Norton Power Eraser

Discussion in 'other anti-virus software' started by CogitoTesting, Apr 19, 2010.

Thread Status:
Not open for further replies.
  1. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    just run the latest beta and it gave me idokndlc.sys
    don't know what it is...NPE couldn't delete this file...
    maybe becuase i'm using malware defender?...
     
  2. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Latest beta, default (Normal) scan, NPE is detecting a sys file of BootGuard I believe (aka MBRGuard); btguard.sys


    No data AT ALL, so I'm guessing a bug.
     
  3. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    You might want to disable the driver name randomization feature in MD, at least would be less confusing like that.

    Yeah, that's MBR Guard.

    Looks like the dislike of the yellow eraser for any non-yellow security stuff continues. :thumbd:
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I did two detection-only tests with Norton Power Eraser v1.0.0.47 in a Windows 7 x64 virtual machine that has fewer than 10 programs installed. Two of those installed apps are anti-malware apps Hitman Pro and Prevx.

    Test #1: ran trojan that I downloaded from web. It installs two malware .exes, according to both Hitman Pro and Prevx.
    Purpose of test: test whether Norton Power Eraser can find at least some malware, and also test if non-malware may be included in results.

    System scan in Normal mode:
    2 malware
    0 non-malware

    System scan in Aggressive mode:
    2 malware
    0 non-malware

    Volume C scan in Normal mode:
    0 malware
    0 non-malware
    I did this scan twice, because these results aren't intuitive. Why does a scan of the entire volume miss some malware found in the brief system scan?

    Volume C scan in Aggressive mode:
    2 malware
    4 non-malware - none of these involved competitors Hitman Pro and Prevx


    Test #2: made 4 copies of a non-malware .exe and very slightly altered each one of them in a non-malicious manner; two of the altered copies retained the .exe extension, while the other two altered copies were changed to non-executable extensions.
    Purpose of test: test handling of files never seen before by Norton

    System scan in Normal mode:
    0 malware
    0 non-malware

    System scan in Aggressive mode:
    0 malware
    0 non-malware

    Volume C scan in Normal mode:
    0 malware
    0 non-malware

    Volume C scan in Aggressive mode:
    0 malware
    6 non-malware; these consist of the two altered files that retained the .exe extension, plus the same four as from test #1; the two altered files with non-executable extensions were not listed

    Observations and conclusions: Can find at least some malware. The system scans took only a few minutes, while the volume scans took maybe 15-25 minutes. The only scans that returned non-malware as possible risks were those involving directory scans in Aggressive mode, and the non-malware listed didn't include any of my other anti-malware apps. The system scan can find malware missed by a directory scan of an entire volume, which surprised me. The Aggressive mode volume scan found the two altered .exes, which is what I had hoped for. Unfortunately, the Aggressive mode scan missed the two altered .exes that I changed to non-executable extensions, which leads me to believe that Norton Power Eraser looks only at file extensions in determining which files to process further, at least in directory scans in Aggressive mode.

    I'm quite happy to have found a free program that can (via a directory scan in Aggressive mode) list all executables on a system that aren't on a whitelist, although I wish that Norton Power Eraser would include as candidates those files with executable content but non-executable extensions. The ability to list executables that aren't known to be safe is already reason enough to make Norton Power Eraser a keeper, IMHO.
     
  5. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    I think that's not the thing at all. I'm pretty sure it's just for the simple reason that the protection mechanisms end up looking like the manipulation malware is trying to cause.
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Test #3: I modified 4 .dll files, two that are installed with the OS, and two from programs that I installed.
    Purpose of test: test handling of files never seen before by Norton

    Volume C scan in Aggressive mode:
    0 malware
    7 non-malware - 3 of the 4 modified .dlls, plus the same 4 files found in same scan type in test #1

    I'm not sure why one of the modified .dlls wasn't reported; I double-checked that it in fact was successfully modified.
     
  7. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812

    Because the directory scan scan just FILES in the directory you choose . The system scan checks Windows Registry , too. I have seen Norton Power Eraser find just a malware registry entrie and then finds the associated malware file.
     
