Category Archives: Symantec

Symantec

How to report false positives

Recent new items have raised awareness of the dangers of false positives in security products.  The potential for false positives is something that Norton takes very seriously and we have implemented multiple processes in our development and certification of signatures to prevent false positives.  But there is always a possibility of a false positive reaching the field.  Additionally, there are sometimes disagreements between software vendors and Norton as to whether a file presents a security risk to customers. 

 

In any of these cases Norton offers a fast and simple way to dispute our detection or categorization of a file.  Simply go to https://submit.symantec.com/false_positive/ to enter your dispute.  The forms are monitored 24 hours a day so that Norton can immediately begin to research and correct any issue.

Hot Issues & Hot Fixes (Updated April 6, 2011)

Hot Issues – problems with the product that we are currently researching and working to resolve, or additional information regarding current situations. If you have additional information about issues, please post it to the existing thread on the subject. Please do not create a new thread for the same subject; this will create confusion about the issue.

 

– My computer stops responding after I install the latest updates for my Norton 2011 product (More Information)

– Some users may experience WS.Reputation.1 detections (More Information)

– Programs compiled with certain compilers may be falsely detected by SONAR (More Information)


 

Hot Fixes – tools we’ve created to resolve Hot Issues that were previously reported on the forums. You will see them listed below with a link to the Symantec Knowledge Base article containing the Hot Fix. If you continue to experience the problem after using the Hot Fix, please open a new thread on the subject.

 

Norton Internet Security 2011 / Norton 360 5.0 toolbar toolbar does not load on Firefox 4:

– NIS 2011 (hotfix available)

– N360 v5 (hotfix available)


 

Fixes

 

The following fixes are included in the Norton Internet Security / Norton AntiVirus 18.5 (2011.5) release (available in the Norton Update Center):

 

– Fixed an issue where Norton Insight might falsely report 0% trusted when Performance Monitoring was disabled. (Discussed Here)

– Fixed an issue with the Activity Map might not update when Smart Definitions are enabled. (Discussed Here)

– Improved instances where the Norton AntiSpam Toolbar might be erroneously disabled (or “grayed out”) in Microsoft Outlook 2007 and Microsoft Outlook 2010. (Discussed Here)

– Corrected an issue where “Custom UI Runtime Error in Norton AntiSpam Outlook Plugin” might display when using Microsoft Outlook. (Discussed Here)

– Fixed an issue where the option to “run” an executable was missing from a File Insight/Download Insight window. (Discussed Here)

– Corrected an issue where Idle Full System Scans would show report inconsistent amounts of Scanned Files. (Discussed Here)

– Fixed an issue where Full System Scans would not run continuously, including when the machine is left idle.

– Fixed an issue where the Norton Product may display “Subscription Expired” after updating from a previous version.

– Fixed Internet Explorer crashes that were due to Intrusion Prevention. 

– Performance Enhancements were made on the Norton Toolbar for Internet Explorer 9 Beta. 

– Enhanced Settings migration when updating from an older version.

– Usability and Performance improvements to the support experience. 

– Added better Norton AntiSpam support for Microsoft Outlook configured with multiple accounts. 

– Corrected a few instances of 8504 errors that may appear when the Norton product is launched. 

– Fixed a Registry Leak issue that may occur during shutdown. (Discussed Here)

Security Response – Check your computer for malware

Symantec Security Response has created a short video to introduce you to some of the common hiding places for malware. The video presented by Benjamin Nahorney (Senior Information Developer) takes you through the following topics:

1) Looking for suspicious programs in Windows Startup by using msconfig.

2) Checking the list of running processes and services using Windows Task Manager and services.msc tool.

3) Visually checking the System folders for suspect files with Windows Explorer.

4) Submitting the any suspicious files to Symantec security response for analysis using the Web Sample Submission page.

5) Tracking and reviewing the response provided by Symantec to your submission.

 

 

To watch the video click on the following link/image:

 

http://www.youtube.com/watch?v=gymh_TF818I&fmt=6

 

 

For more details and a more comprehensive list of common load points for malware, please see to the following articles:

http://community.norton.com/t5/Announcements/How-to-troubleshoot-a-suspected-Malware-infection/m-p/69868#U69868

http://www.symantec.com/business/support/index?page=content&id=TECH99331&locale=en_US

We hope that this video helps you to troubleshoot and identify potentially malicious files that may be causing problems on your computer.

