Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
When things are Sent via Community Watch, most-of-the-time it will be nothing to worry about if your Full System Scans are coming up clean, you run LiveUpdate every-few-hours and your computer runs smoothly.
However, if you are worried, I would suggest running LiveUpdate and then doing a Full System Scan in Normal Mode and Safe Mode. I would also use symantec's Online Scan, Security Check (http://security.symantec.com/sscv6/default.asp?productid=ssr&langid=ie&venid=sym).
Hi Eshortt,
Regarding ctfmon.exe, this was most likely a "false positive" detection by the NIS Crimeware Protection feature, and nothing to worry about. Crimeware Protection works by detecting programs that may be screen capture and/or key loggers by detecting their behaviors, and blocks those behaviors. Capturing keystrokes and taking screenshots are often done by legitimate, non-malicious programs too, so this feature will occasionally detect and block legitimate programs.
Ctfmon.exe is a Microsoft program and is part of Windows; it is a text input processor and has been seen to generate false positive detections by our product because it intercepts keystrokes. It is not malicious. The Crimeware Protection engine and data files have been updated in the past to eliminate many false positives, so I recommend that you first run LiveUpdate to download and install the latest updates.
Next, open the main NIS UI, go to the "Reports & Statistics" category, and click "View Transaction Protection":
You will see the Blocked Programs list. This shows programs that Crimeware Protection has detected and blocked. If ctfmon.exe is not listed here, then you probably received an update that corrected the false positive detection, and it will have been removed from the list. If you still see it listed here, it should be safe to change the setting to allow it. Select the entry for ctfmon.exe in the list and click the Allow/Block button so that the Status text changes from "Blocked" to "Allowed".
Hope this helps.
jlatino0 wrote:Hi Eshortt,
Regarding ctfmon.exe, this was most likely a "false positive" detection by the NIS Crimeware Protection feature, and nothing to worry about. Crimeware Protection works by detecting programs that may be screen capture and/or key loggers by detecting their behaviors, and blocks those behaviors. Capturing keystrokes and taking screenshots are often done by legitimate, non-malicious programs too, so this feature will occasionally detect and block legitimate programs.
Ctfmon.exe is a Microsoft program and is part of Windows; it is a text input processor and has been seen to generate false positive detections by our product because it intercepts keystrokes. It is not malicious. The Crimeware Protection engine and data files have been updated in the past to eliminate many false positives, so I recommend that you first run LiveUpdate to download and install the latest updates.
Next, open the main NIS UI, go to the "Reports & Statistics" category, and click "View Transaction Protection":
You will see the Blocked Programs list. This shows programs that Crimeware Protection has detected and blocked. If ctfmon.exe is not listed here, then you probably received an update that corrected the false positive detection, and it will have been removed from the list. If you still see it listed here, it should be safe to change the setting to allow it. Select the entry for ctfmon.exe in the list and click the Allow/Block button so that the Status text changes from "Blocked" to "Allowed".
Hope this helps.
You mention Updates were Released to address issues with Crimeware Protection. I have never seen the Component "Crimeware Protection" being Updated via LiveUpdate in the 11months I have had N.I.S. 2008. Could you provide details, if possible.
Hi Floating_Red,
Some of these updates are delivered as "Symantec Shared Components" and "Symantec Trusted Application List" by LiveUpdate.
jlatino0 wrote:Hi Floating_Red,
Some of these updates are delivered as "Symantec Shared Components" and "Symantec Trusted Application List" by LiveUpdate.
Hi jlatino,
Then what exactly does the "Crimeware" Component in LiveUpdate Update? What is that point of have a "Crimeware" thing in LiveUpdate when it has never got an Update?
Monday, August 11, 2008
The "Crimeware" update registration was allocated in case other parts of the crimeware protection feature would need to be updated. The portion of the feature that is encompassed by the "Symantec Shared Components" name is a detection driver and a user mode component that works with it. The "Symantec Trusted Application List" refers to data files that are used by multiple components, not just Crimeware Protection. The "Crimeware" label is used for updates to the "feature"- parts of NIS that tie both of the aforementioned compoents together into a cohesive feature, such as components that switch the detection driver into different modes in response to the state of the overall system, receive notification from the driver and write entries to the Blocked Programs list, and call the Community Watch submission engine to tell it about suspicious programs to be submitted.
I have ran update this morning, its still listed as being blocked. Last night I logged off of the administrator account after doing liveupdate and a full scan(nothing came up but a tracking cookie), and when I logged onto my user account I had a cpu usage problem. I think if I log off the admin account and back onto my user account it will again cause high cpu usage. But everything is fine while I am on the admin account, and I can type japanese hiragana/katakana fine with the admin acct. Will update my results but nothing out of the ordinary on my full scans(everyday/everyother day) and live update.
*Minor Update/info*
I could not reproduce the high cpu usage, but I can reproduce the problem with not being able to type japanese hiragana/katakana when norton blocks the process. I have the most current updates, atleast for the Japanese version of Norten Internet Security 2008. The problem was flagged just yesterday with ctfmon or thats when I noticed it. This must be causing havoc on Japanese region Microsoft Windows XP systems.
So all the relevant information is:
Japanese region/version of Microsoft Windows XP, home edition Service Pack 3.
Japanese region/version of Norton Internet Security 2008.
I do have Microsoft Office installed, it says version 2003.