Today I came back to my computer to find a little pop up from NIS stating that it removed some malware. I clicked on the pop up to find what was removed. It showed that something called Suspicious.MH690 was removed. I had no idea what this was, so I did a search. I found these two explanations.......

Suspicious.MH690 is a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers.


Suspicious.MH690 is a common detection method used to identify malicious files that are intentionally spreads and morphed on computers.


It's a detection method. So what malware was removed? Another question is, why was it removed? I had NIS 2009 set to ask me before removing anything. I say had, because I didn't like NIS removing something without asking, let alone not explaining what it removed, so I uninstalled it.

+1. i with you.
i dont like automatic removal procedure
panda same as norton, other many antiviruses ask to user
i uninstalled it too

-{ Quote: "+1. i with you.
i dont like automatic removal procedure
panda same as norton, other many antiviruses ask to user
i uninstalled it too" }-


I don't like automatic removal either. I especially don't like something being removed, and I don't know what it is. I did a system restore to a point before this happened. I uninstalled NIS 2009, ran a couple of online scanners, and nothing was found. I installed another AV, ran a scan, and nothing was found with that scan either.

i had the same exact pop up tonight and i want to know what was removed. im hoping this is not a avg like issue where it removed a important file by mistake. man im more unsure about nis2009 every day

Yep, I'm not a big fan of auto-removal either, and I think Symantec does that. Better hope it doesn't ever make a mistake.... ;)

I've got "Remove Infected Files Automatically" turned off under "Computer Scans". Does it still remove "infected" files without asking?

mine is turned off and it still did it to me..

mine is off and whenever infection was found it quarantined or blocked:thumb:

just double checked mine is turned off and always deletes on its own

-{ Quote: "I've got "Remove Infected Files Automatically" turned off under "Computer Scans". Does it still remove "infected" files without asking?" }-


Mine was turned off, and it still removed it without asking.

-{ Quote: "i had the same exact pop up tonight and i want to know what was removed. im hoping this is not a avg like issue where it removed a important file by mistake. man im more unsure about nis2009 every day" }-


Hi zfactor. Does AVG still have that issue? Was it the free or paid version?

no they fixed it but it was a disaster for a lot of people

I uninstalled NIS 2009 for another reason, but glad I did after reading about automatic deletions. Not good at all :thumbd:

Regarding the detection of Suspicious.MH690

What kind of level deed you use under Heuristics setting: Agressive or Automatic.

To minimize auto-deletion, just turn off idle mode and set heuristics to automatic. All deleted threats can be restored from the quarantine section. Norton has a very low false positive detection rating, so if it detects something, then most likely it was malware. If you are sure it wasn't malware then submit the false positives to Symantec. Suspicious.MH690 detection is a relative new detection method that Symantec introduced in the last patch, that's why in the earlier versions of NIS2009 you didn't see these detections.

-{ Quote: "I've got "Remove Infected Files Automatically" turned off under "Computer Scans". Does it still remove "infected" files without asking?" }-

Yes. Apparently, only "low risk" items such as tracking cookies are exempt. Medium and High risk items are automatically removed from the computer and placed in Quarantine. It doesn't delete them totally from the system, but gives you the manual option in history/quarantine, to restore the file.

In this context, care needs to be taken also with the Advanced Heuristic protection settings. IME, if "aggressive" is selected then there are more FPs.

Although Norton AV 2009 is a very light product and light years ahead in this respect over previous versions this AUTOMATIC delete with a copy to quarantine has now become the norm.

Symantec argue that "By automatically repairing and removing infected files in the background, Norton eliminates the need for user input and keeps interruptions to a minimum." However, if the file flagged is a FP and an important system file then you have problems.

"Remove Infected Files Automatically" only applies to archive files.

odd though my quarantine does not show at all the last two auto deleted files?? they are for sure not there based on when i saw the pop up.

Thats something i dont understand too. Some files are quarantined and others are not. It would be nice to have a setting somewhere to choose allays quarantine.

I've been a big supporter of NIS 2009, and I will not start bashing them. But this incident has made me lose faith in Norton.

Don't make a fuss about it :P . Symantec is one the information security companies out there that has one of the lowest false positive rate, so don't sweat it :-[ . Also, do not complain if NIS has done its job in protecting you; isn't it why you bought a NIS license in the first place? Moreover, if you want to know what was removed please go to history and click more information.

I really do not know what some people expect. If NIS did not remove your malware you will hear a bunch of blabla blabla this blabla blabla that. Now that NIS removed your malware you still hear the same blabla this blabla that. Gimme a break would you? ;D

Peace.

It isn't like Symantec's philosophy in auto-removing infected files came into existence a couple of days ago.... they have had this philosophy for a very long time.... and now people start complaining. And I find it hard to believe that many people here at Wilders didn't know that....

i have not used nortons in many years so i had hoped they changed this..

-{ Quote: "Don't make a fuss about it :P . Symantec is one the information security companies out there that has one of the lowest false positive rate, so don't sweat it :-[ . Also, do not complain if NIS has done its job in protecting you; isn't it why you bought a NIS license in the first place? Moreover, if you want to know what was removed please go to history and click more information.

I really do not know what some people expect. If NIS did not remove your malware you will hear a bunch of blabla blabla this blabla blabla that. Now that NIS removed your malware you still hear the same blabla this blabla that. Gimme a break would you? ;D

Peace." }-

Yes, I bought NIS to protect my PC. Yes, I'm all for NIS removing malware. I just want to be given the option to say yes or no in the removal process.

-{ Quote: "Don't make a fuss about it :P . Symantec is one the information security companies out there that has one of the lowest false positive rate, so don't sweat it :-[ . Also, do not complain if NIS has done its job in protecting you; isn't it why you bought a NIS license in the first place? Moreover, if you want to know what was removed please go to history and click more information.

