Norton Inside

Hello,today go up the new version of Sumatra PDF 1.8 and i try to download but Norton Inside clean the exe fail.Subjection:Unknown fail.
How the Sumatra PDF can't be unknown fail for Norton?

 

It's just Nortons Insight. Because it's new not many users have seen the file so Norton flags it as suspicious. Should be in quarantine, remove and add an exclusion.

 

But to many people use Sumatra PDF how Symantec do not know this program?

 

It's one .exe out of millions. Just select the file and "trust now". Sorted. No need to get mad about it.

 

As you said yourself, it's brand new today. So few users in the Norton community would have downloaded the file already. Because it's a brand new file, different hash, it's flagged as suspicious. When enough Norton users have the file it won't get flagged. Norton doesn't see Sumatra, they see an unknown file, unknown hash. That's how Insight works to help protect you from zero-day malware. It's all good.

 

Would be nice if norton actually asked the user thou rather than just putting it in quarantine.

Norton used to be known for low false positives but norton insight is now adding more and more fp everyday by norton insight. how many users will be put off from using programs from smaller developers because norton blocks there program because they havent seen it before?

Has anyone come across the stupid situation where you tell norton to take a file out of quarantine and two seconds later it puts it back in again? its more annoying when you have multiple versions of the file. norton really need to give the user an option of what to do with a file.

 

1.That is my point to.
2.The normal user do not know hot to make exe comme back.They will leave the situation like that:

..."Ah,Norton clean my exe of my program X and says that is virus.What i got to do?....Nothing,Norton clean it and i can't download it becouse every time hi clean the exe....."

Are the normal user can think that he can go to quarantin ant make back it again?...Non,the normal user don't know that.

 

Totally agree! I understand that protection has its price of false positives, but as it was discussed earlier in their forums, especially for example people with small software businesses, making not so widely used programs, its very frustrating! Because when clients buy their program and their AV detects it as malware or suspicious, they take it seriously as they are not aware mostly what a false positive is. I think it's even insulting sometimes to have to justify before Norton the right of a program to exist, to depend on their approval.

 

Seems to be sorted now.

 

Couldn't agree more. I guess we need to just keep complaining to them about it.

 

Becouse i send the E-Mail of Sumatra and Symantec this morning.So good to know.

 

It would be good if we could clarify exactly what is going on here. If you look at message #9 with the screenshot of File Insight it shows the option to "Trust Now". I think this should be made more obvious as right now it's not easy to see, but the option is there. In this case the file is not put in "Quarantine" - if you click Trust Now the file is made available. However if NIS detects what it believes to be malware it will instantly delete it. In this case if you're certain the file is safe the only way I'm aware of to deal with it is to turn off Auto-Protect temporarily and download the file again. Then you can add it to the exclusion list. Yes, this can be pretty annoying, but we paid for security software to protect us because we cannot do it on our own (well, maybe some people can but I can't). Security is always annoying. An important part of evaluating security software is deciding if the ways it inconveniences you are logical and tolerable. NIS File Insight has been a feature now for two or three years and there's been plenty of discussion about how it works. Maybe some people here are using the wrong product? I mean that as a serious question and not to be rude. Why not switch to something that behaves more the way you want it to?

 

Which I've done. But I'm talking about their forum and the discussions there about the notorious and very often vague and uninformative WS.Reputation.1. And I'm talking about the people that we call average users, who usually overtrust their AV.

 

Hello Victek123,
as I said there is plenty of innocent files being removed due to possible malware. the scope of what is possibly malicious according to symantec is to high. I have switched to another product but I thought I would provide some feedback since I know some people from symantec read and post on these forums.

 

I'm curious about which product you switched to and why? I've used NIS for a few years, but I always keep an open mind. Also, regarding the File Insight problem what do you feel would be a better way to handle it? Making it easier to trust unknown files has its own downside.

 

I know this happens because it has happened to me a few times, but where Symantec should set the bar is difficult to say. It might be better if they made it easier to bypass File Insight and included a Sandbox option where unknown executables could be run and analyzed. That would add a layer of complexity though that will confuse and annoy less experienced users.

By the way, what did you switch to and are you still finding it more user friendly than NIS?

 

As I wrote in my first post - I know that it will always be a trade-off of some kind, I realize that it's not easy at all to draw the line as there are so many different users, files and possible scenarios. But at least with the WS.Reputation.1 detections, I think there should always be an option to let the file pass. I switched from Norton but often instal it on my relatives' or friends' computers as it is automated almost to the best possible level. But as also mentioned in recent tests, there are too many false positives. And treating every new file as potentially malicious is not the fairest way in my opinion, nor the most accurate. Norton may be one of the largest vendor with one of the largest communnities but still they are a certain pecentage of all users using various software.

 

I agree. I think they are pushing the limit of this approach and raising the sensitivity only produces more FPs. I think they need to take it in another direction - maybe sandboxing - but they have to stay with the full automation model, so their options are limited. It's really hard when you're trying to minimize user interaction/decision making.

 

That product doesn't entirely exist.

 

Now everything is fine, Sumatra is recognized as safe.

 

Norton is a good product but got to give the choise like Smart Screen of IE9.Here i don't have.....or i got to surch on the quarantine every time when Norton Inside give me a FP.

 

I think there should be an interactive mode, where the user should be able to make a choice. Of course, this option should be disabled by default.

Ziaul

 

interactive mode in norton?like hips?

 

Only for detection made by File insight and Sonar. Not like hips.

Ziaul

 

cool it sounds good