Hi ThumperSD,
If you recall this is the same thing I suggested that you try a while back in this thread.
However I never got a confirmation from you if you tried this or not.
Also, I just tested this process on a test file and told SONAR to delete the file. As I suspected it then puts the file in Quarantine. Afterwards you can restore the file as depicted below and exclude from future SONAR detection.
The earlier image you had attached appears to be from NIS 2010 whereas my image below is from NIS 2011. The process is similar and should result in the same thing. As mentioned before you can make a copy of the file somewhere to make sure.
Please let us know how it goes.
Best wishes.
Allen
I'll try that next
ThumperSD wrote:
Tywin7 wrote:What will happen if you let it delete the file and restore it from quarantine?
How do you restore it from quarantine? I can try that
Hi ThumperSD,
I depicted that above. When you click Quarantine from the main NIS window you will see something near the upper right corner that says Options. Click on this and you should see a window allowing you to restore the file. Click that and on the next window you will see a checkbox to exclude from future actions.
The images will look similar to what I included above, however I believe you have NIS 2010 (I have NIS 2011) so it will look a bit different but the idea is the same.
Also check in Computer Settings that the file in question is included in the Exclusions for both scanning and auto-protect sections.
Another question. Does the filename in question change at different times or does it always remain the same?
Lastly you never did confirm which version of NIS you have from Help & Support > About. Can you please respond with this information?
Thanks
Allen
Hi Chris101,
You can turn off Download Intelligence in the Norton settings while you download and install DNSCrypt. Don't forget to re-enable the setting afterward.
Sorry for the trouble. Norton may have detected it as a suspcious file as a few users downloaded it intially. Later, the file has been trusted and marked as Safe by Norton.
Thanks,
HarryP
I have created a software installation wizard (an .exe file) that is the work of my own efforts. A link to the file is on my own Web site.
I went to Best Buy to test out the link to the file. The computer I performed the test on was running under Norton Antivirus.
The problem is that when I tried to download the file (an .exe file), the computer told me that the file was "unsafe" and then quarantined the file. This is hard for me to understand in that I had completely scanned all of the contents of the file beforehand using AVG Internet Security (which was fully up to date).
Furthermore, I went to a special site called "virustotal.com". With this site, you submit a file (such as an .exe file) to be scanned by nearly 50 anti-malware programs and the site reports the results.
As it would happen, ALL 50 anti-malware programs reported that the software installation wizard was SAFE.
Given the response from virustotal.com, why would an anti-malware program (such as Norton Antivirus) label a file (such as my software installation wizard) as "unsafe" when there is clearly nothing at all wrong with the file?
Could Best Buy, being open to the public, be configuring their computers to be more cautious concerning downloaded files than one would typically be on a private home PC?
On the other hand, is there any way by which Norton Antivirus can give the user a *CHOICE* as to whether or not he wants to download a file labeled as "unsafe"?
Or does the behavior of the version of Norton Antivirus being used at Best Buy not apply to all versions of Norton Antivirus?
Do other possibilities exist?
Any and all help would be appreciated.
Hi Jeff_F,
You don't say what detection Norton gave, but I am going to assume that it was a reputation-based detection. A new, unknown .exe from an unrecognized developer carries a significant statistical potential to be malicious. For that reason, Norton will block it until the file can be analyzed. If you intend to make the file available for general download, you may want to first whitelist it with Symantec.
https://submit.symantec.com/whitelist/
That it is possible to submit false positives to anti-malware companies (such as Symantec) I am aware of.
However, there are 50+ anti-malware companies out there.
Does this mean that I must submit the false positive, individually and one by one, to each and every one of these companies?
Without doubt, this would be a quite tedious process.
Is there any easy answer to this situation?
Jeff_F wrote:
That it is possible to submit false positives to anti-malware companies (such as Symantec) I am aware of.
However, there are 50+ anti-malware companies out there.
Does this mean that I must submit the false positive, individually and one by one, to each and every one of these companies?
Without doubt, this would be a quite tedious process.
Is there any easy answer to this situation?
Hi,
False positives can be submitted to Symantec here
https://submit.symantec.com/false_positive/
but I'm not aware of any central location where you can submit one to all of the vendors/ developers.
It's been my experience that when one is found it is not a unique experience and others find it as well and the real false positives are delt with by the companies as they see fit.
Stay well and surf safe
If your going to be making more, the best solution is getting a security cerificate and using it to sign your executable.
The ones that you have to pay for and they verify who you really are should work right away to get you past any Sonar detections. It may still be detected as a reputaion risk but it will just be a warning.
The free certificates are better than nothing but you will need to use them or a while before you stop having problems with reputation detection. Your certificate needs to build up reputation by going through the whitelist program a few times.
This isn't just Norton, you will find that other AV companies are doing the same thing.
For what it's worth, a couple years ago I was compiling some simple exe's to test sonar detections and the more I made them "look" legitamate the less they seemed to be detected.
Fill out all the exe properties that you see when you right click a file, company, file version, internal name, product name, product version, etc
Dave
Post deleted by user.