Norton Inside

Discussion in 'other anti-virus software' started by Coccinelle, Sep 19, 2011.

Thread Status:
Not open for further replies.
  1. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    Hello,today go up the new version of Sumatra PDF 1.8 and i try to download but Norton Inside clean the exe fail.Subjection:Unknown fail.
    How the Sumatra PDF can't be unknown fail for Norton?:mad:
     
  2. JimboW

    JimboW Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    209
    It's just Nortons Insight. Because it's new not many users have seen the file so Norton flags it as suspicious. Should be in quarantine, remove and add an exclusion.
     
  3. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    But to many people use Sumatra PDF how Symantec do not know this program?
     
  4. Ade 1

    Ade 1 Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    471
    Location:
    In The Bath
    It's one .exe out of millions. Just select the file and "trust now". Sorted. No need to get mad about it.
     
  5. JimboW

    JimboW Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    209
    As you said yourself, it's brand new today. So few users in the Norton community would have downloaded the file already. Because it's a brand new file, different hash, it's flagged as suspicious. When enough Norton users have the file it won't get flagged. Norton doesn't see Sumatra, they see an unknown file, unknown hash. That's how Insight works to help protect you from zero-day malware. It's all good.
     
  6. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Would be nice if norton actually asked the user thou rather than just putting it in quarantine.

    Norton used to be known for low false positives but norton insight is now adding more and more fp everyday by norton insight. how many users will be put off from using programs from smaller developers because norton blocks there program because they havent seen it before?

    Has anyone come across the stupid situation where you tell norton to take a file out of quarantine and two seconds later it puts it back in again? its more annoying when you have multiple versions of the file. norton really need to give the user an option of what to do with a file.
     
    Last edited: Sep 19, 2011
  7. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    1.That is my point to.
    2.The normal user do not know hot to make exe comme back.They will leave the situation like that:

    ..."Ah,Norton clean my exe of my program X and says that is virus.What i got to do?....Nothing,Norton clean it and i can't download it becouse every time hi clean the exe....."

    Are the normal user can think that he can go to quarantin ant make back it again?...Non,the normal user don't know that.
     
    Last edited: Sep 19, 2011
  8. zerotox

    zerotox Registered Member

    Joined:
    Jul 16, 2009
    Posts:
    417
    Totally agree! I understand that protection has its price of false positives, but as it was discussed earlier in their forums, especially for example people with small software businesses, making not so widely used programs, its very frustrating! Because when clients buy their program and their AV detects it as malware or suspicious, they take it seriously as they are not aware mostly what a false positive is. I think it's even insulting sometimes to have to justify before Norton the right of a program to exist, to depend on their approval.
     
  9. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,100
    Location:
    Adelaide
    Seems to be sorted now.

    20110919.png
     
  10. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    Couldn't agree more. I guess we need to just keep complaining to them about it.
     
  11. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    Becouse i send the E-Mail of Sumatra and Symantec this morning.So good to know.
     
  12. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,129
    Location:
    USA
    It would be good if we could clarify exactly what is going on here. If you look at message #9 with the screenshot of File Insight it shows the option to "Trust Now". I think this should be made more obvious as right now it's not easy to see, but the option is there. In this case the file is not put in "Quarantine" - if you click Trust Now the file is made available. However if NIS detects what it believes to be malware it will instantly delete it. In this case if you're certain the file is safe the only way I'm aware of to deal with it is to turn off Auto-Protect temporarily and download the file again. Then you can add it to the exclusion list. Yes, this can be pretty annoying, but we paid for security software to protect us because we cannot do it on our own (well, maybe some people can but I can't). Security is always annoying. An important part of evaluating security software is deciding if the ways it inconveniences you are logical and tolerable. NIS File Insight has been a feature now for two or three years and there's been plenty of discussion about how it works. Maybe some people here are using the wrong product? I mean that as a serious question and not to be rude. Why not switch to something that behaves more the way you want it to?
     
  13. zerotox

    zerotox Registered Member

    Joined:
    Jul 16, 2009
    Posts:
    417
    Which I've done. But I'm talking about their forum and the discussions there about the notorious and very often vague and uninformative WS.Reputation.1. And I'm talking about the people that we call average users, who usually overtrust their AV.
     
  14. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hello Victek123,
    as I said there is plenty of innocent files being removed due to possible malware. the scope of what is possibly malicious according to symantec is to high. I have switched to another product but I thought I would provide some feedback since I know some people from symantec read and post on these forums.
     
  15. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,129
    Location:
    USA
    I'm curious about which product you switched to and why? I've used NIS for a few years, but I always keep an open mind. Also, regarding the File Insight problem what do you feel would be a better way to handle it? Making it easier to trust unknown files has its own downside.
     
  16. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,129
    Location:
    USA
    I know this happens because it has happened to me a few times, but where Symantec should set the bar is difficult to say. It might be better if they made it easier to bypass File Insight and included a Sandbox option where unknown executables could be run and analyzed. That would add a layer of complexity though that will confuse and annoy less experienced users.

    By the way, what did you switch to and are you still finding it more user friendly than NIS?
     
  17. zerotox

    zerotox Registered Member

    Joined:
    Jul 16, 2009
    Posts:
    417
    As I wrote in my first post - I know that it will always be a trade-off of some kind, I realize that it's not easy at all to draw the line as there are so many different users, files and possible scenarios. But at least with the WS.Reputation.1 detections, I think there should always be an option to let the file pass. I switched from Norton but often instal it on my relatives' or friends' computers as it is automated almost to the best possible level. But as also mentioned in recent tests, there are too many false positives. And treating every new file as potentially malicious is not the fairest way in my opinion, nor the most accurate. Norton may be one of the largest vendor with one of the largest communnities but still they are a certain pecentage of all users using various software.
     
    Last edited: Sep 19, 2011
  18. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,129
    Location:
    USA
    I agree. I think they are pushing the limit of this approach and raising the sensitivity only produces more FPs. I think they need to take it in another direction - maybe sandboxing - but they have to stay with the full automation model, so their options are limited. It's really hard when you're trying to minimize user interaction/decision making.
     
  19. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    That product doesn't entirely exist. :(
     
  20. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,115
    Now everything is fine, Sumatra is recognized as safe. :)
     
  21. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    Norton is a good product but got to give the choise like Smart Screen of IE9.Here i don't have.....or i got to surch on the quarantine every time when Norton Inside give me a FP.
     
  22. ziaul

    ziaul Registered Member

    Joined:
    Aug 14, 2007
    Posts:
    239
    I think there should be an interactive mode, where the user should be able to make a choice. Of course, this option should be disabled by default.

    Ziaul
     
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    interactive mode in norton?like hips?
     
  24. ziaul

    ziaul Registered Member

    Joined:
    Aug 14, 2007
    Posts:
    239
    Only for detection made by File insight and Sonar. Not like hips.

    Ziaul
     
  25. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    :thumb: cool it sounds good
     
Loading...
Similar Threads
  1. ankupan
    Replies:
    7
    Views:
    1,332
Thread Status:
Not open for further replies.