NIS 2012: LibreOffice v3.4: fsstorage.uno.dll

Norton Security | Norton Internet Security
1

Hello everyone! :)

 

Windows XP Pro SP3

NIS 2011 v19.1.0.28

Pentium 4 CPU 3.0GHz

1.0GB RAM

 

Just wanted to report an occurrence I've noticed here in the forums with users updating to NIS 2012. It appears that certain installations of LibreOffice v3.4 has a file that NIS 2012 does not like one bit and decides to put it in automatic quarantine. Keep in mind NIS 2011 never once complained about this file in the past that is a part of the LibreOffice v3.4 installation.

I have RESTORED the file from quarantine as I sincerely believe that this file is reputable. I believe it is simply an error that SONAR or cloud insight noticed. I had just finished install NIS 2012 and 10 minutes later while just browsing through the NIS 2012 GUI that little red pop up notification said a file was quarantined as being suspicious... something along those lines.

When I went into the NIS 2012 recent history, I also see a LOT of items that have been submitted for statistical analysis in regards to their reputation. Many files have been exonerated... others are pending. The file in question: fsstorage.uno.dll has a PENDING status. Does this mean the file has automatically been sent to Symantec for analysis? Or should I also report the file here: untitled.JPGhttps://submit.symantec.com/false_positive/ 

I'd like to know why this is still happening as I've seen a few posts about this LibreOffice detection in the last day or so and it appears the file is still in question by NIS 2012. I can still use LibreOffice just fine. Thanks! :)

 

2

Hello everyone! :)

 

Windows XP Pro SP3

NIS 2011 v19.1.0.28

Pentium 4 CPU 3.0GHz

1.0GB RAM

 

Just wanted to report an occurrence I've noticed here in the forums with users updating to NIS 2012. It appears that certain installations of LibreOffice v3.4 has a file that NIS 2012 does not like one bit and decides to put it in automatic quarantine. Keep in mind NIS 2011 never once complained about this file in the past that is a part of the LibreOffice v3.4 installation.

I have RESTORED the file from quarantine as I sincerely believe that this file is reputable. I believe it is simply an error that SONAR or cloud insight noticed. I had just finished install NIS 2012 and 10 minutes later while just browsing through the NIS 2012 GUI that little red pop up notification said a file was quarantined as being suspicious... something along those lines.

When I went into the NIS 2012 recent history, I also see a LOT of items that have been submitted for statistical analysis in regards to their reputation. Many files have been exonerated... others are pending. The file in question: fsstorage.uno.dll has a PENDING status. Does this mean the file has automatically been sent to Symantec for analysis? Or should I also report the file here: untitled.JPGhttps://submit.symantec.com/false_positive/ 

I'd like to know why this is still happening as I've seen a few posts about this LibreOffice detection in the last day or so and it appears the file is still in question by NIS 2012. I can still use LibreOffice just fine. Thanks! :)

 

3

This is excellent news, thank you kindly. :smileyhappy:

Today, I performed a FULL system scan and here are the additional QUARANTINED files ALL from the LibreOffice directory.

 

Scan Statistics:
  Scan Time: 9,895 seconds
  Scan Targets: Entire computer
  Counts:
   Total items scanned: 404,799
   - Files & Directories: 397,877
   - Registry Entries: 485
   - Processes & Start-up Items: 4,206
   - Network & Browser Items: 2,226
   - Other: 5
   - Trusted Files: 8,483
   - Skipped Files: 0

   Total security risks detected: 17
   Total items resolved: 17
   Total items that require attention: 0

Resolved Threats:
12 Tracking Cookies
 Type: Anomaly
 Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy) 
 Categories: Tracking Cookies
 Status: Partially Resolved
 -----------
 12 Tracking Cookies
Cookie:removed@atdmt.com/ - Not detected
Cookie:removed@nir.theregister.co.uk/ - Not detected
Cookie:removed@xiti.com/ - Deleted
Cookie:removed@www.newegg.com/ - Deleted
Cookie:removed@searchmidmarketsecurity.techtarget.com/ - Deleted
Cookie:removed@ic-live.com/ - Deleted
Cookie:removed@techtarget.com/ - Deleted
Cookie:removed@go.com/ - Deleted
Cookie:removed@intellitxt.com/ - Deleted
Cookie:removed@espn.go.com/ - Deleted
Cookie:removed@rbc.bridgetrack.com/ - Deleted
 - Delete Failed


Suspicious.Cloud.7.F
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy) 
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 File
c:\program files\libreoffice 3.4\program\passwordcontainer.uno.dll - Deleted
1 Browser Cache

 

Suspicious.Cloud.7.F
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy) 
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 File
c:\program files\libreoffice 3.4\program\fwmmi.dll - Deleted
1 Browser Cache

 

Suspicious.Cloud.7.F
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy) 
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 File
c:\program files\libreoffice 3.4\program\hatchwindowfactory.uno.dll - Deleted
1 Browser Cache

 

Suspicious.Cloud.7.F
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy) 
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 File
c:\program files\libreoffice 3.4\program\textconversiondlgsmi.dll - Deleted
1 Browser Cache

 

Suspicious.Cloud.7.F
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy) 
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 File
c:\program files\libreoffice 3.4\program\unordfmi.dll - Deleted
1 Browser Cache

 

Unresolved Threats:
No unresolved risks

4
siva_kannan wrote:

Thank you for the post Dustyn.

We are investigating this particular issue with Libre Office and this issue should be resolved soon. There is no further action required from your end.

Regards,

Siva Kannan.

I have just one more question. :smileyindifferent:

How will I know when the issue is corrected?

I don't expect it to be fixed anytime soon as I realize their are many more important issues way ahead of this.

I have no problem waiting... I'm just curious.

5

Hello Dustyn,

 

We released an update last Friday(Sept 9th 2011). You should no longer see this issue.


Thanks,

Siva Kannan.

6

Thanks so much.

Excellent work! :smileyvery-happy:

NIS 2012 no longer detects any aspect of LibreOffice as a threat with the Sept 9th update.