I've already submitted most of this info via chat (case # ########) but they asked me to post it here as well.
I just started testing out Norton and, despite going into it with a bias (I have historically not liked Norton/Symantec), I mostly like it so far. However, there are some issues that have quickly become apparent:
1) It shows as only having one day on the trial despite having just installed it. Maybe it's due to the fact the account registration failed (with an unhelpful error) when I tried to make an account during installation. In any event, it's not going to give me much time to really test the product, which makes it less likely I'll end up selecting it.
2) I set up a scheduled scan and it still hadn't run roughly an hour after the time it was supposed to. There's also no way that I can see to schedule quick or custom scans.
3) When I manually ran a scan, it found several threats, automatically removing three of them. When I try to restore them, they all fail with error 1018 (and ironically, despite having a copy to clipboard function in so many other places, there wasn't one there to allow me to copy the error details). I don't know if it's because they're on a network drive, but that shouldn't matter. Any anti-malware product that irrevocably removes files is an absolute no-go for me. It's one of my main criteria, and Norton failed miserably.
4) Not an issue, but I would prefer the option to have the file name and path shown in the list of results, instead of having to click on each one to see what they are.
5) Even when the recommended action on the main results screen for an item is "exclude," when opening the details of the item it always says that it's recommended to remove it.
6) One of the results always takes several seconds to open its details window, making Norton become unresponsive during that time. Many of the results are files on a network drive (shared folder in VirtualBox mapped to a drive letter), and all the other files are referenced as \\vboxsrv\VM_DATA_DRIVE\path... whereas the one that takes a long time to open is referenced as e:\path... (e: being the mapped drive letter for \\vboxsrv\VM_DATA_DRIVE\). Not sure why that one is different and if that's why it's slower to load, but definitely seems to be an issue.
7) One file that was flagged is in two different locations, one on the "network" drive and one on an "internal" drive (VirtualBox "drive" file that's mounted as a normal drive in the guest OS, which is Win10). When setting all results to exclude and clicking "Apply All," all but the version of that file on the internal drive are excluded. The one on the network drive says "Excluded by Path" (I'm assuming it's by path vs the others that are just "Excluded" because it's a compressed file) but the one on the internal drive says "Not Attempted." I tried again a couple times and nothing changes.
8) This is minor, but the "Last Scan" timer appears to be based on when the scan results window is closed instead of when the scan was actually performed, which is what is should be based on.
9) The settings switches are backwards. Left should be red/off and right should be green/on. Also minor, but very strange.
10) Components should be able to be disabled without causing the tray icon to change to showing a red x. If I want to use a separate firewall, or disable web protection, or whatever, I should be able to do so without rendering the tray icon useless. If it always has a red x, then it always looks like there's a problem, which means it's no longer relevant and can no longer warn when there's a real issue. If anything, disabling components should result in a yellow x, though I'd prefer having the option at least to have the tray icon unaffected by that, at least when a component is disabled permanently. If it's disabled temporarily, having it change is semi-useful as a reminder (though not really, since a reminder is probably not necessary if it's a temporary thing, meaning it was likely done recently), but if it's disabled permanently, there's really no reason for it. This is one of my pet peeves with security software, and one of the reasons I stopped using and didn't buy any more licenses for Malwarebytes.
11) I'd really like to see a protected folder feature added. In my opinion, this is one of the best protections against malware, especially if it's granular (i.e. allow read/write access separately, and allow selection of an entire drive or individual folders, as well as excluding folders/subfolders), since it, at least in theory, would prevent any malware from affecting the protected data in case an infection occurs despite the other defenses. Unfortunately, I've found every implementation of it I've tried so far lacking, due to the inability to adequately select/exclude folders, lack of a proper notification when access is blocked (indicating WHY it's blocked as well as providing a quick and easy way to allow, either temporarily or permanently, access to the process), or both.
12) Finally, the main reason I'm looking at a standard AV at all is for behavior-blocking, since I plan on running an anti-exe with cloud scanning, anti-exploit, and performing system hardening, so I really just need protection from 0-day malware. Unfortunately, it's very difficult to test how good the BB is in most AV software, since malware will just be detected by the signatures. It would be helpful if there was a test mode that could be activated to disable the signatures, so the BB would be the only functioning protection.
As a side-note, I was just about to give up on posting this when the site finally let me post. I spent several minutes trying, every time being redirected to the edit page of my profile, and then finally the post new item button showed up and I was able to create a thread.
I'd still like to be able to schedule them, since having them run randomly just whenever an update is done means there's no telling when they're done, not to mention the confusion it causes, as I can't be the only one to wonder how to do it. As for the computer needing to be idle for a full scan, it was idle for an hour and the scan didn't run, so maybe Norton's definition of idle is different from mine. If it has to be idle to the point of not being touched at all, then that could explain why it didn't run, because I would periodically check it to see if it was running or had run, but otherwise I left it alone. It seems the idle sensitivity needs to be calibrated, and perhaps even let the user set the level of usage the computer can be at for the scan to run (e.g. something like 50% CPU or less and <20 MBps of disk activity would be a good threshold for me). But based on what I saw, I wouldn't be able to trust that a scan would ever happen, especially since my computer is often not idle even when I'm not using it (it was for this test, though, especially since it was done in a VM that I left alone).
As far as your comment about excluding files, I think you misunderstood what I was saying. That point (#5) wasn't talking about excluding a file; I was pointing out that the recommendations Norton gives are inconsistent, since regardless of the recommendation (exclude, quarantine, etc) in the scan results list, when opening a threat's details window it always says there that it recommends removal. My point is that the recommendation there should match the one in the results list.
Hello
2) Quick Scans can not be scheduled. They occur every time there are SDS definition updates while your computer is idle. Your computer has to be idle for a full scan to run. I schedule them to run while I am sleeping. For a custom scan>Security>Scans>Scans and Tasks>check off Custom Scan> Go
5) You have to exclude the Files in 2 locations which are below each other.
Someone else can respond to the other points.
Have a Good Night and
Thanks.