Norton Internet Security 2010 Failed

I downloaded a small application of the internet today, scanned it with Norton, ASquared, and MBAM. When I ran it, Norton's SONAR came up to say suspicious behaviour has been detected. I closed the program and removed it from my PC. Just a few minutes later Prevx jumps in and said I have a high risk security violation found (.dll) on my pc.

Why question is this... When SONAR detects suspicious behaviour, do it block or just notify the user? If it is supposed to block, why did this .dll pass through undetected?

 

For all we know it's a FP. Please post more info.

 

Sonar analyzes behavior of applications, to determine if the file is suspicious.
If many people i the Norton community have been infected by a particular file or if the file is new and hasnt been tested by Norton community, it is regarded as suspicious and quarantined automatically.

Gaod's (Giveawayoftheday.com) files are reported suspicious by Norton's sonar,why? because the files have to connect to their website to activate the product. It sends out info about your computer to their server.

This is unfortunately very similar to how malicious programs behave.I trust Norton when it comes to threats, been using Norton AV for years until i recently upgraded to Norton Internet Security.

 

You can always submit your false +ve files for analysis here

 

You wrote it correctly at first but the second part makes no sense. Norton Community (perhaps you mean Download Insight) doesn't make SONAR auto quarantine applications . Download Insight might mark applications SAFE (big green) but SONAR could still catch it because a given file has performed suspicious activity. Download Insight (if it marks a file as Unproven or Bad because of the Reputation level) never performs action against a file - it only notifies the users in a way that they understand the potential risk of running such a file.

 

3Guser, perhaps you are unaware, many new files are considered suspicious by SONAR.

I have personally experienced this many times,
Once when i downloaded a new vesion of Rising PC doctor, it was Automatically quarantined by Norton's sonar.

I did get the message on the taskbar that Sonar has blocked a threat.

If it was download insight as you suggest, does Norton see Rising PC Doctor as a threat?

 

Any setup file which starts dropping DLL files the moment it loads is suspicious, the real setup hadn't even loaded the splash screen.

It might have been believable if the rootkit was bundled into the setup's files rather than executing a dropper the moment a application starts.

 

Norton is great for the average user. After using Prevx for 18 months I expect too much from other Security Vendors. The only reason I am using norton is becuase its £10 for 2 years, otherwise it'll be Kaspersky.