Disabling the Norton Community Watch feature does not prevent the Community Watch Background job from running. In general, it will just do nothing when it runs since there is no information to send back to NCW.
No new events will be generated once you disable the feature, as you have opted out of "Norton Community Watch" ----------------------------------------------------------------------------------- But I continue getting new events in History.
If these were already ququed up to be handled then CW will still do this untill everything is cleared. As stated in the quotes though, CW will still have History just no submissions once everything is handled.
As the title says, NCW is creating "norton community watch feedback" entries despite being turned off. These were definitely created after turning off the option, as I made sure to clear my previous entries. This has happened before but I couldn't have been sure until I cleared the previous entries. Today, 11 were created at the same time, each of them large in size. It doesn't allow me to copy and paste the entries but they are long, and are each a list of .dll and .sys files with various number and letter combinations after them.
As a test, could you try and turn off AntiPhishing from the Settings menu of your Norton product? Clear the NCW log and reboot your machine. Check the log later and see if there are other submissions there. I believe that the AntiPhishing / Safe Web components are still sending data to Norton.
Ok this is done, and I’ll monitor the outcome. However, I have looked through each of the 11 submissions and there are no URLs in any of them. It is mainly long strings of hexadecimal code with the odd file name. All of them start with “file vote count: 32” as well.
Actually, you may have hit the nail on the head there. Insight, Heuristics and Community Watch will all submit data to Norton / Symantec for processing. Each is a different aspect of the total system security. I’ll see if I can get a Symantec person to comment on this.
Thanks for your replies. This may be the case, and am still waiting to see if turning off antiphishing has made a difference (since it doesn’t normally create entries more than once a day), but I did notice that the entries in security history coincide with NCW being run in the CPU usage feature.
11 new entries have just appeared as “processing” despite antiphishing being turned off as well. I have also read the thread above but it doesn’t seem to explain why new entries are appearing? Just that previously queued entries will continue to be submitted.
I am going to make one more post just detailing my problem as specifically and as comprehensively as I can to allow symantec to deal with this, especially now that NCW has been off for a couple of days and I have more info to deal with.
First of all, NCW is OFF. All entries prior to it being turned off were complete (submitted) and cleared from my history. The next time NCW ran it lasted for 1 second in CPU usage. 11 new entries appeared with the time mark matching that of the process's details in the CPU usage window. The next time NCW ran in idle mode, it lasted approx 2 and a half minutes. After this, about 6 of the previous entries that were "processing" were "submitted". There were 11 entries with a new time mark (matching the most recent time NCW had run), all "processing". Since I hadn't deleted any of the entries, I can only assume 5 of the previous ones were carried forward and assigned a new time mark. The same thing happened next time; about 6 or 7 of the previous ones were submitted, 11 new ones appeared. All of these have "file vote count:32" and are lists of the paths to 32 files, interspersed with long strings of hexadecimal code. This is NOT from antiphishing/safeweb, as I turned these off and the problem persisted, plus the fact that there is not a single URL in any of the entries.
Please can someone at symantec shed some light on this.
I apologize for not getting back to you earlier; I have brought this matter up to the attention of the Mods and Admin people here at the Forum and have been assured that as soon as the proper Symantec personel can be brought to this matter that they will be. I again didn't mean to over look telling you this but I have been a little busy.
Hold on for a little while longer as I too want an answer on what exactly is using the NCW service. Thanks.
Thanks. I wasn’t making that post to hassle anyone, just to make it easy to see my problem as I had spaced it out over several posts before. There is no rush, the problem is not critical, but it would be nice to solve it.
Hi JimothyThe submissions that you are seeing, especially the ones that have the string “File Votes”, are submissions of signatures from file of interest on your computer (the signatures are just simple digests computed from the bits in the file). The signature values are shown as hex strings as you noted. It’s a common question: “Why are we submitting files as a part of Norton Community Watch?”It is important to note that we never submit file contents as part of the Norton Community Watch submissions.Rather, we are concerned only with executable files, and we submit only the signature of the file, a pathname, and version and digital signature information if present in the file.The signatures are presented to the Norton Community Watch backend system for analysis, and the signatures allow us to further enhance our database of known good and trusted files. This in turn enables us to significantly reduce our scan times by skipping known good files on your system, and concentrating on the unknown files that potentially may be bad.By turning off Norton Community Watch, you are choosing to not participate in the collection process for identifying known good files within the Norton Community.To minimize the impact on your machine, we break the submission of signatures of the files of interest into small packets, and submit a few of them at a time during times when you system is idle. We have a background scan process that identifies the files of interest and another background process that does the submissions.
The background files of interest scanning process may find a thousand or so files of interest - as running processes or startup items, etc.
The submission job runs once every 8 hours or so (as per schedule and depending on when your system is idle), and may submit 100 or so files at a time.
So ots easy to see that it may take several days to submit all files that were discovered during the scan. While this may seem like a long delay, it’s quite by design because we don’t want to place demands on your network throughput just to collect the file signatures, so we spread the work out over a period of time.When you turn Norton Community Watch off, the product will stop the discovery scan - but it will continue to submit signatures for all of the files that were discovered while Norton Community Watch was enabled. After all previously discovered signatures have been submitted, with Norton Community Watch off, the product will no longer discover new files of interest, will not collect signatures from files of interest to submit, and as a result, it will submit nothing.I hope this explanation helps.Thank you for choosing Symantec for your internet security and protectionBest regardsRoy FinePrincipal Software EngineerNorton Internet SecuritySymantec