Norton AV Oddities.

Discussion in 'other anti-virus software' started by TechOutsider, Jan 7, 2009.

Thread Status:
Not open for further replies.
  1. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    I downloaded a massive archive of malware.

    I extracted all of them. Many were blocked by Norton. The ones that were left were uploaded to VT for analysis.

    I zipped the leftover files; the files that were deemed clean by Norton even after a selective on-demand scan.

    I put 9 files to a .zip; I was going to send them to SSR.

    I wound up with 7 archives. Now, that was yesterday.

    I ran a full system scan today, out of no particular reason, and Norton came up with several detections of malware inside those archives ...

    From my prior experience, SSR takes a long time to process samples. And I have received no e-mail from SSR, except for the tracking #s. It seems like something went wrong here.

    So, my question is directed to anyone with internal knowledge at SSR. Were the files I sent in processed within hours and added to the defs? If they were, then kudos. Or are selective on-demand scans different from full-system scans? Does Norton scan deeper with full-system scans?

    And I only received 1 heuristic detection ... packed.generic.187. From Symantec's site, the def was last updated on Sept. 24, 2008. Why wasn't Norton able to detect it yesterday, but today?

    Woah ... I just scanned the zip again today and this time Norton detected 125 threats; compared to ~30 yesterday.
     

    Attached Files:

    Last edited: Jan 7, 2009
  2. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Have you contacted Norton about this?
    I'd be interested in their response.
    Hugger
     
  3. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    Chat is for technical issues, and their answers offer no depth. Mostly canned responses. Useful, however not in a case like this.

    I've been banned from their forums.
     
  4. ink

    ink Registered Member

    Joined:
    May 20, 2006
    Posts:
    185
    There is a details about the updated definitions. you can find it on your computer
     
  5. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
  6. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    Sorry for off topic question
    @ TechOutsider
    can u tell me from where did u download those Malware
     
  7. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    We are not allowed to share links to malware ;)
     
  8. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    'archives of malware' contain much (usually over half) of corrupted/inactive/junk malware, and in no way can be relied upon for any form of testing or submission
     
  9. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    Only way to find out is to execute them ;)
     
  10. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    I agree and then you find out how good your AV is in fact- not based on tests that use varying parameters, samples, etc. It shows you reality.
     
Loading...
Thread Status:
Not open for further replies.