Norton360 let compessed threat into inbox

Norton 360 regular quick scans and automatic email scans MISSED a possible virus that was only found on a full system scan.

 History log showed "3xPM5BwYvQVewuv.exe" was auto moved to quarantine and then the message problems began.
Thunderbird 78.10 Win7 and Thunderbird 92 Win10 laptops had the same problem with the same aol POP account.
What didn't Norton 360 prevent this in the first place? Email virus scan is ON in settings.

Random problems exist with many emails previously read before Norton quarantined.

Glad I could help.

 

Thanks, this sounds like a workable solution. I was looking for the exclusion section in custom scans not realizing it was a global setting.

I excluded the TBird profiles folder in both places as indicated and then ran my custom scan on the copy of the profiles folder on another drive and it reported scanning 800 files with no threats found. It appears that a manual custom scan overrides the exclusions set in settings so this is exactly what i wanted to accomplish.

You can exclude files and folders from scans. Using a Windows admin account, open your 360 classic interface and click on Settings > Antivirus. Then on the Scans and Risks tab exclude any file or folder from Both items in the image below. 
 


 

My account defaulted to ports 995 and 465. When I download a file from a browser. i.e. Firefox, Norton 360 does scan the file before I open or extract it. See the attached screen shot.  What I don't know is if email attachments are scanned upon downloading automatically like browser downloads. I do not see the Norton popup when downloaded from email so I assume I must scan it manually. I often do that anyway to see the Norton File Insight.

One problem remains with Norton 360 is that you cannot exclude files or folders from a Full Scan, even when you set up a Custom Scan there is no place to exclude. Norton missed the 'compressed threat' in the inbox maybe because of the port setting, etc and it was only discovered on a Full Scan which I do once in a while on my computer. The other computer that had the problem had not had Full Scans run. When it was done manually, that's when the inbox got messed up by Norton. A strategy I thought I could use was to turn off email scanning which it turns out was not catching potential problems anyway. I could then have Retrospect Backup duplicate the profile to another location and do a Norton 360 custom scan there, leaving my real inbox untouched. I appears that email scanning being set to ON caused no problem but Full Scan did. Not being to exclude my Tbird profile folder from a Full Scan is a real problem.

Attachments are scanned on access.  So when you open a malicious attachment, Norton will block it.  To scan it prior to opening it, you need to save it to your desktop, right click it and do a custom scan.  I know it might sound less than optimal, but the bottom line is that if Norton were to catch a malicious attachment as it is downloaded, it will also catch it upon opening.  The result will be the same, the malware will be blocked.  And remember that Norton can only do email scanning on POP3 port 110 (I misstated port 25 earlier, which is the sending port), which is almost never used anymore.  So if you are required to use a different, encrypted, port you should turn off email scanning anyway, as it serves no purpose.  As some of the Mozillazine articles explain, Norton, like other antivirus programs, will keep you safe even if email scanning is disabled.  For peace of mind, save any suspicious attachments to disk and scan them before opening, but otherwise trust that Norton will catch anything on access anyway, and rest easy.

Thanks for the tip.

So will Norton 360 scan my downloaded attachments before they hit the download folder like it does when downloading from a browser?

To get rid of the exclamation warning, open Norton, click the Security tab and select "Advanced."  Hover your mouse over "Email Protection" and click "Ignore" in the pop up window.  This sets Norton to ignore the status of email protection and stops the warnings.

Thunderbird tech support said to turn off Norton email scan because it can damage the inbox (even though TBird set to allow quarantine of indivildual messages) and Norton should catch any virus when downloading any email attachment to the computer. The problem with this is that after turning off incoming and outgoing 360 scans, 360 now has the exclamation point icon and always wants to fix.

If 360 is not scanning the actual message on the way in, should it catch an virus if and when a message attachment is downloaded to the downloads folder? The email accounts in question are POP accounts in Tbird if that makes a difference.

Thanks

 

It sounds like the Inbox could have been corrupted when the malicious file was removed (again, because the Inbox is just one large file containing all your messages).  I think one of the links I provided may help you to recover the Inbox.

Yes, Compressed File Scan is ON

Message problems only started after Norton moved the threat '3xPM5BwYvQVewuv.exe' from the inbox to quarantine. Newer inbox messages are fine, earlier ones, some of them, sort of random when you click on the message title in split window view (or open in a new window) appear blank, show you the message from a different message title, or show html code rather than the correct message.

The odd thing is if you google the threat name '3xPM5BwYvQVewuv.exe' you only get hits from joesandbox.com.

Norton tech support wanted to remotely check the computer but the damage is already done. The first time I had to do a Retrospect Backup disaster recovery was after a Norton tech messed with the computer insisting on removing my Systemworks 2006 which I was still using (without it's expired virus definition because I had been purchasing NIS each year) and rendered it unusable. I will have to restore various backups of the Thunderbird profile and put them on a flash drive to do a full scan to find one that did not have the threat '3xPM5BwYvQVewuv.exe'

I will check out the the mozillazine links.
Thanks for the help.

What does "message problems" mean?  Please fully explain the issues you are having.

Email scanning can only be done on POP port 25, which almost no email providers use anymore.  The encrypted ports now required cannot be scanned by Norton because of the encryption. 

An important point here is that Thunderbird stores messages in the Inbox as one file.  Removing a virus can quarantine the entire Inbox.  Make sure that "Allow antivirus clients to quarantine individual incoming messages" is enabled in TB -- this will let Norton scan the message as a temporary file before TB puts it in the Inbox.

Norton will block any malware on access, so email scanning is not strictly necessary, and as some of the following articles point out, it can can actually cause problems.

http://kb.mozillazine.org/Thunderbird_:_FAQs_:_Anti-virus_Software

http://kb.mozillazine.org/Email_scanning_-_pros_and_cons

http://kb.mozillazine.org/Download_each_e-mail_to_a_separate_file_before_adding_to_Inbox

Is "compressed file scan" on under settings/antivirus?

Compressed files are generally not scanned until opened and uncompressed if I remember correctly.