Symantec Security Response Team

Message Edited by Tony_Weiss on 08-12-2008 12:12 PM

Subscription Clarification

With all the great questions I received with the first Subscription Clarification post, I thought it would be a great idea to post a NEW and IMPROVED post. I have also opened a discussion thread on the subject in each board for customers with questions about their specific situations.

 


Important Links:

Update Center (US):

http://updatecenter.norton.com
Purchase A Renewal:

http://shop.symantecstore.com/store/symnahho/en_US/DisplayUpgradePage/ThemeID.106300/pgm.12788100
Upgrade your Product:

http://shop.symantecstore.com/store/symnahho/en_US/DisplayCategoryListPage/ThemeID.106300/UpgradeCenter/categoryID.2222100

 


To begin our discussion, I’ve provided a definition of the Symantec subscription terms that we will be using:
 
Upgrade – An Upgrade is an updated or more comprehensive solution that provides features and/or technologies not included in the Norton product that you are currently using. When you purchase an Upgrade, you get a new subscription for one or two years (depending upon the Upgrade you purchase) to use the more comprehensive product.  Your new subscription period will begin when you activate the Upgrade product by entering the Upgrade activation key during the product installation process. Time remaining from your previous subscription is not added to the new Upgrade subscription time.
 
Example: You are a Norton AntiVirus 2008 user, and you purchase Norton Internet Security 2009. When you install this Upgrade, your new subscription period will begin, and any time remaining from your Norton AntiVirus 2008 subscription will not be added to your Norton Internet Security 2009 subscription.
 
Version Update – For certain Norton products (such as the 2006 and later versions of Norton AntiVirus, Norton Internet Security, and Norton 360), Version Updates are provided to you for no additional fee during your current product subscription. In addition to the latest Security Updates which are delivered through Symantec’s LiveUpdateâ„¢ technology, your product subscription entitles you to download, install and use the latest version of your product through the end of your current subscription period.
 
Example: You are a Norton 360 v1 user, and you download the Norton 360 v2 Version Update.  You will be able to use Norton 360 v2 throughout the time remaining for your Norton 360 v1 subscription.
 
Renewal – When you purchase a subscription Renewal, you are buying an extension to your current Norton product subscription. A Renewal adds time to your existing subscription and enables you to receive Security Updates for your Norton product.  For a 2006 or later version of certain Norton products (such as Norton AntiVirus, Norton Internet Security, or Norton 360), a Renewal also makes you eligible to download, install and use Version Updates for your Norton product for the duration of your subscription period. When you purchase a subscription Renewal, the renewal time period is added to the time remaining on your existing subscription.
 
Example: You are a Norton Internet Security 2008 user, and you have 15 days of subscription time remaining. You purchase a Renewal to extend your subscription time for another year. Upon completing your Renewal purchase, your new subscription period will equal 380 days (which represents the sum of your remaining 15 days plus the one year Renewal period). Please note that with a current subscription to Norton Internet Security 2008, you are also eligible for the Version Update to Norton Internet Security 2009 as described above.
 
Multiple License Scenarios –  Here are a few scenarios that might help answer any specific questions you have. Please read below before you post a question about Subscriptions:
 
– When you activate the software on one PC with a license to be installed on up to three PCs, the activation period for all three licenses begins when the product is installed on the first PC. All three PCs will have the same subscription expiration date, regardless of when you install and activate the product on the second and third PCs.
 
– If you purchased a product with a subscription for up to three PCs, and you purchase a Renewal for this subscription through one of the PCs, the Renewal will extend the subscription period for all three PCs automatically. Running LiveUpdate on the other two PCs will enable each PC to contact Symantec’s servers so that the subscription period for each PC can be updated to reflect your Renewal purchase.
 
– If you purchased a product with a subscription for only one PC, and you purchase a Renewal for this subscription, the Renewal will extend the subscription period for just one PC. If you have a need to install the product on more than one PC, purchasing an Upgrade to a product that offers a subscription for up to three PCs might be a better idea.

Welcome to the Norton Users Community Forum!

