A recent scan revealed both a threat of high importance (a perceived virus in a safe file) and a threat of low importance (a tracking cookie). The only option with the former is 'remove', but the latter has 3 options, inlcluding exclude and ignore.
How can I ignore or exclude the perceived virus? Is there a whitelist?
Even more odd, if I dismiss the dialogue asking me how I'd like to proceed immediately following the scan, this threat list (both aforementioned threats) presents itself in the history section as 'Unresolved Security Risks' but cannot directly be dealt with. In this 'history' module there are no buttons to enact the recommended actions. That is, there doesn't seem to be a way to quarantine or fix those risks without either A.) a rescan of those threats and fixing the threats in the dialogue following the scan, or B.) browsing to the files containing the threats manually and deleting them. Am I missing something?
FWIW, I use NIS2009.7 with Win7, but I suspect my question would apply to any version of NIS2009.
OK thanks. I do see now how one can restore quarantined threats. The option to do so is available only when logged on as an admin.
Let's just say here that I HATE how this is implemented. If the developers do not want to give the limited user the ability to elevate rights with an admin password prompt via the user interface, then PLEASE show the options as grayed out or as unavailable so that users who run their machines as limited users are shown where and how to do stuff that's integral to a functioning piece of software.
Now, if someone could tell me how to whitelist a threat after it has been restored, that would be great. When I scanned a restored item, Norton recognized it as a threat once again. Is this the intended behavior associated with NIS2009 running on XP and Vista?
A recent scan revealed both a threat of high importance (a perceived virus in a safe file) and a threat of low importance (a tracking cookie). The only option with the former is 'remove', but the latter has 3 options, inlcluding exclude and ignore.
How can I ignore or exclude the perceived virus? Is there a whitelist?
Even more odd, if I dismiss the dialogue asking me how I'd like to proceed immediately following the scan, this threat list (both aforementioned threats) presents itself in the history section as 'Unresolved Security Risks' but cannot directly be dealt with. In this 'history' module there are no buttons to enact the recommended actions. That is, there doesn't seem to be a way to quarantine or fix those risks without either A.) a rescan of those threats and fixing the threats in the dialogue following the scan, or B.) browsing to the files containing the threats manually and deleting them. Am I missing something?
FWIW, I use NIS2009.7 with Win7, but I suspect my question would apply to any version of NIS2009.
I looked through my resolved security risks history in norton and picked a random tracking cookie that had been resolved. I clicked on help to see if there was a way to set a security risk a trusted or to simply keep norton from notifying me about it and the help section explains several methods of doing this based on what you are trying to white list. The list of different courses of action to take is kind of long so I'll just give you the jist of it.
TRUST - Allows a program to freely work on the computer and its network.
ALLOW - Allows a program to freely access the internet.
STOP NOTIFYING ME - Keeps norton from notifying you when it blocks a certain attack signature.
From the looks of things the way to white list a threat in the norton history varies greatly by the kind of threat it is. To see the full page in norton help that I am talking about open norton, click on help, and search for "about the advanced details window."
Sorry if I haven't explained it in enough detail but it is somewhat difficult to understand in norton help. There are too many different courses of action possible and they all apply to different types of security threats.
Thanks, those options you mention apply only to firewall warnings. Specifically, I’m interested in simply restoring files that have been quarantined that I have deemed safe. There is an option for that. However, there is no option to ‘restore AND ignore’. I think it’s odd that the scanner cannot remember that the file has been restored and quarantines it once again if the scanner encounters it. It seems the only way to ignore the file is to manually add it to the list of exclusions.
01. In the "Unresolved Security Risks", is there an Option to Submit the File(s) to symantec Security Response? If not, please Submit them via this Web Link: https://submit.symantec.com/websubmit/retail.cgi. Please could you also P.M. me the File that Norton is Detecting as a Threat.
02. Add the File(s) to Exclusions: Open Norton 2009 Product > Computer Settings > Exclusions/Low Risks.
You're correct. There is no option to restore and ignore the files. Manually excluding the files from scan will be the immediate workaround.
However, there is another workaround that I would suggest. If you think Norton has quarantined a file that you think is genuine, or in other words a false positive, you can submit the file so that they can look into it. Here is the link to submit the files.
The next time the definitions are updated; Norton will run what is called as a Quarantine Scan. This will check for the files in the Quarantine folder against a list of known applications that are acknowledged by Symantec. This may be a time consuming process, but definitely will be a permanent solution.
If they don't acknolwedge the file as a False Positive; then I would not want to run the risk of having the file in my computer.
Let me know if this makes sense.
-MbR
Message Edited by mythbuster on 05-23-2009 06:14 AM
Yes, it does. Thanks. I still think it’s odd this software does not give you the ability to whitelist something when it encounters a suspect file. At least NIS could quarantine it, and present you with the option to whitelist it from within the quarantine list.