In NIS 2010 SONAR is out of my control! It simply deleted a file and requires me to reboot. I do not see anyt way to tell it to restore this file. It is ccrypt (ccrrypt.sf.net) which I have used for years and is no threat at all under clamAV or Malwarebytes, etc., etc.
How can I control this, other than shutting it off completely! Unfortunately, shutting off SONAR permanently shows up as unprotected (red Xin tray icon).
In other words, only SONAR low threats can be restored from Quarantine and marked to be not scanned. The high threats can be simply (like in this case) that only two users reported its use to Symantec.
I have to wait until the machine reboots to get this file of Quarantine!
A more permanent solution would be the choice to override High Threat SONAR removal (which require reboots) of files, similar to how Low Threat SONAR files can be treated (which of course I turned off since even the High Threats make no sense). SONAR is a poor heruistic at this time, as evidenced by the criteria for removal of ccrypt.exe -- it is not know well enough to Norton!
Of coruse, other **known** threats can still be removed by Norton.
Yes, Rome was not built in a day, but if you weren't a member of the ruling class your life surely was miserable!
When new Norton projects are so introduced, I do not think their most intense actions should be defaults. The user should be able choose or modify such actions. Most of us are end-users, not alpha or beta testers.
I am still having issues also, but worst with this build than b127. When I recompile a Visual Fortran file SONAR deletes it when I try to run it. Before I could do a restore on the file and SONAR would leave it alone(as long as I did not recompile it), now it is deleting it every time and the ‘ignore this file’ is doing nothing.
Easternokie wrote: I am still having issues also, but worst with this build than b127. When I recompile a Visual Fortran file SONAR deletes it when I try to run it. Before I could do a restore on the file and SONAR would leave it alone(as long as I did not recompile it), now it is deleting it every time and the 'ignore this file' is doing nothing.
I take it back. Setting SOANR to Ignore does not work. It still prevents me from running my own executables and scripts -- at High Threat in Unresolved means I have to reboot just to get files into Quarantine so I can restore them and exclude them. Of course they do not show up in exclusions so I was sent a hotfix to get them into exclude, so this does not keep repeating!! -- but this is only useful after I reboot to then see the files in Quarantine!!!! (Yes, as many "!"'s as I care to put.)
I cannot do my work by rebooting after I run each executable. I'm a scientist and a developer of my own C codes and I can;t go through this nonsense all day long.
If this is not cleared up in a day ro so, I will just have to uninstall and drop NIS and go to another anti-virus vendor. I can;t spend time developing NIS which looks like it is in alpha. I don't even want to take time now to Spell check this.
Yes, I installed that hotfix. However, this still does not address the false postive SONAR High Threats which place issues in Unresolved and require a reboot to see such files in Quarantine, and only then can these files be restored and excluded from future SONAR scans.
There are no Options as there are for Low Threats to make this choice without rebooting. Furthermore, since I compile a lot of my own executables and scripts (as do many developers and researchers), many files are not "recognized" by SONAR which seems to be a key issue in its determining (false positive) High Threats. This means I would be constantly rebooting all day just to get a long exclusion list (with the hotfix).
So, I have to turn Off AND Ignore SONAR and hope that works. I also hope that the regular Idle Full Scan does not also find such false postiives based on no-recognition, not based on established risks. I also have added an entire large folder and sub-folders under C:\cygwin (a full Unix system -- see cygwin.com) under both Scan Exclusions and Auto-Protect Exclusions. This all is pretty drastic, since C:\cygwin contains not only the Cygwin files but my own work covering 25 years and over one million files which now are not ideally protected.
But main problem was ignored by Symantec. So, i have a request to take steps on a complaint right away instead of waiting for 5 to 10 customers to complain.
I'm running ccrypt 1.9. I tested this latest version for Peter (the developer) on half a dozen different platforms.
I think you still do not believe me about the real problem. I think the problem is that SONAR classifies just about anything a High Threat that it does not recognize. It does not use any information about known viriuses or sypware, etc. Such problems of course then arise when compiling many new executable, e.g., using gcc. I could live with such a heuristic classifying something as unknown or as a Low Threat which Norton has immediate Options to override to restore and exclude from future scans.
However -- and read this again please (I've written this about half a dozen times, but it does not seem to register, and so this is positively the last time I will say this) -- Norton SONAR processes High Threats as Unresolved, and requires a reboot. Only after the reboot does the file show up under Quarantine, when Options are availiable to restore and exclude from scans.
Since I have many files of the one milllion files I have developed under Unix/Cygwin that would be unknown to SONAR, I would be constantly rebooting to get all these files excluded from scanning. I have no choice now but to turn off SONAR completely AND to exclude all of c:/cygwin from scans.