Hello everybody,

I do not understand some probably basic NIS protection principles and need a help from the community :)

I was sure NIS uses File Insight information to check every new executable file on a PC before file will be executed. However, as I see in some (?) cases NIS ignore this information. Example: I downloaded password protected archive with infected file, unpacked it and checked it by Norton File Insight. FIle insight said: "the file status is bad. There are many indications that this file is untrustworthy"

Anyway, I run this file and (very big surprise for me!) NIS allowed to run this file without any alerts, no protection from Sonar etc.

Now, the Windows is infected, task manager is disabled, every 2-3 min I have reports from NIS about removing system files because they are infected by W32.Sality.AE... This test was done on a test PC and I did lose anything but ...

But why NIS did not use information from File Insight to protect me? How the protection system works?

P.S.. By the way, this file was sent to Symantec in the May but  it's not included in virus definitions yet...