NCrypt - Downloaded without notice or permission

After more than 17 years of using Norton products I am finally changing products. I cannot believe this company downloaded a crypto miner without my permission regardless of whether it is optional or is not operational at the time. I am incensed that the CEO stated older people are hesistent about new technologies - my response will be to remove your technoligies from my seven systems. Old and proud of it. Former IT Security Auditor and CISA. 

Although I don't necessarily like this, I understand that it just sits there on my hdd, it does nothing unless I start it myself. So there is no need to over react, I still trust Norton.

Also, before jumping to any other product, can we be in any way sure they won't follow Norton's example? They see an opportunity to also make some extra revenue and in a few months they too will have crypto miners?

I too am a strong proponent of Norton security products. I agree that it should not be automatically downloaded to customers’ computers. I realize it’s not activated by default, but as I’ve said elsewhere on Norton Forums, that’s beside the point. The point is it should not be downloaded by default in the first place, period. If a Norton customer wants to take advantage of the product offering then they should have the option. The product may be good, I’m not saying it’s not. I am simply saying that as a non-security product it should not be bundled with a security product. Further, while Norton may have discosed this back in July or July 2020, that’s a long time ago, and it was on a blog/forum that relatively few people check on anything even near a regular basis. I too found out about it from a respected security blog. If not for that I’d still have no idea that NCrypto.exe was on my computer. Well, actually, used to be on my computer. I’ve deleted it, and am certain it will reappear at the next Norton360 patch update, when I’ll have to remember to find and delete.

I too am am incensed that the CEO [apparently] stated older people are hesitant about new technologies. If he/she/it said that then the arrogance and condescension speaks volumes. Yes, we may be hesitant, but for some of us that’s more due to wisdom of the ages. Sometimes I/we may be hesitant/reluctant, sometimes because it’s just a pain in the butt or we’re unsure. However, sometimes it’s more because we’ve seen it before and know better than to fall for the new-best-thing simply because it’s new. We’re less likely to buy into the hype. So, think twice before dismissing based on age. That goes both ways, us older folks could just as easily dismiss the younger, but that’s a mistake just as much as it’s a mistake for the younger to dismiss the older. We each have much to learn from the other.

Correct, Norton is not doing the crypto mining but it is downloading an executable that is not part of the AV package to which the users have subscribed. Norton is receiving monetary benefit if a user opts-in to the crypto mining program. This should not be automatically downloaded to the users' computers without first offering it in an email as we are all so very tired of the unsolicited Norton Lifelock's sales popup ads. This is an AV program. If Norton wants to offer services outside of the computer security profile, go forth and prosper, just don't use my computer for it. This is sneaky spam, and it is a type of malware since it looks at the computer's configuration to determine if it is capable of running the NCrypt application and uses that data to make the offer to the user, all unsolicited and not in the product profile of AV software. Truly not good, in my view and others' views from what I have read. I am a strong proponent of Norton AV products but that trust has been significantly weakened. And they are going behind the customers' backs by downloading the files that are not related to AV without the customers' knowledge. I only found out from a security feed I subscribe to, not from Norton.

FWIW ~ 

“As the crypto economy continues to become a more important part of our customers’ lives, we want to empower them to mine cryptocurrency with Norton, a brand they trust,” said Vincent Pilette, CEO of NortonLifeLock. “Norton Crypto is yet another innovative example of how we are expanding our Cyber Safety platform to protect our customers’ ever-evolving digital lives.”

For years, many coinminers have had to take risks in their quest for cryptocurrency, disabling their security in order to run coinmining and allowing unvetted code on their machines that could be skimming from their earnings or even planting ransomware. Earnings are commonly stored directly on miners’ hard drives, where their digital wallet could be lost should it fail.

Norton Crypto delivers a secure, reliable way for consumers to mine for Ethereum without opening themselves and their devices up to these pitfalls. Once cryptocurrency has been earned, customers can track and transfer earnings into their Norton Crypto Wallet, which is stored in the cloud so it cannot be lost due to hard drive failure.

