Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
If you restore them you tell NIS that you trust them so Norton won’t have to scan them anymore
ONE wrote:NIS 2009 build 125 bug? If I restore a threat, NIS 2009 won't detect it again.
I try to restore some threats from quarantine, and after I restore them, NIS 2009 build 125 can't detect them again.
(I had used both Auto-detect and Right-Click Scan)
I just try some threats, and almost all of them are like that.
If you want, I can upload those threats.
They can be detected yesterday, but after I restore them from quarantine, they can't be detected again.
Message Edited by ONE on 09-09-2008 07:50 PM
Two things come to mind:
- How were those threats detected, manual file scan, AP, or Sonar?
If by Sonar, then a file scan will not detect them.
- Did you change the advanced heuristic level?
If detected at the aggressive level, then lesser levels may not detect them.
Pieter
PieterV wrote:
ONE wrote:NIS 2009 build 125 bug? If I restore a threat, NIS 2009 won't detect it again.
I try to restore some threats from quarantine, and after I restore them, NIS 2009 build 125 can't detect them again.
(I had used both Auto-detect and Right-Click Scan)
I just try some threats, and almost all of them are like that.
If you want, I can upload those threats.
They can be detected yesterday, but after I restore them from quarantine, they can't be detected again.
Message Edited by ONE on 09-09-2008 07:50 PMTwo things come to mind:- How were those threats detected, manual file scan, AP, or Sonar?If by Sonar, then a file scan will not detect them.- Did you change the advanced heuristic level?If detected at the aggressive level, then lesser levels may not detect them.Pieter
1. I forgot, and I can't detect again, so I am not sure. But some of them are detected as Suspicious. I think maybe it's AP detected.
2. I didn't use aggressive level.
Those threats are here:
[THREAT LINK REMOVED]
You can download it to try.
If you downloaded, you can delete this link.
Then I want to suggest, if the threats restore, NIS 2009 should ask "Will NIS 2009 detect the threats again or not in the future?", and let users chose detect or not is better.
( I remembered when NIS 2009 is beta, it asked. )
Now I can't make them be detected again, how can I fix it?
I didn't see any setting can fix it, make my NIS 2009 detect them again.
[edit: removed threat link per the Participation Guidelines and Terms of Service. Link still available from Administrator for futher review.]
You mention the beta allowed you to exclude and the release version not:
When you restore items from quarantine, NIS 2009 will only directly allow you to exclude low risk items, not high risk.
For high risk threats you must first create an exclusion, by threat or by file, and then restore from quarantine.
This behavior is the same in the beta and the released version.
We will take your recommendation for the enhanced workflow into account in future versions.
Pieter
PieterV wrote:You mention the beta allowed you to exclude and the release version not:
When you restore items from quarantine, NIS 2009 will only directly allow you to exclude low risk items, not high risk.
For high risk threats you must first create an exclusion, by threat or by file, and then restore from quarantine.
This behavior is the same in the beta and the released version.
We will take your recommendation for the enhanced workflow into account in future versions.
Pieter
But I think if the action "restore" will make the threats won't be detected anymore, NIS 2009 should notice. (Both Low rish and High risk)
I don't know how to make them be detected again now, I suggest if they are exclusion, NIS 2009 should let user change it can be detected or not.(In Setting)
Now the problem can't be solved.
If I infected those threats in the future, and NIS 2009 won't notice me because I had restored them before, it's danger, so I think I must re-install NIS 2009 to make it be detected..
ONE wrote:
PieterV wrote:You mention the beta allowed you to exclude and the release version not:
When you restore items from quarantine, NIS 2009 will only directly allow you to exclude low risk items, not high risk.
For high risk threats you must first create an exclusion, by threat or by file, and then restore from quarantine.
This behavior is the same in the beta and the released version.
We will take your recommendation for the enhanced workflow into account in future versions.
Pieter
But I think if the action "restore" will make the threats won't be detected anymore, NIS 2009 should notice. (Both Low rish and High risk)
I don't know how to make them be detected again now, I suggest if they are exclusion, NIS 2009 should let user change it can be detected or not.(In Setting)
Now the problem can't be solved.
If I infected those threats in the future, and NIS 2009 won't notice me because I had restored them before, it's danger, so I think I must re-install NIS 2009 to make it be detected..Message Edited by ONE on 09-10-2008 12:01 PM
One correction to what I wrote earlier, any non-viral threat will allow exclusion, not any low-risk threat.
I don't think there is a need to reinstall, unless you see the exclusions in the [settings][exclusions][scan exclusions]/[signature exclusions], NIS would not exclude the threats.
Do you still have the information about the threats in the history view, if you do, what are the threat names that were detected?
Pieter
PieterV wrote:
ONE wrote:
PieterV wrote:You mention the beta allowed you to exclude and the release version not:
When you restore items from quarantine, NIS 2009 will only directly allow you to exclude low risk items, not high risk.
For high risk threats you must first create an exclusion, by threat or by file, and then restore from quarantine.
