Norton 2013 Products Final Released.

Yes, that is the correct link.

If you search the Norton forum for NIS/NAV, the recommended procedure is the one I described previously. However, if you cannot uninstall first via add/remove programs, then running the Norton Removal tool first should be OK. Standard procedure for removing any AV, etc. is to try to run their uninstaller first, then their cleaning tool.

Note: the Norton Removal tool removes everything that is Norton including stuff like Ghost, etc. if you happen to have that installed.

 

itman,

Just wanted to let you know that I uninstalled 2012 and installed 2013 with no issues. Live update is now working correctly, weird.

So far so good. Would like to know of any tweaks for it if at all possible. This version seems a little bit lighter. Not as light (at least feel and rendering wise) as another product that I had, (which will rename nameless due to Wilders Policy). But so far so good. Time will tell how it goes. However I hope that when I do get a new pc that it will be running even better.

Thanks again for your insight and help.

 

You can reduce the impact by turning off performance monitoring. There are other nonessential options which can be disabled, such as idle time optimization and monthly reports. Also note that boot time protection appears to be off by default - don't know what they're thinking with that. I would turn it on to at least "normal" if not "aggressive".

 

Had a weird experience today submitting samples via the retail submission page. A particular sample identified as malware by several other vendors came up as clean by Symantec/Norton. After submission, it still came up as clean (I got a response to this effect).

Oddly enough, a few days later, PC Tools detects the file, Norton does not!

I have seen a few weird things in my life, but this was new

For what it's worth, this particular malware is no more a threat, as it has been replaced by variants that Norton does detect.

 

Actually, this is quite normal. Submit to VirusTotal and it is extremely rare that all used scanners detect it. Just depends on how fast the vendor develops a signature for the malware.

With more malware being of the 0 day variant and as you observed, morfing into a different variant, signatures are becoming less relevant by the day. This is why behavior blocking and HIPS is so important these days. Note that neither of these come into action until the malware is actual run.

 

Normal should be adequate w/o seriously impacting boot performance.

 

I usually set it to "normal", but it would be worth doing some testing to see how much impact the "aggressive" setting has. It's a real concern though that "off" is now the default. I can't find an explanation for this on the NIS forum. The average user will not change default settings so I feel this is unacceptable. This is one of the reasons I've stopped recommending NIS.

 

I still recommend it and if user is self installing /configuring do advise them to turn boot time protection on,I think their logic is if the system is clean on shutdown there are no threats to protect against on boot up,I'm just not comfortable with it though

 

They have decided to go for a fast boot priority then an earlier load for some of Norton's protections.

I always turn it on (default).

 

Below is per NIS 2013 Help.

The best is can determine why it is set off by default is to not have NIS interfere with any low level driver loading. I have noticed at times during WIN 7 boot, my flakey JMicron JMB36x SCSI controller that controls my my IDE and SATA optical drives hangs up at boot time. I suspect NIS driver loading is conflicting with it when NIS boot protection is to on. Not a major issue except a very slow boot when it occurs.

Enable Boot Time Protection

Boot Time Protection starts Auto-Protect when you start your computer. The Enable Boot Time Protection option provides enhanced security level from the time you start your computer. This option ensures better security by running all the necessary components that are required for computer protection as soon as you start your computer.

When this option is set to Normal or Aggressive, all required drivers and plug-ins start functioning as soon as you start your computer. A driver is a program containing information that the computer needs to recognize and control a device. A plug-in is an add-on for a program or a service that adds functionality to it. This option ensures higher level of security from the moment you turn on your computer.

When this option is set to Off, specified drivers and plug-ins start functioning only after a specified time delay.

If you restart your computer after LiveUpdate or a product upgrade activity, the drivers and plug-ins function normally. However, in the subsequent restart the drivers and plug-ins function normally after the specified time delay.

You can use the following options to configure boot time protection:

Aggressive
Lets you configure Norton Internet Security to perform maximum protection during your computer start time.

It ensures complete protection during the boot time as Auto-Protect starts functioning as soon as you start your computer.

Normal
Provides you enhanced protection during your computer start time without compromising your computer's boot performance.

When you set this option to Normal, the drivers and plug-ins start functioning during the computer start time before their specified time delay.

Off
Turns off the Enable Boot Time Protection option.

Turning off the Enable Boot Time Protection option reduces the level of protection of your computer.

By default, this option is selected.

