Norton deleting family archive photos!

Norton is flagging 1000s of archived family photos (.jpg files) under the WS.Reputation.1... WTF?   Then to add insult to injury, I tried to pause the "Sonar" and Norton (for 1 hour) and it continued to quarantine my photos until I hit CTRL-ALT-DEL and killed the process. This is inexcusable! I have been a programmer for 25 years and if I put out this product I would be summarily fired.

Suggestions on the Forum to set the Sonar to Auto made zero difference. I am using another scanning product to assure that my .jpg files do not have iFrame virus (this product does detect this virus) and none of these were infected.

The whole concept of "Reputation" is (IMO) flawed.

 

Hi @Coach Nathan & @DDowTX,

Sorry for the inconvenience caused. I've sent you a private message via forums requesting logs and more details for further investigation. Please check it when you get a chance. Thanks.

Hello. I am having the same problem, though I did not notice this thread and instead started a new one:

"Photos failing WS.Reputation.1 test"

It is also tagging some of my old Norton360 backup files with names such as:

\n360_backup\{96ac6878-f418-44a3-a21b-80f8de3e8299}\{3\ dbdedd5-32ff-4b26-a983-4dca64367e45}

So it is not restricted to image files. I have shut off "download intelligence" under settings>firewall>intrusion and browser protection, which seems to have stopped the process. My other systems had not updated to version 22.8.0.50 and are not exhibiting this problem. I have shut off automatic updates on those systems until this is resolved.

I also have a huge number of photos and videos, all personally taken, on my system (100k+, almost 1TB) and it is my online backup that Norton was finding issues with. And yes, I too have online and offline backup, including archival optical storage in a vault. But I was not copying or doing anything other than reading email when I noticed the messages from Norton.

This is something seriously wrong that needs to be fixed.

Unfortunately not many users have over 450GB of photos stored locally on their pc's. Then transfer those pics from one external drive to another. It is an odd case but extremely rare for any normal user to go through. I have about 4GB of various wallpapers I use on my pc. Np personal pics. Those are all jpeg images. Even if I copy and paste them from my local drive to my external hard drive I cannot duplicate your issue. Which I did try several times to do. Maybe it had to do with copying from one drive to another. 

I agree that you can always recover and flag something to not be scanned again, but it took me 2 days to recover 100s of photos. (Press on Recover... select OK, wait for the list to refresh... Repeat....) I am glad so many have not had this same issue... But trust me when I say I was more than a little hot under the collar when I saw dozens of my wedding photos being flagged and send to quarantine... (Hence the start of this thread). Although I have recovered all of my files, it was slow and arduous and they should not have been flagged in the first place...

I hope that Norton tracks down this bug, although it may be a rare case, it seems that based on the feedback here, it is not an isolated one.

 

Best Regards

Coach Nathan

I back up weekly using Windows 10 backup and also Aoemi Backupper. I have never ever experienced such an issue. Even if Norton flags something that I know is good I simply go into my history and restore it then ignore it. 

I do my backups with Acronis True Image and store them on a NAS.

But the current Norton behavior scares me… Because you don’t know what file it will delete next time. I ask the support to do some more investigation.. hope they will do.

System Volume is where System Restore stores files. Did you manually backup your files onto an external HDD? Did you use any type of 3rd party backup software? Did you back the files up to a cloud account? 

Hello I’ve got now 4 similar cases since 1th of October.

Norton deleted 2 PNGs file create by me, my Adobe Lightroom catalog file and the “system volume information\efasidat\symefa.db” of an external hdd.

The Lightroom catalog was not stored in the quarantine (!) so this file is gone forever… Norton never had a problem with this files (use this for more than one year)

So I also think there is a really bad bug in the reputation based threat detection (the support also told me it should only scan excutable files)

as a notice every flaged file for wich u get a notice of malware from NS can be put under trusted by user protection so NS will never delete that file and alow that file to work  this is something that Norton did to give owners of new files control of what they work so if u know the file is clean its much easier to run it trusted by user than to submit the file

The days of copying and pasting to backup are long gone. Windows has it's own backup feature. Windows 10 has improved on that. There are several 3rd party solutions also. Aoemi and Easeus are my favorites. Both do differential and incremental backups along with a complete disk image. 

Thank you! I will try out that product. Will be nice to have a process better than "Copy/Paste"

 

Instead of manually moving files over try Aoemi Backupper Windows also has it's own file backup system. Are you using a USB thumb drive? I have a 1TB external hard drive. I backup my files and photos then image my pc'. I do this at least once a week. After I unplug the external drive. 

 

 

Thank you all for your suggestions. I spoke to level 2 of Norton Support and they confirmed that something definitely went wrong with the heuristics (Sonar), and it should not have processed image files and flagged them in this way.

Unfortunately I have to go in and "Restore" each one before reinstalling Norton as the uninstall will delete the files stored in Quarantine. The note I gave to the tech was that this seemed to happen when I was copying large numbers of files (10s of 1000s of photos, 450+ GB of photos) from one external USB drive to another. My guess is that the background copy threads may have had a large number of partially copied files that the Sonar then flagged in a "Partially Downloaded" state (as if downloading from the internet) and hence to the Sonar, these were not defined as an image file, hence it threw them into the scanning queue (I could be wrong but it seems to pass the "reasonable man" test).  Just an FYI so other users can be on the lookout for this type of "oops".

Thanks for all of your input! Regards   Coach Nathan 

I have transferred hundreds pf pictures from my local disk to my external hard drive. Norton has never flagged them. I also use Aoemi Backupper to backup my files and image my disk. Then I unplug my external hard drive. Everything is also backed up to my Google Drive. Do you keep your external drive plugged in? You should not. Norton does not scan external hard drives by default. There should be an option to restore all. Or else control-A and select all of them. I also agree with SendOflive. Very odd. Are you sure you did not get hit with some encryption virus? You can try uploading one of the jpeg's to Virustotal. 

To my knowledge, reputation based threat detection (which is what WS.Reputation.1 is) is confined to portable executable files.  I have never heard of .jpg files being detected as WS.Reputation.1.  That sounds very odd.

Thanks for the note, yes I realize that they are in quarantine, but now I have to go to 1000 photos and press the "Restore" hotlink, wait until it restores and then press OK... That is a lot of key presses/time for an erroneous "False Positive" that should never have flagged photos (IMO).  Also, yes.. this is on a backup (external) USB drive that I was using to consolidate all my family photos on one backup (to put in the safe). Note, I agree with keeping backups safe.... I have 3 copies... one on the HD and 2 on separate backup drives... (one off-site...) yes, I have been in IT too long :).. I will have to disagree with the task manager not being able to kill Norton... Killing the process tree goes from the PID on down so does in fact kill the process tree.

And to your excellent last point... I love MalwareBytes!

If anyone knows a way to "Bulk" restore 1000 files out of Quarantine... that would be awesome!

None of the pictures are gone. Just restore them under the quarantine. From there you can also tell Norton to ignore and exclude the files. Further more you can exclude the entire folder from being scanned. You said "archived". Where are these files stored? Locally? If the photos are that meaningful it is best to have them backed up either an external hard drive, USB stick or burn them onto a CD. Also there is cloud storage. CTRL-ALT-DEL cannot simply kill Norton. Or any other antivirus. So these are all jpegs stored on your hard drive? Remember if your hard drive fails then all those pictures are gone. Did you try scanning the folder with some other scanner such as MalwareBytes?