Earlier this month I upgraded from NIS11 to NIS12. I recently noticed that when I check under Norton Community Watch in my history there are repeated instances of statistical submissions claiming that WS.Trojan.H has been exonerated. I've noticed that this appears on both my laptop and my desktop computers. In addition, I notice that there are also repeated instances of Suspicious.Cloud.7.F and Suspicious.Cloud.7.L being exonerated on my desktop computer.
They show up daily and when I try to check for more information all I can find under the submission details for WS.Trojan.H is either 'pluginmanagerexe' or a string of numbers and letters followed by the detection digest's line of data. As for both the Supicious.Cloud submissions, I can find no way to identify a file or program there either. I have no idea what these files are or where Norton is even finding them. I can find no pluginmanagerexe and there is never anything in quarantine.
Naturally, I find this deeply concerning. I checked around the Symantec website and there was a page describing WS.Trojan.H:
Now, does this mean that whatever Norton has found is given the distinction of ''WS.Trojan.H' because it may possibly pose a threat but Norton doesn't know what kind, or is it an actual known Trojan? I couldn't find anything on either of the two types of Suspicious.Cloud submissions.
I realise that these may be false positives and NIS keeps saying that they've been exonerated but it still deeply concerns me. Any feedback would be greatly appreciated.
Norton Community Watch submissions are not malware detections, and are therefore not even technically false positives. If WS.Trojan.H or Suspicious.Cloud were actually detected on your PC, Norton's Auto-Protect component would have immediately removed them and alerted you. Norton Community Watch is a feature that submits files of interest to Symantec for analysis in order to improve Norton's ability to detect threats correctly, NCW plays no role in the day-to-day security of your computer, and the submission entries should not be viewed as an indication of any malware on your machine.
It's tremendously reassuring to know that these aren't actually indications that something is wrong. I was terribly worried that both PCs were somehow infected.
Do you know of any way that I could find out what files these are? Other items in my Community Watch submissions like, Skype.exe or template.exe, I can find the location for when I click on the link to view more details or I can find when searching my computer. The submissions I mentioned earlier usually just have a string of numbers and letters with no actual file name.
I've had Suspicious.Cloud.7.F show up when I was updating Pale Moon browser. It's a false positive, but it's shown up once since it was apparently sorted by Symantec. You may find the following threads helpful:
I've had Suspicious.Cloud.7.F show up when I was updating Pale Moon browser. It's a false positive,
Hi Madeline,
In your case this was an actual detection by Norton Auto-Protect, which is not the same thing as a NCW submission. The NCW submissions do not indicate that the infection is actually present, and are gathered for the purpose of refining detection signatures to help lessen the occurances of false positives.