 

I agree, but in this case I specifically submitted the sample to Symantec using their own retail submission pages. Where other vendors declared the file infected, Symantec's automated analysis declared it as clean. Oddly, a few days later PC Tools adds detection for this malware!

 

Next time something like this happens, try to use PowerEraser against it. Also where did you submit that virus sample? I know Symantec commercial customers can do that but I see no place for retail uses to submit.

 

You see, this wasn't my PC so I didn't have a more direct method of sending samples to Symantec. So I tried this link:

http://www.symantec.com/security_response/submitsamples.jsp?inid=us_sr_flyout_contact_submit

There is an option for Retail/Home Users there. I will definitely try Power Eraser next time. On my own PC, I use PC Tools, so I was also affected, but like I said PC Tools added the samples a few days later while Norton didn't. In the long run, there was no significant damage as the malware was replaced by variants that are now well-detected

 

It sounds a lot like a bug or a mistake on their system. Things like this make even more necessary the use of a second opinion scanner.

I'd like to think that Sonar would have caught that variant too, though.

 

SONAR did, and so did PC Tools ThreatFire. Norton Insight flagged the file as "WS.Reputation.1" for....a few hours, after which this flag mysteriously disappeared. There were a few such variants which had only SONAR as defense/protection instead of Insight/signtaure scanning. The rest of the variants were detected by Norton via signatures without further action required from me.

I decided to let it go this time as these samples had become outdated, but I do wonder how this could have happened.

 

I've noticed with NIS 2013 that it seems to run a "Quick Scan" by looking in the history? Is this really necessary? Can it be disabled?

Also, what is the "Trust Level" in the GUI mean? After I first installed it over the weekend and ran a scan, it was at 92%. Now, a few days later, its at 91%

What is this and does it matter?

 

Quick Scans are run every time the computer enters an idle state after a new set of virus definitions has been downloaded. They can't be turned off.

The Trust Level indicated the amount of files considered trusted - known good files - which are excluded from scanning, thus speeding things up. The GUI number will not always be the same as the number you get from running a full reputation scan. This discrepancy issue has been known since Norton started with the reputation system. Also, the number will decrease over time, when you install new software and download things, and so on. It can be 90% or something on a freshly installed Windows, but can decrease over time to maybe something like 50-60% after a year of normal usage.

 

Files that can be determined to be safe don't need to be scanned, and that can speed up scanning quite a lot. I don't know exactly how they do it though - maybe MD5 hash? Quick Scans start during idle time and don't usually slow the system when you're using it in my experience. The idle time period can be adjusted if you want the scans to kick in more or less quickly.

 

Thanks for the clarification guys.

So by the Trust Level dropping over time, do scans then become slower? I mean, what is the point?

 

I'm not sure what was meant by that. I'm not using NIS at the moment, but in my experience there wasn't a significant drop in the % of trusted files over time. A "trust" scan needs to be done locally at intervals to refresh the list.

 

Based upon King Grub's post, it sounds as if the Trust Level drops over a period of time. My understanding is that by having a high percentage of the Trust Level would improve scan times. So if it lowers over a period of time, does that mean the scans could become slower?

So a trust scan is something that is done separately?

 

Yes, I remember that it can be done separately on demand and I believe it's called File Insight, but perhaps someone who has it installed can confirm.

Yes, a greater percentage of trusted files makes for a shorter scan time - just common sense. This is only an issue when you do a scan On Demand, in other words when you're sitting around waiting for it to finish . The "idle time" scans are pretty much invisible so it doesn't really matter how long they take.

 

Understand. I was going by what King Grub posted up above. Not sure if he is currently running NIS so I guess I will wait for him to reply. Either that, or I have to run these Insight Scans more often.

 

Actually, it is the opposite. As time goes by, Norton' trust level normally increases. Mine is currently at 90%. Hence as trust level increases, virus scan time decreases.

Now this is not absolute. If a person has a lot of unsigned apps or apps not commonly used, trust level will not be as high as if the reverse was true.

Remember that this "trust" level for apps is being determined by the Norton community rating. So an app not highly used by the community might not be set to trusted. For example, Zemana Antikeylogger is rated as "Good" by default. You can always go into the Norton GUI and set a known app to trusted if so desired.

 

http://community.norton.com/t5/Nort...-2013-How-to-increase-trust-level/td-p/817690

http://community.norton.com/t5/Norton-Internet-Security-Norton/Trust-Level-NIS-2012/td-p/555058

http://community.norton.com/t5/Nort...ton/What-does-Trust-Level-64-mean/td-p/579656