NIS 2012 reporting Chrome Canary as threat and removing it

This just started happening with a reload of Canary a few minutes ago, version:

 

18.0.973.0 canary

 

Canary loads, but when I try to load any URLs (or restore the last tabs loaded), NIS takes over and removes a dll.

 

 

Full Path: c:\users\tom\appdata\local\google\chrome sxs\application\18.0.973.0\ppgooglenaclpluginchrome.dll
____________________________
____________________________
On computers as of 12/16/2011 at 10:57:57 PM
Last Used 12/16/2011 at 10:59:17 PM
Startup Item No
Launched No
____________________________
____________________________
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
____________________________
Very New
This file was released less than 1 week ago.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.
____________________________

Source File:
ppgooglenaclpluginchrome.dll
____________________________
File Actions
File: c:\Users\Tom\AppData\Local\Google\chrome sxs\application\18.0.973.0\ppgooglenaclpluginchrome.dll
Restart Required
____________________________
File Thumbprint - SHA:
de62ebc25c068c5872a2d19558737c5bbd3e47c7caca77e894aa2c4a47202afa
____________________________
File Thumbprint - MD5:
d7695fb7c1a89af2525625a51b5abd3e
____________________________

I know I can recover it, the question is, is it safe to do so?  i.e., is this a false positive?

I'm going to see if there is a newer Canary to install, but the old one actually ran for a day before being removed again. 

This just started happening with a reload of Canary a few minutes ago, version:

 

18.0.973.0 canary

 

Canary loads, but when I try to load any URLs (or restore the last tabs loaded), NIS takes over and removes a dll.

 

 

Full Path: c:\users\tom\appdata\local\google\chrome sxs\application\18.0.973.0\ppgooglenaclpluginchrome.dll
____________________________
____________________________
On computers as of 12/16/2011 at 10:57:57 PM
Last Used 12/16/2011 at 10:59:17 PM
Startup Item No
Launched No
____________________________
____________________________
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
____________________________
Very New
This file was released less than 1 week ago.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.
____________________________

Source File:
ppgooglenaclpluginchrome.dll
____________________________
File Actions
File: c:\Users\Tom\AppData\Local\Google\chrome sxs\application\18.0.973.0\ppgooglenaclpluginchrome.dll
Restart Required
____________________________
File Thumbprint - SHA:
de62ebc25c068c5872a2d19558737c5bbd3e47c7caca77e894aa2c4a47202afa
____________________________
File Thumbprint - MD5:
d7695fb7c1a89af2525625a51b5abd3e
____________________________

It would be great to know what was the threat name Norton detected in the program files? Was it eg. WS.Reputation.1?

I haven't had it pop up lately, and like an idiot I didn't save it to text, but it was something like WS.Cloud.9 or similar.

They are labelling any new program as a Virus - with code WS.Reputation.1
This is the "latest" Norton "invention" (many call it scam) - if the program is newly released, they mark it as virus and delete it after download.


This is because they DO NOT have proper technology to discover if a file is a threat or not and they are just guessing.
They have discovered that by simply lying to their customers by inventing threats they will continue to make money.

 

If they do not lie they will have to close Symantec because they have no valuable product to sell. Now they peddle WS.Reputation.1 just to stay in business.

 

Just get something free and better as Microsoft Security Essentials or free AVG. 

 

That would be Suspicious.Cloud.7.EP

 

Full Path: c:\users\tom\appdata\local\google\chrome sxs\application\18.0.978.0\ppgooglenaclpluginchrome.dll
____________________________
____________________________
On computers as of 12/22/2011 at 7:41:11 PM
Last Used 12/21/2011 at 10:19:57 PM
Startup Item No
Launched No
____________________________
____________________________
Few Users
Fewer than 50 users in the Norton Community have used this file.
____________________________
Very New
This file was released less than 1 week ago.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.
____________________________

Source File:
ppgooglenaclpluginchrome.dll
____________________________
File Actions
Infected file: c:\Users\Tom\AppData\Local\Google\chrome sxs\application\18.0.978.0\ppgooglenaclpluginchrome.dll
Repaired
____________________________
File Thumbprint - SHA:
f42852af98f9bc010896830fa1d969356ea743ca03781848db1b5a59a21d386c
____________________________
File Thumbprint - MD5:
cee9338c5b8e403aa9807c584ed3b589
____________________________

Sounds like another Norton "invention" - what is actually Suspicious.Cloud.7.EP?

 

- I bet that they do not know anything about that file and just labeled it with Suspicious.Cloud.7.EP.  They scare their customers and show some "useful" activity by labelling perfecty good programs as Viruses using fake virus like names like  Suspicious.Cloud.7.EP or WS.Reputation.1 This are not viruses, but names invented by Norton to scare people and mask their inability to tell good from bad files.

 

It seems that Norton  have become a dangerous virus on its own - the program disrupts the normal computer functions in order to benefit its corporate creators - this is exactly what the viruses do.

 

They have hired some smooth talkers on this forum here to tell you this and that but the truth is Norton software spreads viruses and disables perfectly good programs just so Symantec makes money. The corporate greed makes them cheat people who had the bad chance to get the Norton program (teher are better free programs like AVG). I for one got rid of it and now my computer runs much faster.They also prey on your private information and add you to endless e-mail lists so they spam you for years to come.  Get rid of Norton and see how fast your computer actually is.

You contribute nothing to the solution. 

 

Go away, troll.

ok, let see ... I am willing to bet your problem will not be solved here. Get ready to hear a lot of nonsense and no real help. But hey, you got Norton and that is what you get - nothing.

Hi,

 

sorry for the late response, I was a bit away.

Do you still have the issue that Norton removes the new Chrome beta version?

Not for the last several days, no

This is what I had to do within NAV while testing chromium:

 

I clicked Settings > Antivirus and Sonar Exclusions > Items to exclude from scans > Configure.
In here I added the file ppGoogleNaClPluginChrome.dll, that's the one on which NAV stumbles.

Next, I then clicked Settings > Antivirus and Sonar Exclusions > Items to exclude from Auto-Protect,SONAR and Download Intelligence Detection > Configure.
In here too I added the file ppGoogleNaClPluginChrome.dll.

Next, I did a quick scan, nothing was found; I then did a right click on demand scan on the folder in which the file mentioned above resides, nothing was detected and/or removed.

So the problem seems to be solved, but it's a workaround.
While scanning I was thinking: it's just this one file on which NAV stumbles every time but I think I can understand why: it's checksum gets changed every time a new build gets released, so I think it is almost impossible for NAV to not detect it as being "bad". Unless the file would be getting whitelisted.

 

The workaround above worked splendidly for me. I know it's not a solution, but if it works for you too?