NIS 2009 needs to be a little less agressive with compressed file - it can corrupt compressed files

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

Its only Norton doing its job. All you had to do was disable Norton temporarily.

I'm sorry, but that's really a stupid response.  That's like giving someone a vacine that ends up crippling them while protecting them from disease and saying the vacine is only doing it's job.

 

Norton's job is to remove viruses and malware (the file it removed was neither) without damaging "good" files.  In this case the zip file contained thousands of "good" files and one file that Norton deemed "extremely bad" (again it wasn't that bad), so it the process of removing the bad file, it screwed up the good ones.

 

As for disabling Norton temporarily, I was doing a full system scan.  Something I won't be doing again any time soon, at least not without turning off scanning of compressed files.

What happens if you turn off "Remove infected files automatically"?  Do you get any kind of option when an infected file is encountered in a zipped package?

 

It would be nice if NIS had a supervisory component that allowed it to work with the user in "unwrapping" a compressed file (you put in passwords as they are required -- it tests for infections).

 

Speaking of passwords, if a zipped file is password protected, it would be impossible for it to be checked for virus and might in fact produce false positives simply because of a random alignment of bytes.  On the other hand, if a file is not password protected, it should be possible to rename it and then extract uncontaminated data into a file with the original name but without the contaminated part.  Of course, is a zipped file contains a zipped file which contains a zipped file which ..., that is extremely suspicious behavior and should be treated as a collaboration with the user.  Multiply zipped folders with a depth greater than 3 levels would only be of value if they were used for extensively encryption purposes with passwords needed for each level.  Such files would be impossible to meaningfully scan.  The only kind that Norton would be able to recognize would be layered zip files without password keys and what would be the point of such files?

If you know its trusted and you want to view the compressed file then disable Norton. As in matter of fact when installing ceratin programs such as games they tell you to shut off your av.


Dieselman743 wrote:
If you know its trusted and you want to view the compressed file then disable Norton. As in matter of fact when installing ceratin programs such as games they tell you to shut off your av.

 

Most things tell you that, almost everything, but I don't think the company behind the software telling you so is because your security software might produce FPs - I'm rather pretty sure they don't for that reason, because having your security software do that is not even acceptable. It's because a lot of software might have a significant negative impact on the installation process when it comes to speed.
Message Edited by RavenMacDaddy on 09-21-2008 10:51 PM

Morac, thanks for reporting the issue. I’ve asked somebody to investigate the scenario that you’ve described.

Morac,  Thank you for the information you have provided regarding this issue.  I am currently working on this but need some additional insight from you and have sent you a PM in this regard. 

 

Thank you,

Message Edited by Brock_Banks on 09-24-2008 12:19 PM