NIS 2012 Reputation Scan

Hi,

 

I'm getting tons of Unproven files.  How does one quarantine all those at once?

 

Regards,

 

-Ron

All of those appear to be within the C:\WINDOWS\INSTALLER directory.  So, what problems can arise if I quarantine them?

I believe those files are needed to uninstall/repair the programs (the one that is linked to the file or uses them).  Who's the manufacturer of those files?  Click the name of the files and you can see who produces them.  I have a couple of unknown files for Adobe Air, Paint.net, System Requirements Lab for Intel Update, and WOT.

 

To identify the file, click on the file name.

 

click.jpg

 

In the next window that apper, click "locate":

 

locate.jpg

 

Then right click the highlighted file and click "properties".  Then click on details. It can offer you some details about the files.  In this case, the file turns out to be Paint.NET installer.

 

details.jpg

 

Ok, the first one checked is believed to come from Microsoft, but the signature is not valid.

 

It is kind of suspicious that a MS file would be unsigned.  No?

 

 

 

The file name is 1004c7fc.msi.  Nothing found on Google.

Screenshot? What does it says in the description. Also, according to insight, how many people uses it?

Unknown crash history

5 users

5 months old

Poor

developers:  n/a

version;  n/a

identified:  1/15/2011

last used:  n/a

startup item: no

Did you use the locate feature and right click the file and select properties? In the file window that appear click details. Don’t forget to click cancel to close the window to keep the file as is.

Also, you may want to send the file to virus total to see what other virus scanners say. Copy the file (MAKE SURE TO COPY NOT MOVE) to desktop. Press refresh and make sure suspect file is still there in the original location. Then go to virus total and click browse and select the file you copied.

Hi barpos,

 

This issue was known to happen in NIS 2011, but was supposed to be fixed in NIS 2012.  See the following thread for a discussion.  In any event, do not quarantine files that are "Unproven."  "Unproven" simply means that there is not enough known about a file to trust it, and so the file will not be excluded from scans.  There are no implied safety concerns for "Unproven" files and you should leave them alone.

 

http://community.norton.com/t5/Norton-Internet-Security-Norton/Reputation-scan-advice-please/m-p/519234/message-uid/519234/highlight/true#U519234

DigitalSignatureDetails.png

Hi,

 

I'm getting tons of Unproven files.  How does one quarantine all those at once?

 

Regards,

 

-Ron