Norton Hotfix.exe being detected as Trojan by SuperAntiSpyware?

Norton Security | Norton Internet Security
1

Once in a "while" (maybe every 3-4 weeks) I get a Real-Time Protection warning popup from SuperAntiSpyware Pro that it has caught

 

Trojan.Agent/Gen-FakeAlert[Hotfix].Process

 

and quarantined the file.

 

This file always appears to be connected to Norton 360 in some way. The most recent incident isolated 4 files all named as follows. This is what appears under SAS quarantine:

 

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\LUE\DOWNLOADS\PATCH2943\HOTFIX.EXE

 

Note this appears to be a NORTON file.

 

The only difference in the 4 filenames is in the 4 digits following "PATCH".

 

I also found a hotfix.exe reference in the Windows PREFETCH directory which remained even after the quarantine. I deleted it.

What I'm wondering is this a "real" Norton patch release being caught as a false positive by SAS? I know Hotfix.exe is connected to a fake anti-virus program but I see no evidence of THAT program on my system.

 

Does Norton ever issue a file called Hotfix.exe?

 

I run paid "pro" editions of Norton 360, SAS and Malwarebytes and I keep them all updated and current. Only SAS picks up this file under its Real-Time Protection.

2

Hi,

Security software expects to run exclusively on a system. This means that it often will see other security programs as 'threats' to the system. Another problem with running multiple real-time scanners is that they try to occupy the same places at the same time. The result is usually decreased protection because of the internal conflict. The worse case being that all protection is eliminated.

Using other free, on demand, scanners to compliment your Norton product is often recommended. Running multiple active scanners is never recommended for more reasons than have been listed above.

I would recommend that you keep the paid version of 360 as your active scanner and drop back to using the free versions of MBAM and SAS. I have this arrangement and use one or the other weekly as a second opinion scan.

Keep us posted

3

Thanks for the info. "Pro" versions can be configured NOT to run real-time scans so I can do that. But I am wondering, is hotfix.exe a name Norton uses for its patch files? That info would be helpful here.