The Symantec/Norton Thread.

Discussion in 'other anti-virus software' started by Mayahana, Jan 21, 2015.

  1. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,102
    Location:
    on my zx10-r
    i keep zero of that stuff unless i am testing malware and only do so on specific "test" systems. a good example is my wife runs a VERY expensive program for her business.. think 3000$ or so to buy the lic for it. and i have to be very careful what i install on that system as its her business computer. so i always test software on that very well before letting anything be a permanent addition.

    i made a image and decided just over a month ago to test some av's on there again and one was norton. norton went and removed a few of the program files for this program. they were gone. not in quarantine not on any list in norton no where. the program would no longer open at all. i had to either remove norton (since each time i reinstalled the program it detected and removed them and norton was the only one i checked the files with virus total as well as testing a few other av's) lucky i did make the image since this is her business all her clients and her schedule here would have been gone. this is just one example why i REFUSE to ever run something without a choice to remove something or not.

    avira for example will ask to upload these very same files to the cloud to check them and report them as good and be done with them.
     
  2. malexous

    malexous Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    830
    Location:
    Ireland
    Polished as in few bugs?
    What about the other Norton process?
     
  3. Mortal Raptor

    Mortal Raptor Banned

    Joined:
    Oct 6, 2014
    Posts:
    1,013
    that is very bad actually, very surprised that Norton would detect a legit program and delete its files as I never got any FPs with it. Very sad I wish it had worked for you man.
     
  4. Mortal Raptor

    Mortal Raptor Banned

    Joined:
    Oct 6, 2014
    Posts:
    1,013
    What other Norton process?
     
  5. malexous

    malexous Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    830
    Location:
    Ireland
    Click "Show processes from all users" and you will see two of NS.exe.
     
  6. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    Thats why I stopped using it in my desktop and transferred my license to another machine.
     
  7. 142395

    142395 Guest

    However bit disappointing that Norton didn't block malicious site in browser independent way.
    Does that really need proxy when it is plain http? I don't think so, but if they added those malicious domain/IP info to IPS, it will affect connection speed.
     
  8. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    You can restore any file.. At the very least, from quarantine. But also from 'more details' in the logs. I'd rather be safe than sorry, for me it's crucial to have a product that is aggressive, and quarantines without choice. I don't need my kids, or wife clicking 'accept' on a bad file.. They can bring it up to me, and I will check it out. This isn't enterprise level, where FP's can drag a business down. So this feature will likely not appear in any of the top consumer products.
     
  9. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA
    I can vouch for those saying that Symantec/Norton will delete (not quarantine) some detections.

    Recently (half a year ago) while running a scan with Emsisoft, a file was flagged and quarantined. I like Emsisoft quite a bit, but it has hit false positives for me several times. The file appeared to me to be part of some legitimate software -- but ya just never know sometimes. So I scanned with MBAM. MBAM did not react. Scanned with Windows Defender -- nothing. So I scanned with Symantec. And sure enough, Symantec just deleted the file. I looked around for it in quarantine -- but it was just gone.

    I did not know there was an additional place to look, in 'more details' in the logs. I'll check this out. Thank you for that info.

    I've actually never known if the file was legit. The underlying software seems to still operate normally. I just hopefully assumed that Symantec knew what it was doing.

    And I think generally, Symantec does know what they are doing... the testing reflects that.

    Yes. Those are some of the most polished bugs of any bugs that are polished.


    -ftp
     
    Last edited: Mar 6, 2015
  10. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    I can guarantee you that even in the logs, sometimes Norton cant restore the file. (because a copy wont be there)
    Manytimes you can restore the file and everything is fine, but there are cases that you can simple say goodbye to the file.
     
  11. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,718
    What about changing settings like this one:

    Norton_Security_2015_Beta_03.jpg

    What happens when you slide the cursor to the left or the right?
     
  12. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    It wont do nothing for this "problem" because this setting only applicate to SONAR, Auto Protect will still delete the file and sometimes will "forget" to make a copy in quarantine.
     
  13. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    I promised myself to not answer any more question, but it seems you always mention 3 or 4 different AVs in the threads you create so ok fine.

    Only because a new build/installer hasn't been released and put up on the website for download doesn't mean the product gets no updates and fixes for customer problems. If ESET finds a problem and can fix it in a module then there is no need to released a new build that every user has to download, instead they will release a new module that all users will receive automatically through the VSD update channel. New modules with improvements etc etc.. are released all the time more or less, but users don't see that as it all happens in the background.

    FYI, In case you haven't heard, zfactor worked with Marcos on his performance issue and they have isolated the problem and found what's causing it after some testing. But, unlike you zfactor did NOT have any problem while he tested EAV (that you use from time to time) he only experienced it with ESS. So your issue with EAV is most likely caused by something else and not the same as zfactors. But this shows that contacting the vendor can result in getting issues solved. So I wouldn't have high hopes in getting your issue fixed unless you are willing to work it out with ESET like zfactor. ESET doesn't know why you and some others have this issue, but they are willing to help if you are up for it.

    This thread is about Norton so stay on topic. Post in the ESET thread or start a new one if you want to talk more about your issue, thanks.
     
  14. coolcfan

    coolcfan Registered Member

    Joined:
    Nov 1, 2008
    Posts:
    130
    Still feeling shocked about how an AV could slow down an AW18 w/ i7 4900MQ, 32GB RAM and multiple SSDs. I'm using a DIY desktop machine with E3-1230v1, 8GB RAM and an 128GB Samsung 830 + 1TB HDD, and I've tried various security softwares including Avast, BitDefender, Emsisoft, MBAM, Comodo IS and Eset AV 8, none of them caused slow down that I can feel.

