Symantec/Norton appears to have updated their Insight Protection/Download Intelligence (etc.) database. I waited over 20 hours before downloading and installing the mentioned Flash Player update on my 2nd PC, which is also running NIS 2011. No quarantine and no problems this time. Thank you to all who responded.
Thanks to everyone for their input.
Just to clarify the situation, I updated Flash in IE on my Windows 7 computer 2 days ago, and while doing it, Norton Insight reported that the file was safe. However, when I did a routine full system scan the next day (yesterday, after the usual updating of definitions etc), NIS found the file in my temporary internet files and quarantined it as a trojan horse.
Meanwhile I tried to update Flash in IE on an XP machine with the latest definitions, and when running the installer got a warning from NIS that the file was a trojan horse and discontinued updating. Late yesterday I tried again on the XP machine: this time I got no Norton Insight report, so I saved the file instead, at which point Insight gave it the OK. So I then ran the installer and updated Flash (still no Insight report), then ran scans and no threats were found.
In all cases I updated Flash using the official Adobe site, and it appears that both computers are now correctly updated to the latest version (the Adobe version checker says so). However, my main concern now is that I ran an exe file on my Windows 7 computer that NIS reported as safe at the time, but the next day flagged as a trojan horse.
So where does that leave me? Should I be concerned or not?
No, I can confirm that the file from the official website was flagged as a trojan, but it most certainly wasn't a real trojan, but a false positive.
arthurk:
I don't think you have any reason to worry about the Adobe Flash installation on either of your machines as long as you downloaded the installer from the official Adobe web site and managed to get the installation to go to completion without being aborted by the NIS File Insight.
I would only be concerned if you had reported that you clicked the Trust Now link on the File Insight pop-up Window (see screen shot in message # 17) when NIS tried to block the installation. This Trust Now link will manually override the Symantec trust ratings and force NIS to install a file that is not trusted by the general Norton community. This is a dangerous thing to do because the Trust Now link circumvents the NIS security features and could force the installation of a file that is legitimately infected with malware . Clicking the Check Trust Now link isn't dangerous because it simply refreshes the trust ratings (i.e., it checks to see if the trust rating of your file have been updated on the Symantec server since the file was downloaded).
I just noticed that the File Insight warning posted by Bombastus in message # 11 refers to v. 3.0.6.0 of the Flash installer. When I checked the File Insight details of my "good" installer in my NIS security history (History | Internet | Download Insight, then click Details button for the highlighted download) the file version was for the latest v. 10.3.183.5 installer (see screenshot below). It's possible that some of the links on the official Adobe site are not pointing to the correct version of the installer, but in the past I've also observed that certain links on the official Adobe web site will download a Flash Player installer file that is bundled with an optional Google (Ask.com?) toolbar, while other links will download a "clean" installer that doesn't try to install the toolbar. I don't know why Macromedia does this, but NIS File Insight might have been temporarly confused because the Symantec servers only had one reference signature for the more common version of the latest "unbundled" installer in their database.
----------
Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 5.0 * Adobe Flash 10.3.183.5
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 G
Thanks for everyone's help in this. I've had a reassuring reply from Norton as well confirming that they are sure the file is not malware, so it looks like normal service can be resumed.
as a side note, I think that adobe may be using a new adjunct installer/download amanger. They use to use that getPlus thiing, but I think that changed to some other 3rd party “helper”.
Wonder if that was flagged as a fale positive trojan?
I have taken to trying to use the direct installation process on the adobe site, to avoid all the extra junk. tthey have the link for that, just not easily found
I found the following today on the Adobe support site in an article titled Troubleshoot Flash Player Installation (see Advanced Troubleshooting):
2. Antivirus Software
Issue: Antivirus software from vendors like Comodo, Jiangmin and Rising are incorrectly identifying the Adobe Flash Player installer as malware. False reports from these vendors include “TrojWare.Win32.Trojan.Agent.Gen,” “Trojan/JmGeneric.bcy,” and “Suspicious.” Users are also reporting “Failed to Initialize” errors and the installer getting quarantined.
Workaround: Antivirus software vendors and service providers are currently addressing this issue so that the installer is recognized as being legitimate. Ensure that your antivirus signatures are up to date.
_______________________
Calls:
Regarding your comments about downloads via the Flash Manager (Start | Control Panel | Flash | Advanced), do you still have a link for the post in the Adobe forum you mentioned in message # 15? I tried a search and found a post here but I'm not sure if this is the same message you're referring to. I have automated Flash updates disabled in the Flash Manager and ran the downloaded installation file manually from my hard drive , which may explain why I didn't see the false positive for the trojan.
-------------
Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 5.0 * Adobe Flash 10.3.183.5
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 G