“We are proud to be the first consumer Cyber Safety company to offer coinminers the ability to safely and easily turn the idle time on their PCs into an opportunity to earn digital currency,” said Gagan Singh, chief product officer at NortonLifeLock. “With Norton Crypto, our customers can mine for cryptocurrency with just a few clicks, avoiding many barriers to entry in the cryptocurrency ecosystem.”

https://www.businesswire.com/news/home/20210602005361/en/ 

Norton is not doing the crypto mining. Norton is just allowing customers to choose to use the mining feature to try to make a little money in a safe environment. It is up to the customer to decide if they want anything to do with this. Nothing is being done behind the customer's back.

 

I decided against Bitdefender as user blogs show it sends too many blocking notifications to the desktop. Just what I don't need.  Wish there was a good alternative to Norton. Still do not understand why management thinks crypto-mining using customer resources is a good product fit for a anti-virus, anti-malware, security centric company!

Why should I be responsible for hunting down and removing their non-AV executables? Isn't that why I have AV in the first place?!

TPA50

Thank you for responding.   For now I will persevere but it seems with each update there are more things that break or need patching.  

I find I get good and timely advice from the volunteers on this Forum who have always been patient and willing to help.  

bjm_

Thank you for this information.  I do not see NCryto running anywhere in Task Mgr nor do I have an Opt In interface on the User Interface.  So thank you that gives me the information I have been looking for.  Other posts just say by default it's not activated but didn't give any info how to be assured or look for it.  As always you have been so good to help me. 

I am leaning towards Bitdefender for my home office and personal computers. I backup to two locations weekly. Researching if really need an AV to be on the browser since full implementation of HTTPS as some articles suggest that AV products actually decrease security by intercepting certificates and issuing their own less encrypted certs. Anti-spam is now done quite effectively by my domain hosting company. So, maybe just need a firewall and AV to scan email and downloads and perform root and file scans on a schedule. Would prefer a US company focused on AV, but hard to find now a days. :-(

btw ~ NCrypt.exe may be deleted to Recycle Bin

To delete NCrypt.exe temporarily turn off Product Tamper Protection -> remember to turn Product Tamper Protection back on.

Note:  you'll probably need to check if NCrypt.exe is reinstalled with Norton "product" updates.


btw ~ you may also rename NCrypt.exe 

for example: NCrypt.exe123


btw ~ Norton also checks your GPU on boot

Category: Crypto Mining
Date & Time,Risk,Activity,Status,Recommended Action,RIG ID
1/5/2022 9:13:43 AM,Info,No viable GPU found that can support crypto mining,Detected,No Action Required

Tibbies4Life:
I do not want Crypto Mining on my computer but I can't find the Crypto Mining feature or Opt In/Out options on my User Interface so I can be sure it's not enabled.  

If you don't see the green tile at the top of your Norton 360 dashboard, then your GPU is not viable to mine and therefore does not even show the option to "opt-in." You are opted-out by default regardless of whether you have a GPU capable of mining or not.

https://community.norton.com/en/comment/8519476#comment-8519476 

Tibbies4Life:

I do not want Crypto Mining on my computer but I can't find the Crypto Mining feature or Opt In/Out options on my User Interface so I can be sure it's not enabled.  

 


It will only show if your GPU is capable of mining.

If you want to check for sure it is not running, look at task manager; if NCrypt.exe is running, ...
I have every confidence that if you don't see the "Norton Crypto" tile at the top of your Norton 360 dashboard that you are not mining.
https://community.norton.com/en/comment/8519417#comment-8519417  

FAQ: Norton Crypto
[...]
Will Norton 360 mine my device without my permission? ›
No. In addition to having a device that meets system requirements, you must also turn on Norton Crypto on your device. If you have turned on Norton Crypto, but you no longer want to use the feature, you can disable it through your Norton Crypto dashboard.
[...]
https://support.norton.com/sp/en/us/home/current/solutions/v138473899

Please review: https://community.norton.com/en/comment/8519484#comment-8519484 

May I ask what AV software you are going to use?  I have used Norton for 20+ years and I too am not happy they put a Crypto Mining feature in Norton360 plus Ads and the hocking of features for more $$ for protection it used to provide users.  Maybe this is LifeLock's influence since they own Symantec, idk.  

I do not want Crypto Mining on my computer but I can't find the Crypto Mining feature or Opt In/Out options on my User Interface so I can be sure it's not enabled.