Norton Security Thinks My Inno Setup Files Are A Threat!

Norton Security | Norton Internet Security
1

Hi Folks:

 

   Product Name: Norton Security Suite, Version: 4.2.0.12.  This is the package Comcast gives their customers. 


   I'm a new user. 

 

   I develop programs in C++ and use Inno Setup to create the setup packages. 

 

   I've noticed that I can't download a seutp file I've created from my website.  A little window pops up in the lower right of my screen with the words "Thread Found" and the name of my setup files. 

 

   The file never makes it to the download folder.  Or it's deleted before I see it. 

 

   Norton is a widely used security package, and having it accusing me desiminating threatening files isn't going to do my business any good. 

 

   I've clicked on the norton icon, gone to settings and turned off everything in the right hand column.  But I'm still unable to download this setup file. 

 

   Do I need to uninstall Norton?  Is this what I'll have to tell my customers to do? 

 

   Attached are three pages from the File Insite window. 

 

   What do I need to do to allow myself and potential customers to download this file. 

 

 

                                 Thanks

                                 Larry

 

2

Hi Larryl_2010

 

Turn on Silent Mode for 1 hour and that should allow you to download the file without it being quarantined and deleted.

 

 

This can be done by opening the Norton Interface.

 

Select Settings -> Administartive Settings -> Click on Silent Mode

 

 

Regards

 

MrSecurity

3

Thanks MrSecurity:

 

   I set silent mode to 1 hour, the minimum amount of time on this version of Norton Security. 

 

   Download the file using Firebird. 

 

   The download isn't in the folder. 

 

   The window informing me of a threat didn't come up. 

 

   I suspect that that option just caused the download to be blocked, or the file to be deleted, silently. 

 

                   Thanks

                   Larry

 

4

Hi,

 

Go onto Tasks -> View Security History -> Select The action(i.e. file deleted) -> More Details -> Options(Found at the bottom of this window) -> Restore File.

 

Make sure "Exclude this risk from future scans" is ticked.

 

REgards,

 

Mr Security

 

P.S. The Last Resort is to Turn off Auto-Protect.( Settings -> Antivirus -> Click Auto-Protect).

5

Thanks Again Mr Security:

 

   That works, and the file is restored.  It seems like a task that my technically challenged customers can't be expected to duplicate. 

 

   I was unable to find anything labeled "Exclude this risk from future scans". 

 

   Options brought up a "Threat Detected" window with three choices, "Restore this file", "Remove this file from history" and "Submit to Symantec". 

 

   "Exclude this risk from future scans" is not one of my choices. 

 

   The help for this page suggests that I should have 7 choices. 

 

   Perhaps the version of Norton Security being distributed to Comcast users is missing features. 

 

 

6228i706170CF0D2741C0

 

   Options gives me:

 

6229i0F006CB03A9FD416

 

 

   I've had run ins with Norton Security before, in the month it's been on my system.  I've had to turn off the firewall so I could open up ports needed by remote assistant.  I'm comfortable relying on my router/firewall to handle that task.  I've also had to disable something, I don't remember what, in order to receive .exe files as email attachments. 

 

   What is a threat anyway?  A file that fails a sophisticated analysis that can detect viruses hiding inside it?  Or is any file with an extension of ".exe" considered a virus?  I assume some executables, from Mozilla, Microsoft and others pass without problems. 

 

   Can I submit files I create to Symantic, so they can be tested and placed on some list of files that can be emailed or downloaded? 

 

   I'd like to be treated like an adult.  Is there some setting that will cause a window to pop up when a threat is detected, which will give the user a opportunity to allow a questionable file to be received, or not? 

 

  I hadn't planned on spending this much time to allow myself and my customers to download my files. 

 

                        Thanks

                        Larry

 

6

Hi again,

 

You can have the file submitted to Symantec, as in the diagrams, selct options, then select Submit to Symantec.

 

On the off chance that it does not give you this option, follow the steps below.

 

1. Go back into Security History and Select Add to Quarantine.

2. Now browse for the file you previously Restored and  Add.

3. Follow the steps you did before and you should now have the option of submitting to Symantec.

 

Fingers crossed, the file will be checked and everything will be Ok.

 

 

Regards,

 

DougL

 

7

Thanks Again Doug:

 

   First, I attempted to attempt to download "demo_setup.abc", to see if changing the extension would change the response of Norton Security. I've been able to send executable email attachments by changing the extension. 

 

   I received the same error. 

 

   I decided to click on "Submit to Semantic" to see what would happen.  I expected to see a form where I would enter, among other things, an email address and a place to enter some description.  Instead this popped up:

 

6240i1CEA00C78A1284D4

 

   I didn't mean to submit anything at this time.  Can you stop this?  The file name is "demo_setup.abc" and the download was attempted at June 24 at 1:06 AM Pacific Daylight time.  This might be exactly what I want to do, but I need to know what I'm setting in motion before I'm comfortable submitting files. 

 

   Back to my two questions: 

 

   What is it about a file that will cause it to be considered a threat? 

 

   Is there a "Treat me like an adult" setting, where I can choose to download or open an email attachment that Norton Security has decided is a threat? 

 

                    Thanks

                    Larry

 

8

Hi Larry,

 

Welcome to the community!

 

It looks like the downloaded file is detected as "ws.reputation.1". Here is the thread that will give you more information on the detection.

http://community.norton.com/t5/Norton-Internet-Security-Norton/Clarification-on-WS-Reputation-1-detection/td-p/232155

 

If you think the file is being detected as malicious in error, kindly submit the file to us here.

https://submit.symantec.com/dispute/

 

Let us know if you need further assistance.

 

-Venkat

 

Venkat Jammalamadugu
Norton Forums Moderator
Consumer Products and Solutions
Symantec Corporation

9

Thank You Venkat:

 

   That is a very userfull link. 

 

   How about that "Treat me like an adult" setting? 

 

   Is there a method a user can choose to download or attach a file after Norton Security warns them that it might be a threat?  Something easy like click a "Download it anyway" button. 

 

   I'd like to dissiminate software without having to walk each recipient through the whole Security History option Threat Detection Restore This File thing. 

 

           Thanks

           Larry

 

10

You're welcome Larry.

 

<<<<<<<

Is there a method a user can choose to download or attach a file after Norton Security warns them that it might be a threat?  Something easy like click a "Download it anyway" button.

>>>>>>>

 

I think that sounds like an interesting suggestion. I would encourage you to post this suggestion in the following board for better exposure.

http://community.norton.com/t5/Norton-Internet-Security-Norton/idb-p/NIS_Suggestions

 

However, giving such options I may think, can lead to some security vulnerability among less experienced/novice users.

 

-Venkat