  8. malexous

    malexous Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    830
    Location:
    Ireland
    Norton Power Eraser 1.5.0.30 Beta
    http://community.norton.com/t5/Nort...er-1-5-0-30-Beta-is-Now-Available/td-p/263849
     
  9. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    This new remote scan feature should increase accuracy,it could well be heading toward being an impressive app. if it continues on this path.:thumb:
     

    Attached Files:

  10. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    After submitting the suspicious files to Symantec:
     

    Attached Files:

  11. qakbot

    qakbot Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    380
    My sister's computer was infected this afternoon and fortunately she realized right away and called me. We immediately ran MBAM and it found nothing, which I found very surprising since MBAM seems to be the de-facto for finding things that other products can't. I then ran across this forum, and decided to try Norton Power Eraser, and guess what.. it actually found some baddies and removed them. The popups have stopped, [keeping fingers crossed].

    My question is whether MBAM is signature-based and thats why it couldn't find anything because the virus was so "fresh", and how was Norton able to find something. How does Norton eraser work ?
     
    Last edited: Aug 25, 2010
  12. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    MBAM has a huge bases of threats definitions but still it uses outdated technologies (signatures and heuristic rules) to find malware . That is why it is useless against zero-day threats.

    Norton Power Eraser designed especially for threats that Norton products don't detect uses the Norton reputation system to check all files of interest (a.k.a PE files - executables) and locations where malware can be against the cloud and gain their reputation. If a program is known Good or Trusted , files and registry is not detected . If a file has unproven or known bad reputation , Norton will pick it up . This program uses modern cloud technology and unlikely MBAM , it based on whitelisting . Zero-day threats are not in the whitelist and therefore can be detected easily by NPE. Nowadays the majority of files found on the Internet are malicious (a.k.a threats) however only the minority are good . Therefore we need a new technology , new and aggressive methods to finds threats.
     
  13. Matthijs5nl

    Matthijs5nl Guest

    You should work for the Symantec marketing department.
     
  14. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    It simply detects everything good or bad.:rolleyes:
     
  15. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    I've not found that to be the case,at least of late.In the screenshot I posted the only files flagged up apart from File menu tools were related to a Beta version of CIS and Fileassassin and Unlocker,both of which exhibit malware-like functionality.These were all checked online and found safe,no FPs.

    There's a load of other stuff on this system,none of which was flagged up,maybe it's not the same for everyone but for me who's a long way from being a Norton fanboy,credit where it's due for a decent product.
     
    Last edited: Aug 25, 2010
  16. qakbot

    qakbot Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    380
    This thread starts of talking a lot about false positives, but I didn't see any. That is probably because I ran the latest version downloaded from the norton site and they have ironed out some of the quirks in the first Beta.

    Does anyone know if NPE is going to remain free. I hope so, my very very :)limited experience with it tells me its a good backstop, dare I say alternative to MBAM, especially like you say, for zero-day attack, which I think is probably what my sis got hit with.
     
  17. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    I'd certainly hope that this will remain free,but I've not seen anything to guarantee it will.:doubt:

    As it stands it's another option,along with HMP and MBAM,etc.The more the merrier I say.
     
  18. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    Yes I also have found that the FP has been reduced drastically..:)
     
  19. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,587
    For some reason eraser is detecting hard disk sentinel http://www.hdsentinel.com/hard_disk_sentinel.php
    as "bad" and remote "scan" button is greyed out so i cant send file.The other "suspicious" entries can be remotley sent.Anyone know why i cant remotley scan hard disk sentinel?
    ellison
    UPDATE ::::
    Ive just realized ,its because its a directory rather than a file ,so it cant be sent remotley.So what happens in this scenario?
     

    Attached Files:

  20. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,886
    Location:
    Innsbruck (Austria)
    because its a "directory". You can not submit a folder name.
     
  21. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,587
    Yep just realized that o_O .So what is a user supposed to do in this instance?.The directory is normal C:\Program Files (x86)\Hard Disk Sentinel.A right click scan/remote scan of files would be a good thing to have in this instance

    ellison
     
  22. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    I haven't installed the program but the installer has good reputation. You could try to submit it here:
    https://submit.symantec.com/false_positive/insight/ and also note that NPE detects the directory as bad
     
  23. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
  24. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    The Symantec webpage for Norton Power Eraser no longer says “beta,” so it appears that the product has now been officially released.
     
  25. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    I'm also quite impressed, I ran a scan on my fairly young Vista64 system with all programs, it found something and assessed it accurately (no FPs). I also welcome Symantec offering a free product that is very effective.
     

    Attached Files:

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.