TechOutsider
January 7th, 2009, 05:49 PM
I downloaded a massive archive of malware.
I extracted all of them. Many were blocked by Norton. The ones that were left were uploaded to VT for analysis.
I zipped the leftover files; the files that were deemed clean by Norton even after a selective on-demand scan.
I put 9 files to a .zip; I was going to send them to SSR.
I wound up with 7 archives. Now, that was yesterday.
I ran a full system scan today, out of no particular reason, and Norton came up with several detections of malware inside those archives ...
From my prior experience, SSR takes a long time to process samples. And I have received no e-mail from SSR, except for the tracking #s. It seems like something went wrong here.
So, my question is directed to anyone with internal knowledge at SSR. Were the files I sent in processed within hours and added to the defs? If they were, then kudos. Or are selective on-demand scans different from full-system scans? Does Norton scan deeper with full-system scans?
And I only received 1 heuristic detection ... packed.generic.187. From Symantec's site, the def was last updated on Sept. 24, 2008. Why wasn't Norton able to detect it yesterday, but today?
Woah ... I just scanned the zip again today and this time Norton detected 125 threats; compared to ~30 yesterday.
I extracted all of them. Many were blocked by Norton. The ones that were left were uploaded to VT for analysis.
I zipped the leftover files; the files that were deemed clean by Norton even after a selective on-demand scan.
I put 9 files to a .zip; I was going to send them to SSR.
I wound up with 7 archives. Now, that was yesterday.
I ran a full system scan today, out of no particular reason, and Norton came up with several detections of malware inside those archives ...
From my prior experience, SSR takes a long time to process samples. And I have received no e-mail from SSR, except for the tracking #s. It seems like something went wrong here.
So, my question is directed to anyone with internal knowledge at SSR. Were the files I sent in processed within hours and added to the defs? If they were, then kudos. Or are selective on-demand scans different from full-system scans? Does Norton scan deeper with full-system scans?
And I only received 1 heuristic detection ... packed.generic.187. From Symantec's site, the def was last updated on Sept. 24, 2008. Why wasn't Norton able to detect it yesterday, but today?
Woah ... I just scanned the zip again today and this time Norton detected 125 threats; compared to ~30 yesterday.