I really do not know what some people expect. If NIS did not remove your malware you will hear a bunch of blabla blabla this blabla blabla that. Now that NIS removed your malware you still hear the same blabla this blabla that. Gimme a break would you? ;D

Peace." }-

You have missed the point of the discussion. It is not that NIS removed malware- it's that it removed it without user sanction/permission. Other major AVs that I use give you that option and so does NIS (in theory) but not really.

correct bunkhouse thats my arguement as well. and the deleted files were not even stored in quarantine so if they were in fact fp's and i need to restore them (say a system file etc) they were not moved to quarantine first so then id be screwed..imo if they have a setting to NOT DELETE AUTOMATICALLY then that should be what it does it should ask what to do. if not then the need a option like others have to ask the user what to do

-{ Quote: "Don't make a fuss about it :P . Symantec is one the information security companies out there that has one of the lowest false positive rate, so don't sweat it :-[ . Also, do not complain if NIS has done its job in protecting you; isn't it why you bought a NIS license in the first place? Moreover, if you want to know what was removed please go to history and click more information.

I really do not know what some people expect. If NIS did not remove your malware you will hear a bunch of blabla blabla this blabla blabla that. Now that NIS removed your malware you still hear the same blabla this blabla that. Gimme a break would you? ;D

Peace." }-
lowest fp's doesn't equal zero fp's:-it only takes a couple to screw your pc up,what if one was a critical windows file on a pc running without system files being protected??

-{ Quote: "correct bunkhouse thats my arguement as well. and the deleted files were not even stored in quarantine so if they were in fact fp's and i need to restore them (say a system file etc) they were not moved to quarantine first so then id be screwed..imo if they have a setting to NOT DELETE AUTOMATICALLY then that should be what it does it should ask what to do. if not then the need a option like others have to ask the user what to do" }-

Correct. If I am using Eset or Avira (two that I use on a rotating basis) and they find some malware they ask me what to do. I do not allow them to automatically delete anything as a critical system file may be the one deleted. I understand that many average users may not want to make a whole lot of decisions about malware, but, if a system file is taken out and you cannot boot your computer- there is a big problem.

setting to NOT DELETE AUTOMATICALLY
is reffering to archive (i.e. compressed) files only !!!

plz read carefully the text assosiated with this option in NIS2009 setting.

8)

Hi Bunkhouse Buck :)

-{ Quote: "You have missed the point of the discussion. It is not that NIS removed malware- it's that it removed it without user sanction/permission. Other major AVs that I use give you that option and so does NIS (in theory) but not really." }-

Totally Agree! ;)

Symantec has done the same kind of thing with NIS 09 in quite a few areas >:(

1/ Idle Scanning
Turning This OFF .. Will actually only turn the Idle Full System Scan - OFF
All the other Idle Jobs / Scans .. Will Still Run! :what:

2/ Scheduled Scans
You Can! ... But Not Really!
My God! ... Symantec have made a Pigs Ear of this function ::)
And Using - Windows Task Scheduler
Is this really a good idea?
Not To Mention...
We've paid Symantec to use what we already had.

I wonder how many other of the many functions in NIS 09 ... Are - Not Really's? >:(

Something to read.

Merry Christmas.




http://norton.lithium.com/norton/board/message?board.id=nis_feedback&thread.id=8184&view=by_date_ascending&page=2



As far as setting anti-virus detections to quarantine but not delete, this is not an available option. Most users are not advanced users, and we are concerned with them leaving malicious files on their system.



For low risk items you can choose Ask Me and you will be prompted to decide what to do with detected items.



For medium/high risk items that were automatically removed (or low risk items you chose to remove), you can restore these from Quarantine if you decide it is a false detection. For risks that are not exclusively malware, when you restore, you can exclude them from future scans.



For the "Remove Infected Files Automatically" option, this is only for compressed files, as you thought.

First page:
Internet settings (program control) & antivirus settings in NIS2009
http://norton.lithium.com/norton/board/message?board.id=nis_feedback&thread.id=8184&view=by_date_ascending&page=1

Several posts removed from this thread. Let's focus on the thread topic in a civil manner.

A) Blocked malware is not quarientined. To put it bluntly, they are blocked from execution; therefore they cannot be quarientined.

B) Medium and High Risk items are automatically quarientined.

C) There is an option for user-interaction with Low risk items.


As for heruistically detected and disinfected malware, they are quarientined, and put in a folder on your local system called "BASH"; behavioral and security heuristics.

As for FPs; I have never had one from Norton to date; started using around March this year.

Sadly, I am going to remove my trial of NIS 2009 because I would prefer to be asked before the program deletes my files.

I dont see what the big deal is. If it makes a mistake, then you can remove it from quarantine. Norton has the lowest FP rate of all AVs tested so its least likely to make a mistake.

Imagine popping up an alert to grandma and asking here "C:\asdhjer.exe" has detected as Botox.D.. what do YOU want to do because Product XXX (with all their experience) sure as hell doesn't know". How do you think she is going to respond ?

I think popping up alerts is ridiculous for high risk threats.

-{ Quote: "I dont see what the big deal is. If it makes a mistake, then you can remove it from quarantine. Norton has the lowest FP rate of all AVs tested so its least likely to make a mistake.

Imagine popping up an alert to grandma and asking here "C:\asdhjer.exe" has detected as Botox.D.. what do YOU want to do because Product XXX (with all their experience) sure as hell doesn't know". How do you think she is going to respond ?

I think popping up alerts is ridiculous for high risk threats." }-

Zombini,

I have changed my thinking on the issue- and I agree with you. NIS is now working super for me. :thumb: