IN NIS 2011, when File Insight detects an apparently risky file (e.g. a downloaded ".exe"), it immediately deletes the file and quarantines it, even if the user is happy to accept the file. It is very inconvenient having to then go to quarantine every time to restore it, especially if the user is confident that it is a safe file.
The same argument also applies to sofware developers, whose executable files they have developed appear to suffer the same fate without being consulted first.
Therefore, could you please give the user the option of whether or not to delete/quarantine such a file instead? All it needs is extra buttons on the File Insight notification screen (e.g. "Allow this file" or "Remove") with a suitable warning re the consequences of doing so. With the filename also displayed, the user can then decide whether or not to let the file through if he recognises it or get it quarantined if he does not.
By the way, it is not good enough just to ask the user to "Trust" the individual file each time, because chances are every time a file is downloaded it will have a different name, so the "trust" list could end up with a huge number of files (unnecessarily).
Please note - "Computer software exists as the servant of the user, not the other way round."
Not so few cases then a malware sample is recognized as a Safe file (about the one in every 30 downloaded files)
> By the way, it is not good enough just to ask the user to "Trust" the individual file each time, because chances are every time a file is downloaded it will have a different name, so the "trust" list could end up with a huge number of files (unnecessarily).
a few piece of info:
Security data is binding with file checksum (for example you can see it in wikipedia as md5 ,sha-256 and other hash algorithms). checksum is changing if only file content was changed (filenames and extentions may be anything you want - it will not change the checksum).
Thank you for your feedback, now to give you more details about the problem :
It would be ok if Norton would show this Insight Message for all threats, but it is detecting some applications as false positive and it deletes (quarantines) them instantly, which causes some inconveniences to restore the file and then create a scan exclusion :
There is a switch between auto / manual for the low threats but not for the higher ones. Should it be changed for the future versions of Norton ?
You could always make it a setting that is off by default so the actual behaviour remains unchanged and at the same time also cater to the more computer-savvy audience.
This would make an excellent addition and I'm sure you would get more support for that.
Yes, I would like to see this option added as well. I've been nailed a few times by NIS auto-deleting files that I know are OK and have had to turn it OFF to get it out of the way temporarily.
I think it should scan the file then ask the user is it safe to store *.somefile name to " safe directory" where the file can be opened and tested ( ex... like win zip) to see if it is a reliable file and that there is no hackware or spyware in it. if there is a issue then ask user if they want to fix problem or bypass and continue install. when it is installed or ran not shal use a monitor of the program and make sure that it don't change any key settings in the o.s. (ex... like a self duplicator) and check to see were it "dials home" at and check to make sure that it is a reliable source (ex.. like a popup trojan or back dialer) Norton allready does this automaticly but doesn't let the user have any input... input would be nice!
No progress on this? I reinstalled NIS 2011 on my machines and am mostly happy with it. However, when I ran a full scan on my desktop machine it deleted 6 files I would rather it had not messed with. It would not let me restore 2 of them. It is my machine and they are my files. An internet security suite should be a tool, not something that takes over my computer.
I've had this too, however in all but one case, the quarantine has been accurate.
The idea should be expanded, there should be 3 options; trust, quarantine, and remove, as there's always a possibility that the threat has an anti-quarantine counter-measure, or a 2nd threat comprimises your quarantine information.
It is not ok that Norton is able to delete ( / quarantine - the problem is: in a few cases the file is not quarantined!) files without the confirmation of the user. There should be an option to "Trust" or to "Add the file to the secure zone" (not sure if that's the accurate expression in the English version).
Perhaps, Symantec doesn't want to add this option because the ordinary user could mistakenly allow a file which is infected. In this case, I suggest that this option shouldn't be available by default, but only after the (experienced) user has activated it. Any experienced user needs such an option!!
(Alternatively there could be the option to 'Block' the file - then, it can do no harm, too - no need to always delete it at once.)
There are apparently many people who refuse to buy / continue buying Norton because of this. For my part, I won't buy Norton after my trial periode. It is annoying that a software can delete on its own some of my files (some of which have been rated secure in previous scans! - So it's no help adding these files manually to the secure zone since you never know if Norton will rate your file 'evil' the other day...) Apart from that, adding a file to the secure zone is not always a help: as soon as you rename it or move it to another folder, the exception would be without any use).