NIS 2009 Removed Malware Without Asking. I Think.

Today I came back to my computer to find a little pop up from NIS stating that it removed some malware. I clicked on the pop up to find what was removed. It showed that something called Suspicious.MH690 was removed. I had no idea what this was, so I did a search. I found these two explanations.......

Suspicious.MH690 is a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers.


Suspicious.MH690 is a common detection method used to identify malicious files that are intentionally spreads and morphed on computers.


It's a detection method. So what malware was removed? Another question is, why was it removed? I had NIS 2009 set to ask me before removing anything. I say had, because I didn't like NIS removing something without asking, let alone not explaining what it removed, so I uninstalled it.

 

+1. i with you.
i dont like automatic removal procedure
panda same as norton, other many antiviruses ask to user
i uninstalled it too

 

I don't like automatic removal either. I especially don't like something being removed, and I don't know what it is. I did a system restore to a point before this happened. I uninstalled NIS 2009, ran a couple of online scanners, and nothing was found. I installed another AV, ran a scan, and nothing was found with that scan either.

 

i had the same exact pop up tonight and i want to know what was removed. im hoping this is not a avg like issue where it removed a important file by mistake. man im more unsure about nis2009 every day

 

Yep, I'm not a big fan of auto-removal either, and I think Symantec does that. Better hope it doesn't ever make a mistake....

 

I've got "Remove Infected Files Automatically" turned off under "Computer Scans". Does it still remove "infected" files without asking?

 

mine is turned off and it still did it to me..

 

mine is off and whenever infection was found it quarantined or blocked

 

just double checked mine is turned off and always deletes on its own

 

Mine was turned off, and it still removed it without asking.

 

Hi zfactor. Does AVG still have that issue? Was it the free or paid version?

 

no they fixed it but it was a disaster for a lot of people

 

I uninstalled NIS 2009 for another reason, but glad I did after reading about automatic deletions. Not good at all

 

Regarding the detection of Suspicious.MH690

What kind of level deed you use under Heuristics setting: Agressive or Automatic.

 

To minimize auto-deletion, just turn off idle mode and set heuristics to automatic. All deleted threats can be restored from the quarantine section. Norton has a very low false positive detection rating, so if it detects something, then most likely it was malware. If you are sure it wasn't malware then submit the false positives to Symantec. Suspicious.MH690 detection is a relative new detection method that Symantec introduced in the last patch, that's why in the earlier versions of NIS2009 you didn't see these detections.

 

Yes. Apparently, only "low risk" items such as tracking cookies are exempt. Medium and High risk items are automatically removed from the computer and placed in Quarantine. It doesn't delete them totally from the system, but gives you the manual option in history/quarantine, to restore the file.

In this context, care needs to be taken also with the Advanced Heuristic protection settings. IME, if "aggressive" is selected then there are more FPs.

Although Norton AV 2009 is a very light product and light years ahead in this respect over previous versions this AUTOMATIC delete with a copy to quarantine has now become the norm.

Symantec argue that "By automatically repairing and removing infected files in the background, Norton eliminates the need for user input and keeps interruptions to a minimum." However, if the file flagged is a FP and an important system file then you have problems.

 

"Remove Infected Files Automatically" only applies to archive files.

 

odd though my quarantine does not show at all the last two auto deleted files?? they are for sure not there based on when i saw the pop up.

 

Thats something i dont understand too. Some files are quarantined and others are not. It would be nice to have a setting somewhere to choose allays quarantine.

 

I've been a big supporter of NIS 2009, and I will not start bashing them. But this incident has made me lose faith in Norton.

 

Don't make a fuss about it . Symantec is one the information security companies out there that has one of the lowest false positive rate, so don't sweat it . Also, do not complain if NIS has done its job in protecting you; isn't it why you bought a NIS license in the first place? Moreover, if you want to know what was removed please go to history and click more information.

I really do not know what some people expect. If NIS did not remove your malware you will hear a bunch of blabla blabla this blabla blabla that. Now that NIS removed your malware you still hear the same blabla this blabla that. Gimme a break would you?

Peace.

 

It isn't like Symantec's philosophy in auto-removing infected files came into existence a couple of days ago.... they have had this philosophy for a very long time.... and now people start complaining. And I find it hard to believe that many people here at Wilders didn't know that....

 

i have not used nortons in many years so i had hoped they changed this..

 

Yes, I bought NIS to protect my PC. Yes, I'm all for NIS removing malware. I just want to be given the option to say yes or no in the removal process.

 

You have missed the point of the discussion. It is not that NIS removed malware- it's that it removed it without user sanction/permission. Other major AVs that I use give you that option and so does NIS (in theory) but not really.