I am surprised at how many false positives my Norton Antivirus 2011 is reporting. I cannot seem to run almost ALL of the executables I have downloaded from the following site because almost all of them are reported either as Trojan viruses or some sort of other virus! I did some investigation on my own, and it seems the executables I downloaded are packed with a special executable packer which Norton wrongly identifies it as a virus. Other antivirus vendors have taken action to prevent the false positives and I would like Symantec to do something about this as I cannot run anything that I download from this particular site. Last night I spoke to Norton support online, and the tech support person told me to submit the false positives one-by-one. C'mon! I have like maybe 10 false positives to submit from one URL!
To cut the story short, the bunch of false positives are exectuables which are "3d demos" from here:
FYI, I disabled the SONAR protection and Norton still reports the exectuable as a Trojan!
If Symantec can do something about this that would be great or else I will have to turn off the antivirus feature completely which means there is no point purchasing the product in the first place...
I am surprised at how many false positives my Norton Antivirus 2011 is reporting. I cannot seem to run almost ALL of the executables I have downloaded from the following site because almost all of them are reported either as Trojan viruses or some sort of other virus! I did some investigation on my own, and it seems the executables I downloaded are packed with a special executable packer which Norton wrongly identifies it as a virus. Other antivirus vendors have taken action to prevent the false positives and I would like Symantec to do something about this as I cannot run anything that I download from this particular site. Last night I spoke to Norton support online, and the tech support person told me to submit the false positives one-by-one. C'mon! I have like maybe 10 false positives to submit from one URL!
To cut the story short, the bunch of false positives are exectuables which are "3d demos" from here:
FYI, I disabled the SONAR protection and Norton still reports the exectuable as a Trojan!
If Symantec can do something about this that would be great or else I will have to turn off the antivirus feature completely which means there is no point purchasing the product in the first place...
Thanks for your reply Imacri, however, the BitDefender employee says that they will exempt the intros themselves from detection. This is plausible as a real virus program could potentially hide itself from detection by being compressed by these rarely known executable packers. This is what I would like Norton to do.
There are far too many false positives to report from a single website. I have already provided a link to one specific example which Norton reports as a false positive.
The whitelisting is good, however, I don't think many "demo scene" groups care or do not have the time to submit their findings by trying out every virus scanning software out there unless it was a commercial product. Keep in mind these people create these demos as a hobby and for a demo competition held a few times throughout the year.
As for jojesa reporting that the false positives are occuring on the popular titles, I believe you are downloading illegal "cracked" versions from the internet which are infected with such viruses.
I for example, do not have any problems with the commercial products you have listed there since I have a geniune licensed version.
bahadir be very careful of making this type of unfounded accusations, I take them very seriously.
"As for jojesa reporting that the false positives are occuring on the popular titles, I believe you are downloading illegal "cracked" versions from the internet which are infected with such viruses".
All software titles I have I optained thru legal channels (I either paid, they are freely available or got them gratis or got pre-release or BETA versions). I DO NOT use cracked software.
By the way they were all heuristic threats. I never mentioned viruses any where.
I even had a Symantec tech connected to my system trying to trobleshoot the issue.
I'm not sure if I understand exactly what the packer program you're referring to does (are we both talking about Kkrunchy?) but as far as I know these packer programs don't just compress the files, they insert "garbage code" in the executables to prevent their code from being decompiled and reverse-engineered. Norton products can already scan compressed files for malware (see Settings | Computer Settings | Compressed File Scans). I think it's the random "garbage" code inserted in these files that sets off the heuristic detection because it constantly alters the SHA256 hash tag (size) of the file every time it's packed.
That's all speculation on my part - I don't know enough about these packer programs to provide a technical explanation as to why it sets off Norton's heuristic detection, but I'm not sure how Symantec could design their heuristic detection to consistently determine if the "garbage" code inserted in the executables was safe or not.
My understanding of "exempt the intros themselves from detection" was that BitDefender was going have to whitelist (exempt) each file on the website in question on a name by name basis, and there were only 5 or 6 file names submitted to BitDefender (see here). Are you asking Symantec to do the same for each file posted on the www.scene.org website so that you don't have to file multiple False Positive reports or create multiple scan exemptions for these files?
