But Michael_s has touched on a very serious variation of the theme - "in a few cases the file is not quarantined".
I have experienced instances of a false positive being detected, and for no given reason being removed without quarantining. IMHO, this is unforgivable.
If you think that it's a pain to have to retrieve a file from quarantine, and then add it to an exceptions list to avoid recurrence, consider what it's like to have a 2-gigabyte file (a VMware virtual drive, containing hundreds of files that make up a virtual machine drive) inexplicably treated as infected, and removed without quarantining. Our fault that we did not have a current offline backup, but it took some 10 hours to recover the lost data.
Interestingly, a separate copy of NAV was installed on that virtual machine, and even full scans had detected no infections. Hence our conviction that we suffered a false positive on the host OS. But that should not be relevant. It should not be acceptable to have a program remove a file, with no option to restore it and no consent by the user.
(Both the host OS and guest/virtual OS were running fully-updated NAV 2010 at the time, shortly before the 2011 rollout.)
After 4 months, still no response from the Norton Product Team as to whether this will be put "under consideration". Is there anybody out there, Symantec?
Symantec has The moderators have linked some of the newest ideas on the forum to this post, asking users to continue the discussion here, so I would hope they are Symantec is watching.
I also highly support this feature, and have had experience with the problem which Michael_s and ManFromOz mentioned, which is the outright deletion of certain detected files (I created a detailed suggestion here a while back).
+Kudos, and I really hope this gets integrated into a future release.
The lack of this feature is the ONLY thing that prevent me from buying NIS 2011 or NAV 2011 as of now, I want to ultimately have the decision on what is quarantined not only be left to deal with the havoc that an AV's choices dealt to me. Implementation of this feature would be the only way to get me to buy this software.
Thank you all for the input. We have the “Ask Me” option available today under settings only for threats that are identified as low risk. The idea is we want to protect the users right away if there is a medium or high risk threat detected. I understand though that more advanced users would like to extend this setting to all Insight detections.
I completely agree, Norton needs to add this feature. I am seriously considering dropping Norton altogether, I am an advanced user and I don't want it deleting downloaded files just because "very few users" have downloaded it. Absolutely ridiculous. I also use specialized software in my business and I have had Norton delete the executables without asking me simply because "very few users" have used the program. Luckily I was able to figure out how to restore those files (after a few headaches), but I am tired of trying to figure out how to restore a downloaded executable that has been quarantined.
i personally think it should be removed as it doesn't work and what really concerns me is that it targets open source software while leaving proprietary software alone only once has it targeted proprietary software the rest have been open source or indie software like it gives EA sims 3 software excellent ratings but a game like ai war gets poor ratings even though sims 3 is more of a risk because you have to disable DEP and it uses securerom infact i just did a rep scan its only open source/indie software in the unproven/poor category ai war, smplayer, libreoffice, firefox, mucommander, filezilla, and that nokia QT thingy not a single proprietary program ok ai war is there but thats indie.
question: does symantec get paid by proprietary software companies to give there products good ratings??
gabranth has made the point. I suppose Symantec is paid by software vendors to catch keygens whether they suppose a threat to the user or not. So I sugget Symantec to live on that money because I will not pay them to keep on bothering me a number of times a day with a nasty message which I haven't any control against.
On the other side I have to keep disabling Auto-protect to install LibreOffice. EU lawyers should have a look at this.
So I am very glad that Symantec has this beautiful idea "Under consideration" but I am looking forward to my 81 days licence resting days to letting it expire and gladly substitute it for another option that transparently protects my interests and not big software vendors ones.
*bleep* i submitted libreoffice to nortan ages ago as a false positive
We are writing in relation to your submission through Symantec's on-line Security Risk / False Positive Dispute Submission form for your software being detected by Symantec Software. In light of further investigation and analysis Symantec is happy to remove this detection from within its products.
The updated detection will be distributed in the next set of virus definitions, available daily, or weekly via LiveUpdate, depending on Symantec product version, or daily from our website at
would be very niceifhe hadaskedmebeforedeletingwhatto dowith thefile - under threatat any level and support browsers (opera , maxthon , avant) and others
In light of further investigation and analysis Symantec is happy to remove this detection from within its products.
Users do not have to upload his own files to some unknown company. This is break property of users to have their own files and not to do illegal copies without asking User!
IN NIS 2011, when File Insight detects an apparently risky file (e.g. a downloaded ".exe"), it immediately deletes the file and quarantines it, even if the user is happy to accept the file. It is very inconvenient having to then go to quarantine every time to restore it, especially if the user is confident that it is a safe file.
The same argument also applies to sofware developers, whose executable files they have developed appear to suffer the same fate without being consulted first.
Therefore, could you please give the user the option of whether or not to delete/quarantine such a file instead? All it needs is extra buttons on the File Insight notification screen (e.g. "Allow this file" or "Remove") with a suitable warning re the consequences of doing so. With the filename also displayed, the user can then decide whether or not to let the file through if he recognises it or get it quarantined if he does not.
By the way, it is not good enough just to ask the user to "Trust" the individual file each time, because chances are every time a file is downloaded it will have a different name, so the "trust" list could end up with a huge number of files (unnecessarily).
Please note - "Computer software exists as the servant of the user, not the other way round."