Norton AV Cloud - How does it work?

Discussion in 'other anti-virus software' started by Gasp, Feb 13, 2010.

Thread Status:
Not open for further replies.
  1. Gasp

    Gasp Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    82
    I tried searching the forum for the answer to this question but couldn't find much.

    How I understand Prevx to work is it creates a hash of a file then checks it against a vast online database. Should the file hash not exist, it upload part or all of the file to the server for sandboxing. The file is then listed accordingly.

    How does the Norton AV Cloud work?
     
  2. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
  3. Gasp

    Gasp Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    82
    Works along the same lines then :)

    The reason I ask is I have just installed Norton Internet Security 2010 after I had problems with Kaspersky Internet Security 2010. Like most people on here, I have downloaded a pretty new trojan from MDL to test it out, and Norton popup up a message to say this file is safe. Very strange :D
     
  4. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Might be it is a rogue AV....Have you run that file? I am sure SONAR will popup and tell you the exact behavior of the same file
     
  5. Gasp

    Gasp Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    82
    This is the file in question.

    ~ VirusTotal link removed per Policy ~

    I'll run it through a sandbox and see what happens.
     
    Last edited by a moderator: Feb 14, 2010
  6. Gasp

    Gasp Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    82
    Does the Norton Cloud analyse unknown files or just warn against them ?
     
  7. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    I am not sure about this but AFAIK it is based on community review. But in case if you run a malware which is not detected due to no signature availability then SONAR will come into action, and will block it according to its behavior ..
     
  8. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    You’ll find detailed explanations of the protection mechanisms within the Norton Protection Blog.
     
  9. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    Yeah SONAR will notify how mature is the file and how many users in the norton community have used this file and accordingly it will notify mostly it will recommend the user not to run until sufficient info is collected by symantec and even after that the user runs the file then SONAR comes in to action:)
     
Loading...
Thread Status:
Not open for further replies.