This behavior is the same in the beta and the released version.
We will take your recommendation for the enhanced workflow into account in future versions.
Pieter
But I think if the action "restore" will make the threats won't be detected anymore, NIS 2009 should notice. (Both Low rish and High risk)
I don't know how to make them be detected again now, I suggest if they are exclusion, NIS 2009 should let user change it can be detected or not.(In Setting)
Now the problem can't be solved.
If I infected those threats in the future, and NIS 2009 won't notice me because I had restored them before, it's danger, so I think I must re-install NIS 2009 to make it be detected..Message Edited by ONE on 09-10-2008 12:01 PM
One correction to what I wrote earlier, any non-viral threat will allow exclusion, not any low-risk threat.
I don't think there is a need to reinstall, unless you see the exclusions in the [settings][exclusions][scan exclusions]/[signature exclusions], NIS would not exclude the threats.
Do you still have the information about the threats in the history view, if you do, what are the threat names that were detected?
Pieter
Both my [scan exclusions]/[signature exclusions] are empty, but my NIS 2009 still can't detect them.
http://my.picpimp.info/viewer.php?file=pdmjv43mlcdramggbl.jpg
http://my.picpimp.info/viewer.php?file=d3b7a8smg8qnpnphz.jpg
So I think I must re-install.. Maybe it's a bug..
I don't know, because my history is big.
But I upload the threats in my previous reply of this thread, you can try to scan them.
Hi ONE.
We had a look at your files.
With the advanced heuristic level set to off or auto:
Using yesterdays definitions 0/4 files are detected.
Using todays definitions 2/4 files are detected.
With the advanced heuristic level set to aggressive:
Using yesterdays definitions 4/4 files are detected.
Using todays definitions 4/4 files are detected.
The automatic setting allows aggressive mode to kick-in when a large number of threats are found relative to the number of clean files on a system. This is not a scenario many people should encounter, but it is possible if there is a downloader Trojan on your computer that has been particularly active or the system has been exposed to many threats for some reason (unpatched PC with no firewall? Risky behavior and minimal protection?) Our goal here was to provide a means of dealing with deep infections that would otherwise strain the effectiveness of conventional methods *without* having the heuristics trigger unnecessarily when other methods will work adequately.
If your heuristic level was set to auto, and during your testing you were actively infecting your machine, or you had a large number of infected files on the system, that would explain what you see.
Pieter
PieterV wrote:Hi ONE.
We had a look at your files.
With the advanced heuristic level set to off or auto:
Using yesterdays definitions 0/4 files are detected.
Using todays definitions 2/4 files are detected.
With the advanced heuristic level set to aggressive:
Using yesterdays definitions 4/4 files are detected.
Using todays definitions 4/4 files are detected.
The automatic setting allows aggressive mode to kick-in when a large number of threats are found relative to the number of clean files on a system. This is not a scenario many people should encounter, but it is possible if there is a downloader Trojan on your computer that has been particularly active or the system has been exposed to many threats for some reason (unpatched PC with no firewall? Risky behavior and minimal protection?) Our goal here was to provide a means of dealing with deep infections that would otherwise strain the effectiveness of conventional methods *without* having the heuristics trigger unnecessarily when other methods will work adequately.
If your heuristic level was set to auto, and during your testing you were actively infecting your machine, or you had a large number of infected files on the system, that would explain what you see.
Pieter
Thank you, PieterV.
Those threats were detected yesterday, but the threat name are different from previous.
(From example, I think one threat previous name is Suspicious.AH.XX, not its name is Trojan.Packed.NsAnti)
So I think that's the reason that they can be detected again.
(All the threats were detected. But I only used auto level, not aggressive level.)
Yes, I set my heuristic level to auto.
I always downloaded a large number of threats to scan, and then submitted the threats that NIS 2009 not found.
(But I didn't try to make them infect my PC.)
So.. That's the reason my NIS 2009 auto level detection as aggressive level detection?
Anyway, I still hope the restore risks exclusions setting can be custom in the future version of NIS 2009.
(I meant, if user want to restore a risk, NIS 2009 ask user the risk will be detected in the future or not.)
ONE wrote:Thank you, PieterV.
Those threats were detected yesterday, but the threat name are different from previous.
(From example, I think one threat previous name is Suspicious.AH.XX, not its name is Trojan.Packed.NsAnti)
So I think that's the reason that they can be detected again.(All the threats were detected. But I only used auto level, not aggressive level.)
Yes, I set my heuristic level to auto.
I always downloaded a large number of threats to scan, and then submitted the threats that NIS 2009 not found.
(But I didn't try to make them infect my PC.)
So.. That's the reason my NIS 2009 auto level detection as aggressive level detection?
The Suspicious.AH detection is from aggressive mode.
The Trojan.Packed.NsAnti detection is from a new signature that was added yesterday.
Yes, NIS didn't know you were just testing, it automatically changed the heuristic level because it thought you were being infected.
Pieter