Stop Norton deleting a file

Right now, Norton IS 2014, automatically delete any suspicious file. A few times it incorrectly deleted files : no spyware or something. Also stuff I want to decide on first.

 

Is there a way to avoid this?
Maybe suspicious files can be renamed (like FileXYZ.exe -> FileXYZ.ex_)

And create a log file of those renames?

 

I don't know.

 

Thanks

=

Ok so I just tried putting the file name in settings  -> exclusions and this has worked

Thanks for letting us know -- I am going to mark your message giving the action as the Solution since that could help other users -- it's a question we get from time to time.

Right now, Norton IS 2014, automatically delete any suspicious file. A few times it incorrectly deleted files : no spyware or something. Also stuff I want to decide on first.

 

Is there a way to avoid this?
Maybe suspicious files can be renamed (like FileXYZ.exe -> FileXYZ.ex_)

And create a log file of those renames?

 

I don't know.

 

Thanks

=

 

Thanks for the feedback (and sorry for the delay).

 

 

The thing is that the .exe actually is nót a real 'executable', i.e. it is not a program, but rather an  important(!) .txt  document that has been zipped to a password protected selfextracting executable.

Luckely I always keep a number of backups.

If I hadn't, I would have been in deep...

 

Anyway, the weird thing is that  I cannot reproduce it - whilst keeping backups on safe place, I tried to run the same .exe, moved it around whatever, and all went fine, no interference of Norton.

 

=

In Settings/Computer in the UI, the first three categories give you some options to ASK ME, so you can monitor files and programs that you may wish to skip or whitelist.

Thanks. I believe my settings are like that.

 

=SnagIt-03022014 071836.png

 

 

=

 

this is what happened

 

=

 

NIS deleting selfextracting exe-file-16012014-154751.png

 

=

 

As said, I cannot reproduce it anymore.

 

Also, this specific entry, I have looked into all history (recent, full, scan results, resolved security risks, unresolved security risks, quarantine, sonar, intrusion prevention, download insight, etc.  but this entry isn't there anymore. Peculiar.

 

Anyway ...

=

Maybe because as the file was removed, the history entry got removed as well ? I'm guessing there.....

Hello

 

The entry may not be there any more because the file might have been whitelisted or something about the file is now allowing it. I believe whan a file is removed, it is also anaylzed by Norton and subsequently found to be safe. It is removed until some point when it can be determined to be safe.

Hi thewul

 

You should be another journal entry03-02-2014 14-17-13.png

 

You can restore the file from quarantine and exclude from further inspection

 

03-02-2014 14-18-04.png

 

 

03-02-2014 14-18-36.png

 

 

 

Recommend to perform these actions only if you are completely sure that the file is safe

It must have been the self-extracting part that Norton did not like.  It could not have been the contents because it can't scan inside a password protected archive.

 

I suggest you keep a copy without the self-extractor.  Make it a common format like zip and you don't need it to self extract.

Or use a more common compression program like winrar, winzip, or 7-zip, I have never had a problem with those self extracting files.

 

Dave

Found some entries in the log file.

 

Something with Status: "Pending"   whatever..

 

SnagIt-03022014 095545.png

 

=

 


thewul wrote:

Found some entries in the log file. 

Something with Status: "Pending"   whatever..

 ...................................................


Hi thewul,

                   This definition may help you:

The Statistical Submissions  ( I think its also applicable for sample submission) are submissions to Norton Community Watch - they are not detected threats.  Statistical submissions enable Symantec to evaluate its virus detection definitions against files found on users' computers that have similarities with the signatures but are not malicious.  By doing this, the definitions can be fine-tuned to increase their effectiveness and decrease the chances of false positives.  What you are seeing in the Norton Community Watch logs are simply files of interest - samples being submitted for study.  Behavior-based detections are prone to false positives, so it is important to evaluate files in the wild that could be mistaken for Trojans and other types of threats using these methods of detection. 

 

You should not do anything with these files on your computer because they are a) not threats, and b) could be important files needed for your system or programs to run properly.  Norton has all sorts of components that detect and remove suspicious files, as well as known malware, but Community Watch is not one of those components.  Please trust the protection features to do their work properly, and do not make changes to your system based on samples that Norton is submitting for analysis.

 

Quoted from reply of SendOfJive in this thread (partially edited). Thanks to SOJ

 

This pending action / status occurs usually after a scan or threat detection and becomes successful next time you connect to internet for sufficient time for file upload. This help Norton to keep track of file or process usage, its effect on system, improve insight suggestions, scanning efficiency and detection rate. It will also help Norton to find different variations / forms of the threat detected( which indeed helps to improve detection rate.)

 

Ah! 

 

Many thanks indeed for the elaborate reply. All clear.

 

Again thanks.

 

Also to all other contributers of course!

 

=

Happy to hear you have cleared it out.