NIS 2009 Removed Malware Without Asking. I Think.

Discussion in 'other anti-virus software' started by Graystoke, Dec 22, 2008.

Thread Status:
Not open for further replies.
  1. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California
    Today I came back to my computer to find a little pop up from NIS stating that it removed some malware. I clicked on the pop up to find what was removed. It showed that something called Suspicious.MH690 was removed. I had no idea what this was, so I did a search. I found these two explanations.......

    Suspicious.MH690 is a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers.


    Suspicious.MH690 is a common detection method used to identify malicious files that are intentionally spreads and morphed on computers.


    It's a detection method. So what malware was removed? Another question is, why was it removed? I had NIS 2009 set to ask me before removing anything. I say had, because I didn't like NIS removing something without asking, let alone not explaining what it removed, so I uninstalled it.
     
  2. guest

    guest Guest

    +1. i with you.
    i dont like automatic removal procedure
    panda same as norton, other many antiviruses ask to user
    i uninstalled it too
     
  3. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California

    I don't like automatic removal either. I especially don't like something being removed, and I don't know what it is. I did a system restore to a point before this happened. I uninstalled NIS 2009, ran a couple of online scanners, and nothing was found. I installed another AV, ran a scan, and nothing was found with that scan either.
     
  4. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    i had the same exact pop up tonight and i want to know what was removed. im hoping this is not a avg like issue where it removed a important file by mistake. man im more unsure about nis2009 every day
     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Yep, I'm not a big fan of auto-removal either, and I think Symantec does that. Better hope it doesn't ever make a mistake.... ;)
     
  6. Cloudcroft

    Cloudcroft Registered Member

    Joined:
    Feb 29, 2004
    Posts:
    433
    Location:
    The Hill Country of Texas
    I've got "Remove Infected Files Automatically" turned off under "Computer Scans". Does it still remove "infected" files without asking?
     
  7. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    mine is turned off and it still did it to me..
     
  8. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    mine is off and whenever infection was found it quarantined or blocked:thumb:
     
  9. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    just double checked mine is turned off and always deletes on its own
     
  10. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California

    Mine was turned off, and it still removed it without asking.
     
  11. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California

    Hi zfactor. Does AVG still have that issue? Was it the free or paid version?
     
  12. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    no they fixed it but it was a disaster for a lot of people
     
  13. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    I uninstalled NIS 2009 for another reason, but glad I did after reading about automatic deletions. Not good at all :thumbd:
     
  14. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    Regarding the detection of Suspicious.MH690

    What kind of level deed you use under Heuristics setting: Agressive or Automatic.
     
  15. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    430
    Location:
    The Netherlands
    To minimize auto-deletion, just turn off idle mode and set heuristics to automatic. All deleted threats can be restored from the quarantine section. Norton has a very low false positive detection rating, so if it detects something, then most likely it was malware. If you are sure it wasn't malware then submit the false positives to Symantec. Suspicious.MH690 detection is a relative new detection method that Symantec introduced in the last patch, that's why in the earlier versions of NIS2009 you didn't see these detections.
     
  16. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Yes. Apparently, only "low risk" items such as tracking cookies are exempt. Medium and High risk items are automatically removed from the computer and placed in Quarantine. It doesn't delete them totally from the system, but gives you the manual option in history/quarantine, to restore the file.

    In this context, care needs to be taken also with the Advanced Heuristic protection settings. IME, if "aggressive" is selected then there are more FPs.

    Although Norton AV 2009 is a very light product and light years ahead in this respect over previous versions this AUTOMATIC delete with a copy to quarantine has now become the norm.

    Symantec argue that "By automatically repairing and removing infected files in the background, Norton eliminates the need for user input and keeps interruptions to a minimum." However, if the file flagged is a FP and an important system file then you have problems.
     

    Attached Files:

  17. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    430
    Location:
    The Netherlands
    "Remove Infected Files Automatically" only applies to archive files.
     
  18. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    odd though my quarantine does not show at all the last two auto deleted files?? they are for sure not there based on when i saw the pop up.
     
  19. rolarocka

    rolarocka Guest

    Thats something i dont understand too. Some files are quarantined and others are not. It would be nice to have a setting somewhere to choose allays quarantine.
     
  20. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California
    I've been a big supporter of NIS 2009, and I will not start bashing them. But this incident has made me lose faith in Norton.
     
  21. Jaki

    Jaki Guest

    Don't make a fuss about it :p . Symantec is one the information security companies out there that has one of the lowest false positive rate, so don't sweat it :oops: . Also, do not complain if NIS has done its job in protecting you; isn't it why you bought a NIS license in the first place? Moreover, if you want to know what was removed please go to history and click more information.

    I really do not know what some people expect. If NIS did not remove your malware you will hear a bunch of blabla blabla this blabla blabla that. Now that NIS removed your malware you still hear the same blabla this blabla that. Gimme a break would you? :D

    Peace.
     
    Last edited by a moderator: Dec 23, 2008
  22. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    430
    Location:
    The Netherlands
    It isn't like Symantec's philosophy in auto-removing infected files came into existence a couple of days ago.... they have had this philosophy for a very long time.... and now people start complaining. And I find it hard to believe that many people here at Wilders didn't know that....
     
  23. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    i have not used nortons in many years so i had hoped they changed this..
     
  24. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California
    Yes, I bought NIS to protect my PC. Yes, I'm all for NIS removing malware. I just want to be given the option to say yes or no in the removal process.
     
  25. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    You have missed the point of the discussion. It is not that NIS removed malware- it's that it removed it without user sanction/permission. Other major AVs that I use give you that option and so does NIS (in theory) but not really.
     
Loading...
Thread Status:
Not open for further replies.