Several times daily I'm getting a "Virus Found" popup, I suppose that's the Idle time scan. It routinely finds several files that I want to keep. Some offer Exclude and some offer Ignore, and I am forced to choose them to save my files. This is a lot of clicking every day and it's very bothersome.
Finally I went to find the exclusion list in Settings, and added their whole folder. This has no effect. What can I do to actually Exclude this folder from scans? The Exclusion list doesn't seem to do anything.
I'm running Norton 2009 on Vista Ultimate 64.
Thanks!
Karltron, did you add the files to scan exclusions and also to auto protect exclusions. The entries are on the same window, but must be added to both fields.
It may not be the Idle Time scan that is finding these files. It could be Auto-Protect alerting you when the file is accessed. So if you are really, really, really sure that the files are not infected, you should exclude them in both the scan and Auto-Protect fields.
Can you check the Security History log and see what process is flagging these files? If it is AutoProtect or File Scanning you can add them to the Exclusions lists. If it is SONAR that is finding them, then when you restore the files from Quarantine, you have an option to exclude or ignore this file in future SONAR scans; this is the only way to add files to the SONAR exclusion list; you can not manually edit this list.
If the processes (other than SONAR) find these files to be of a "High Risk" type, then submit them to Symantec for review (you can do this directly from Quarantine or from here) and Symantec will adjust the virus definitions accordingly.
Thanks for the quick help, everyone.
About Auto-Protect vs Scan Exclusion, Yes I have added the folder to both lists. I did not know the difference between them, and it still doesn't make a lot of sense to me, so I was just going to keep them synced :) The only entry in either is "C:\Library\Utils"
That leaves open the SONAR thing, which again, I don't fully understand having a third type of scan with apparently its own exclusions (that are not manual editable?!). They are found to be LOW RISK, and I tried telling the settings page to simply always ignore low risk items, but that had no impact, so I flipped it back to 'Prompt'. I don't know what to do since I have been selecting 'ignore, ignore, ignore, Apply All, Okay' over and over again.
So the SONAR scanner has a different page than the one I hve been seeing?
I need to apologize for being so confused, I dont mean to waste anyone's time. Thanks again.
The only pages and setting for SONAR scaning is under Settings > Real Time Protection; you can turn SONAR on or off there. The only way to add anything to SONARS's exclusion list is when you restore a file it has placed in Quarantine.
What 2009 porduct and version are you running? The version should be available under Help & Support > About in the form of ##.##.##.### . (16.5.0.134 or similar; we don't need the other keys there)
Version Norton AV 2K9 is 16.7.2.10
The only way to add an item to SONAR's exclusion list is to restore something from Quarantine.... Some of my files have a "Fix" option, which I assume will chop them up somehow, and the others have a "Delete" option. Do these all go to Quarantine?
My History Shows some Idle Quick Scans that foudn zero threats and fewer Idle Full System Scan results that found maybe a cookie. Nothing in History->Scan Results back for over a week has any found threats.
Where am I supposed to find SONAR's history?
It will be in Resolved Security Risks. However, if you have some with Fix as the solution then this is not a Low Risk find nor SONAR.
Does anyone have another idea?
Tonight I've told Norton to Disable Auto Protect, and the icon went red like it does.
Ive had this problem pop up five times in the last two hours. The folder that holds these files is still in the Scan Exclusions list.
Is it just broken?
If I uninstall Norton, can I get my money back?
Hi Karltron,
You can check this Norton support page to see if there's anything we might be missing here. Do you have the option to include subfolders enabled for the folder you are trying to exclude (it's the default, I know, so I apologize but I gotta ask)?
Dont apologize, I thank you for trying to help me.
The link to instructions you gave is exactly what I have done. I double checked it now to make sure I didn't miss anything, and it looks like I haven't. The entry is in Scan Exclusions, and Auto-Protect Exclusions, just as the instructions say.
Is there another hidden option for this sort of thing? I'm going to take a screenshot of the popup next time I see it so that you know exactly what I'm talking about (since it sounds like Norton 2k9 has about fifteen different kinds of scanner).
