I am using Norton Security on my Windows 10 computer.
I am developing an application using Microsoft Visual Studio 2017. The application is in C#. The application has had no previous issue with Norton. The program does evolve with code changes over time. I have not add any new third party component to VS2017 in recent months.
However, recently Norton detects and kills and delete the program exe file and give the warning below which identifies a threat SONAR.Cryptlocker!38
.
How can I determine what specific piece of our C# code or component is upsetting Norton. I use Log4Net to write a log to 'warehouse.log.txt' which Norton File Insights also refers to as well, although it is just simple text.
I need help to discover why this is happening.
I set the text from Norton File Insight in a different size font to distinguish it from my question text.
Thank you
This is the message I get in File Insight ;-
( I have edited out some possible identifying folder labels so 'AppFolder' and 'mydev' are not their real names :-) )
Filename: AppFolder.presentation.formapp.exe
Threat name: SONAR.Cryptlocker!g38Full Path: Not Available
____________________________
____________________________
On computers as of
2018-02-15 at 14:45:01
Last Used
2018-02-15 at 14:45:01
Startup Item
No
Launched
Yes
SONAR Protection monitors for suspicious program activity on your computer.
____________________________
AppFolder.presentation.formapp.exe Threat name: SONAR.Cryptlocker!g38
Locate
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
Very New
This file was released less than 1 week ago.
High
This file risk is high.
____________________________
Source: External Media
Source File:
explorer.exe
File Created:
AppFolder.presentation.formapp.exe
____________________________
File Actions
File: c:\users\MyDev\documents\vs\AppFolder\warehouse\AppFolder.presentation.formapp\bin\x86\debug\last good build\ AppFolder.presentation.formapp.exe Threat Removed
File: c:\users\MyDev\documents\vs\AppFolder\warehouse\AppFolder.presentation.formapp\bin\x86\debug\last good build\ warehouse.log.txt Threat Removed
____________________________
System Settings Actions
Event: Process start (Performed by c:\users\MyDev\documents\vs\AppFolder\warehouse\AppFolder.presentation.formapp\bin\x86\debug\last good build\AppFolder.presentation.formapp.exe, PID:7512) No action taken
Event: Process start: c:\users\MyDev\documents\vs\AppFolder\warehouse\AppFolder.presentation.formapp\bin\x86\debug\last good build\ AppFolder.presentation.formapp.exe, PID:7512 (Performed by c:\users\MyDev\documents\vs\AppFolder\warehouse\AppFolder.presentation.formapp\bin\x86\debug\last good build\AppFolder.presentation.formapp.exe, PID:7512) No action taken
____________________________
File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available
You could try submitting the file to Norton as a possible false positive. You can report false positive indications here https://submit.symantec.com/false_positive/
Norton is not able to parse your code to give you specific details of where any bad code might be.
Then, as a developer, you should place all your projects into a single home folder, then exclude that folder from both scan options in the image below. That way, your files will remain intact.