Norton AV Oddities.

Discussion in 'other anti-virus software' started by TechOutsider, Jan 7, 2009.

Thread Status:
Not open for further replies.
  1. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    I downloaded a massive archive of malware.

    I extracted all of them. Many were blocked by Norton. The ones that were left were uploaded to VT for analysis.

    I zipped the leftover files; the files that were deemed clean by Norton even after a selective on-demand scan.

    I put 9 files to a .zip; I was going to send them to SSR.

    I wound up with 7 archives. Now, that was yesterday.

    I ran a full system scan today, out of no particular reason, and Norton came up with several detections of malware inside those archives ...

    From my prior experience, SSR takes a long time to process samples. And I have received no e-mail from SSR, except for the tracking #s. It seems like something went wrong here.

    So, my question is directed to anyone with internal knowledge at SSR. Were the files I sent in processed within hours and added to the defs? If they were, then kudos. Or are selective on-demand scans different from full-system scans? Does Norton scan deeper with full-system scans?

    And I only received 1 heuristic detection ... packed.generic.187. From Symantec's site, the def was last updated on Sept. 24, 2008. Why wasn't Norton able to detect it yesterday, but today?

    Woah ... I just scanned the zip again today and this time Norton detected 125 threats; compared to ~30 yesterday.
     

    Attached Files:

    Last edited: Jan 7, 2009
  2. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Have you contacted Norton about this?
    I'd be interested in their response.
    Hugger
     
  3. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    Chat is for technical issues, and their answers offer no depth. Mostly canned responses. Useful, however not in a case like this.

    I've been banned from their forums.
     
  4. ink

    ink Registered Member

    Joined:
    May 20, 2006
    Posts:
    185
    There is a details about the updated definitions. you can find it on your computer
     
  5. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
  6. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    Sorry for off topic question
    @ TechOutsider
    can u tell me from where did u download those Malware
     
  7. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    We are not allowed to share links to malware ;)
     
  8. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    'archives of malware' contain much (usually over half) of corrupted/inactive/junk malware, and in no way can be relied upon for any form of testing or submission
     
  9. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    Only way to find out is to execute them ;)
     
  10. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,058
    Location:
    Las Vegas
    I agree and then you find out how good your AV is in fact- not based on tests that use varying parameters, samples, etc. It shows you reality.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.