    Last time I used Norton was 2010 when I was using a outdated laptop and NIS was much faster on it than Avira or Kaspersky. Now I want to try again && hopefully it won't be blocked in China like Avast :p
     
  15. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,718
    Thanks.
    Anyway, the tests I've seen with Norton Security showed terrible results, same as the previous 2014 versions (it's basically the same product, whatever they say). No wonder they pulled out of AV-Comparatives.
     
  16. Mortal Raptor

    Mortal Raptor Banned

    Joined:
    Oct 6, 2014
    Posts:
    1,013
    Noted, thank you. I will post in the ESET thread as to not sway off topic
     
  17. Mortal Raptor

    Mortal Raptor Banned

    Joined:
    Oct 6, 2014
    Posts:
    1,013
    depends bro, what I see as a performance hit many do not consider a performance hit, I know my Alienware so much, I know how fast X program would install ot be able to tell the difference if another AV was installed and can notice if the installation was so much slower using other solutions.
     
  18. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,102
    Location:
    on my zx10-r
    yes normally you can restore a file. but this time i even contacted norton because these files were simply gone. they were not in the more details at all. the guy from norton was also surprised. now maybe it was a bug im not sure but even the guy from norton tech couldnt help me find the files to restore...
     
    Last edited: Mar 6, 2015
  19. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Actually recent tests show Norton 2015 scoring remarkably well, in the upper tier for sure. I wouldn't put too much stock in the AVC kool aid. I'd strongly recommend dialing up Norton settings, even the SEP comes improperly configured for ultimate detection. Don't be afraid to 'tick up' some of the detections/options.

    Dialed up, it's downright TOUGH to infect a Norton 2015 machine simply because IPS/Sonar/Insight/Reputation is going to snag everything you throw at it. (easy to validate yourself)
     
  20. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    They pulled out of AV-Comparatives because of the file detection test, where they are pretty bad, there's no way around admitting that. Regarding the real-world test they would have loved to be tested and probably would be among the very best, both in terms of protection as well as false positives. I also believe they would have scored very well in terms of performance impact.

    And if you tweak the settings to be more aggressive, it protects better than those programs with superior file-anti-virus signatures (yet nothing more beyond that). My only gripe is that it should come with these settings by default.
     
  21. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,718
    That's reason enough to consider Norton a sub-par product.

    And why should you have to do that?
    The facts are Norton is a badly designed product and that is inexcusable for such a large company.
     
  22. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Actually, the backend of 2015 now shares many technologies with SEP, which by most accounts is an excellent enterprise grade product. There are areas where Norton shines, and at times, outshines other solutions;

    1) IPS - Norton has a REAL Firewall (when most products are removing them), based on the SEP product, which includes IPS signatures. It will do quite well stopping things like Exploits, Injectors, and Malvertising. Which many products utterly fail at handling properly. IPS hits on Norton are quite common, and if you don't check logs, they will largely be invisible to you.
    2) Reputation - Norton has a well regarded, and at times amazing reputation engine. Or we should more accurately call it 'Karma' based engine. It's good by default, it becomes remarkable at stopping almost all unknown malware when dialed up. Norton has always been conservative with settings, this is why we have best practice deployment documents from Norton.
    3) Insight - This is a premier feature of SEP. Notch insight up to 6, and you've eliminated the vast majority of 'junk' out there. The Insight system in 2015 consumer is just as good but with less granular control. You can turn it off, normal, or aggressive. Aggressive is about the equivalent of 6 on SEP.
    4) Phishing - Norton is rated consistently as having the best anti-phishing of any AV suite out there. Only Trend and Bit Defender compete in this area, and they are 20-30% behind.
    5) Malicious URL blocking Norton is better than most, and only has a few scoring higher. It averages 50-60% MURL blocking, which puts it top 5 products for MURL.

    So really, given that, what more do you really need? It may be slight in raw signature file scanning(1-3%), but those are antiquated, and largely inadequate technologies. Companies like Norton and Trend are pushing forward with newer, more relevant technology largely based on enterprise realms. As for testing. You are aware it's scoring 99-100% now since 2015's version came out with SIGNIFICANT improvements? So your mothers Norton, isn't today's Norton my friend.

    http://www.av-test.org/en/antivirus...mber-2014/norton-norton-security-2015-144948/
     
  23. Mortal Raptor

    Mortal Raptor Banned

    Joined:
    Oct 6, 2014
    Posts:
    1,013
    Wow! Total pwnage there Mayhana!! you were the best person to give such a reply as I don't have even quarter of the technical knowledge that you to respond to him! Thanks man
     
  24. Mortal Raptor

    Mortal Raptor Banned

    Joined:
    Oct 6, 2014
    Posts:
    1,013
    BTW Mayhana, is it true that one should disable Smart Definitions in Norton Security for it to grab all definitions (ancient, old, and new) rather than just grabbing the smart ones which are less in size?

    Nevermind, I no longer see Smart Definitions, that was in the old Norton AV last year. They got rid of this smart definitions altogether
     
  25. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Now that NS / NSwB rely more heavily on the 'cloud' most definitions are there and only a much smaller definition set is downloaded to our systems.

    Cheers.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.