I am unable to prevent Norton Internet Seciurity 2010 from removing an entry from my Windows XP Hosts file.
It removes the file 127.0.0.1 jiangmin.com and classes it as SecurityRisk.URLRedir and High Risk.
When I go restore the entry from Quarantine and Exclude it fails....
(probably because either the Hosts is Read Only or it is unable to re-establish the 127.0.0.1 prefix)
The entry it has deleted is 127.0.0.1 jiangmin.com
It has left the other entry 127.0.0.1 XXX.jiangmin.com in the Hosts file.
The resulting failure to restore still places an entry in the Scan Exclusions for SecurityRisk.URLRedir ....
I have removed this entry from the Scan Exclusions file because I think that this is a false positive????
I have also added back 127.0.0.1 jiangmin.com to the Hosts file and then carried out an Insight Network scan of Hosts. It then does not detect any issues.
Can you tell me what is going on here?
Some time ago Symantec stated they were looking at altering the GUI so that the computer could be set to ASK before Sonar deleted anything. What progress has been made with this? This is a typical case where this setting is needed because this Hosts entry cannot be restored to exclude from future scans so it will keep being Quarantined again and again as I update the Hosts file.
Quote from Shane Pereira Symantec Employee 21st Octaober 2009 .......
3. We are looking at a change to the UI to allow customers to configure SONAR to always ask before deleting anything. Currently SONAR only prompts the user when it is not fully confident that what it has detected is in fact a threat.
I have altered the Computer Settings but I do not think that this is the answer....
Where do I go from here?
<<Edit: Active link to potentially hazardous Website disabled per the participation guidelines and terms of service>>