Message Edited by Karltron on 08-28-2009 01:00 AM
Screenshots would be helpful. What threat is Norton detecting?
Attached is the window I get in Popup.jpg and the Scan Exclusion settings in Settings.jpg. (Your forum does not support attachments with file extension .jpg. That's silly, so now I have to rename these files. )
I don't know what else to do! I'd almost rather get viruses than have Norton tell me "THERE ARE THREATS THAT REQUIRE YOUR ATTENTION" in huge red print several times per day!
I guess they'd say to just delete these files, but they are tools I need to keep. I guess I could put them in encrypted zip files, but wouldn't it be nice if the scan exclusions window actually did something?
I apologize for getting argumentative, I just needed to vent a little.
Thanks for any support you can give.
Karltron,
Changing the file extension doesn't work. To post an image use the "green tree" icon located in the center of the toolbar in the post editor. It will take a while before your images are posted as they must be reviewed by the mods first, so be patient for a reply.
Message Edited by SendOfJive on 08-29-2009 01:10 PM
Hi Karltron,
I was able to view the screenshots in IE (I forgot that Firefox displays a .txt file as text but IE doesn't care). This is a compressed file which may be complicating things. If you have not done so, try excluding that particular .rar file rather than the whole containing folder and see if that makes a difference. If not, it may even be necessary to try exluding the offending .exe file that Norton shows inside the .rar file. It does appear to be a very specific file that is causing the alert, so it should be possible to isolate it from future scans and Auto-Protect detections. I get the impression that there may be other files you are concerned with. Are they also in the compressed file?
Is the only option available in the dropdown box to delete that file? I would continue to avoid deleting anything unless you have it backed up, as Norton makes the decision to quarantine or remove an item entirely based on the threat level it assigns to it. Better safe than sorry.
The Exclusions list only accepts folders, not individual files.
The other files I was worried about had an "Exclude" option on their 'threat reaction' page and then they successfully added themselves to a signature exclusions panel, and that one works. This is not a signature but instead a heuristic, so Norton doesnt know exactly what it is, only that it wont let me keep the files without popping up every &^%#$ day to tell me that they are still there. As you can see on the Popups.jpg, the first hit has the option to Fix, and the second has the option to Delete, the only other option in their respective dropdown boxes are "Ignore" which lasts a few minutes or hours.
I originally tried Norton's official Chat Support, but I got an Indian on a script, and he could not understand my sentence structure, let alone my problem. That's why I keep thanking you guys for trying to help.
Karltron wrote:
The Exclusions list only accepts folders, not individual files.
Norton should be able to exclude just the file in question. Open up the Scan and Auto-Protect exclusion lists, click "Add" and browse to C:\library\utils\iopus password recovery xp v4.02.rar.
Oh, I was wrong, it can take files. The box is labeled "Select a Directory" and is shaped like a folder chooser, so I got confused.
I've put one of the two items on that list, and we'll see if it does anything. I only added one, so I expect to see the other still pop up as verification that the one was successfully excluded.
This is working around the original problem, rather than fixing it, does Symantec have people reading the forums or should I submit a bug report?
Karltron wrote:
This is working around the original problem, rather than fixing it, does Symantec have people reading the forums or should I submit a bug report?
Symantec employees regularly read the forums. Normally NAV will not alert to a threat in a compressed file until it is extracted and I'm not sure a quick scan would be looking in there, either. Have you been able to determine if this is a Quick Scan detection or an Auto-Protect alert? The Norton HIstory logs should be of some help if you check the categories of Resolved Security Risks, Unresolved Security Risks and Scan Results
It's back! Adding the file directly to the exclusions list didn't change the behavior.
It was just an exe and I put it in a rar to try to hide the file from norton, but it is smarter than that and I guess looks inside of them.
I can't tell what kind of scan it is, it is coming up at random intervals and has no real information about the cause. At the bottom of the main popup is a link to "Security History" that gives a list of quarantined items, of which there are none. I can switch it to a list of "Full History" and it doesnt mention the virus, instead it says "Light Silent Mode turned off" a few minutes ago.