Norton Internet Security 2010 Failed

Discussion in 'other anti-malware software' started by Gasp, Mar 8, 2010.

Thread Status:
Not open for further replies.
  1. Gasp

    Gasp Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    82
    I downloaded a small application of the internet today, scanned it with Norton, ASquared, and MBAM. When I ran it, Norton's SONAR came up to say suspicious behaviour has been detected. I closed the program and removed it from my PC. Just a few minutes later Prevx jumps in and said I have a high risk security violation found (.dll) on my pc.

    Why question is this... When SONAR detects suspicious behaviour, do it block or just notify the user? If it is supposed to block, why did this .dll pass through undetected?
     
  2. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    For all we know it's a FP. Please post more info.
     
  3. krisgeek

    krisgeek Registered Member

    Joined:
    Feb 16, 2010
    Posts:
    20
    Sonar analyzes behavior of applications, to determine if the file is suspicious.
    If many people i the Norton community have been infected by a particular file or if the file is new and hasnt been tested by Norton community, it is regarded as suspicious and quarantined automatically.

    Gaod's (Giveawayoftheday.com) files are reported suspicious by Norton's sonar,why? because the files have to connect to their website to activate the product. It sends out info about your computer to their server.

    This is unfortunately very similar to how malicious programs behave.I trust Norton when it comes to threats, been using Norton AV for years until i recently upgraded to Norton Internet Security. :thumb:
     
  4. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    You can always submit your false +ve files for analysis here
     
  5. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812

    You wrote it correctly at first but the second part makes no sense. Norton Community (perhaps you mean Download Insight) doesn't make SONAR auto quarantine applications . Download Insight might mark applications SAFE (big green) but SONAR could still catch it because a given file has performed suspicious activity. Download Insight (if it marks a file as Unproven or Bad because of the Reputation level) never performs action against a file - it only notifies the users in a way that they understand the potential risk of running such a file.
     
  6. krisgeek

    krisgeek Registered Member

    Joined:
    Feb 16, 2010
    Posts:
    20
    3Guser, perhaps you are unaware, many new files are considered suspicious by SONAR.

    I have personally experienced this many times,
    Once when i downloaded a new vesion of Rising PC doctor, it was Automatically quarantined by Norton's sonar.

    I did get the message on the taskbar that Sonar has blocked a threat.

    If it was download insight as you suggest, does Norton see Rising PC Doctor as a threat?
     
  7. Gasp

    Gasp Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    82
    Any setup file which starts dropping DLL files the moment it loads is suspicious, the real setup hadn't even loaded the splash screen.

    It might have been believable if the rootkit was bundled into the setup's files rather than executing a dropper the moment a application starts.
     
  8. Gasp

    Gasp Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    82
    Norton is great for the average user. After using Prevx for 18 months I expect too much from other Security Vendors. The only reason I am using norton is becuase its £10 for 2 years, otherwise it'll be Kaspersky.
     
Loading...
Thread Status:
Not open for further replies.