--------
Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 8.0.0 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
Please see Rogerror's thread here titled 90 Heuristic Threats Identified on a Full Scan. If you are running any other security software in real-time protection mode (e.g., your Sophos Antivirus) or even have residual files and registry entries from previously installed security software on your system, this could be causing your problems. Regardless, it's likely a clean re-install of your NIS 2012 using the Norton Removal Tool will be required as Rogerror found so that compressed files are no longer detected as suspicious files.
I've asked the Forum Moderator to move your comments to a separate thread since your problem doesn't seem to have anything to do with a program packer. Please post back for customized instructions if you need to wipe Sophos or other older (uninstalled) security software off your system.
-------
Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 8.0.0 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
Jojesa, I sincerely apologize to what I said above. Mods, please remove the statement I made to Jojesa - I don't know to remove it.
Usually there wouldn't be an issue with any commercial products, its just one of those rare instances that it occurs on your PC and no one elses.
Imacri, I am not sure what you mean from the above question, but all I am asking is if difficult for Norton to implement such a method, then maybe they can have multiple scan exemptions for the files at scene.org.
I know that there was no viruses detected by Norton Antivirus heuristics a few years ago, but I think as viruses got more sophisticated in avoiding detection from virus scanners, Norton's heuristics became more vigilant in detecting strange behaviour in executable files especially those that contains encrypted code in the wrong area of the executable which triggers Norton's protection.
Please see Rogerror's thread here titled 90 Heuristic Threats Identified on a Full Scan. If you are running any other security software in real-time protection mode (e.g., your Sophos Antivirus) or even have residual files and registry entries from previously installed security software on your system, this could be causing your problems. Regardless, it's likely a clean re-install of your NIS 2012 using the Norton Removal Tool will be required as Rogerror found so that compressed files are no longer detected as suspicious files.
I've asked the Forum Moderator to move your comments to a separate thread since your problem doesn't seem to have anything to do with a program packer. Please post back for customized instructions if you need to wipe Sophos or other older (uninstalled) security software off your system.
-------
Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 8.0.0 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
Thanks lmacri,
Uninstalling NIS and using the Norton Removal Tool several times then re-installing NIS 2012 did the trick (at least for now).
I thought this post was just about the title "Many false positives reported by NIS 2011"
Glad to hear your NIS 2012 is behaving again. I don't know why so many people are having problems with scanning of compressed files with NIS 2012 (particularly compressed .exe and .msi installers), but the NIS 2012 installation on some computers seems to be corrupted when LiveUpdate delivers the patch to update NIS 2012 from v. 19.1.0.28 to v. 19.2.0.10.
Don't worry about posting in bahadir's thread - I only suggested that it be moved to its own thread to ensure your problem got the best possible exposure to other users in the forum.
If the problem re-occurs, disable scanning of compressed files in NIS (Settings | Computer Settings | Compressed File Scans | OFF). If the false positives disappear during scans then you can be relatively certain that compressed file scanning is the issue.
--------
Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 8.0.0 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
Glad to hear your NIS 2012 is behaving again. I don't know why so many people are having problems with scanning of compressed files with NIS 2012 (particularly compressed .exe and .msi installers), but the NIS 2012 installation on some computers seems to be corrupted when LiveUpdate delivers the patch to update NIS 2012 from v. 19.1.0.28 to v. 19.2.0.10.
--------
Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 8.0.0 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
I don't know what's the issue with NIS 2012 but many .exe, .msi and some .cab files were flagged.
A friend clicked Apply All when he got the Threats Detected popup and he wiped files from Office, Java, Flash player & Skype.
I was a BETA tester for NIS 2012 and I did not see this issue ( "bug") while testing.
I was a BETA tester for NIS 2012 and I did not see this issue ( "bug") while testing.
Hi jojesa:
I'm not sure if this applies to you, but beta testers often have problems if they install the "final" commercial release over the beta version. Symantec employee Tim Lopez recommmends here that users first uninstall the beta version from the Windows Control Panel (Add/Remove Programs for XP; Programs and Features for Vista and Win 7) before installing the commercial release, but users sometimes find it necessary to completely wipe the beta version using the Norton Removal Tool and follow the step-by-step instructions posted here as you did.
---------
Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 8.0.0 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