The Norton Users Community Forum is officially out of Beta! This has been a great project, and we appreciate your help in establishing this community.  Many thanks to everyone who has joined the Norton Forums since our launch in April 2008.
 
We kicked off this project with the intent of creating a place where Norton customers, employees and other people interested in dialogue could meet online to discuss our products and related topics; from system tune-up to malware removal to suggestions for future product features. With your feedback, we have been able to grow these forums into an excellent resource for such a dialogue, and we continue to see the potential for growth in the forums. We still plan to build out boards for the rest of the product line and in more languages than just English.
 
Recently we have added some new features — a board specifically for Norton Macintosh products, the “image upload” and storage feature for all users, and some updated icons to make Symantec employees stand out more.
 
So once again, thank you for swinging by our new neighborhood, and helping to make it your neighborhood as well.

How to troubleshoot a suspected Malware infection

Please follow the below steps if you suspect that you may be infected with a threat which your Symantec product isn’t detecting:

–    Ensure you have the latest virus definitions by running LiveUpdate.
–    Run a full system scan, removing any malicious files which are detected.

If, after following the above steps, no threat is found, check for any recently created or suspicious files in the following locations:

–  C:Documents and SettingsAll UsersStart MenuProgramsStartup
–  C:Documents and Settings[user name]Start MenuProgramsStartup
–  C:Documents and SettingsAdministratorStart MenuProgramsStartup
–  C:Documents and SettingsDefault UserStart MenuProgramsStartup
–  C:WinNTProfilesAll UsersStart MenuProgramsStartup
–  C:WinNTProfiles[user name]Start MenuProgramsStartup
–  C:WinNTProfilesAdministratorStart MenuProgramsStartup
–  C:WinNTProfilesDefault UserStart MenuProgramsStartup
–  C:WindowsStart MenuProgramsStartup
–  C:WindowsAll UsersStart MenuProgramsStartup

Check the common loading points for any suspicious files using the msconfig utility:

For Windows 98/Me
–  Click Start, and click Run. The Run window appears.
–  In the Open box, type msconfig and click OK. The System Configuration Utility appears.
–  Click the Startup tab.
–  Scroll through the list of files.
–  If you see a suspicious file, then note the name.
–  Click the Win.ini tab and then clear the checkbox in front of [windows]. Look for any entries in the Load= or Run= lines. Note any files that you see.
–  Click the System.ini tab and then clear the checkbox in front of [boot]. You should see an entry Shell=Explorer.exe. Check to see if there is another file name to the right of Explorer.exe. If there is, then note the file name.
–  Click Cancel to close the System Configuration Utility.

For Windows XP
–  Click Start, and click Run. The Run window appears.
–  In the Open box, type msconfig and then click OK. The System Configuration Utility appears.
–  Click the General tab.
–  Click Selective Startup.
–  Click the Startup tab.
–  Scroll through the list of files.
–  If you see a suspicious file, then note the name.
–  When you are finished, click Cancel to close the System Configuration Utility.

Check registry load points:

–  Click Start, and click Run. The Run window appears.
–  In the Open box, type regedit and then click OK. The Registry Editor appears.
–  Browse to the following registry keys and note any suspicious file names in the right hand pane.

HKEY_CURRENT_USERSoftwareMicrosoftWindowscurrentversionRun
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowscurrentversionrunonce
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowscurrentversionrunservices
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowscurrentversionrunservicesonce

HKEY_CURRENT_USERSoftwareMicrosoftWindowscurrentversionPoliciesExplorerRun
HKEY_CURRENT_USERSoftwareMicrosoftwindowsntcurrentversionWindows
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowscurrentversionRun
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowscurrentversionrunonce
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowscurrentversionrunonceex
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowscurrentversionrunservices
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowscurrentversionrunservicesonce
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowscurrentversionPoliciesExplorerRun
HKEY_LOCAL_MACHINESOFTWAREMicrosoftwindowsntcurrentversionWindows
HKEY_LOCAL_MACHINESOFTWAREMicrosoftwindowsntcurrentversionWinlogon
HKEY_LOCAL_MACHINESoftwareMicrosoftwindowsntcurrentversionWindowsappinit_dlls
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowscurrentversionExplorersharedtaskscheduler
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
HKEY_LOCAL_MACHINESoftwareMicrosoftSharedToolsMSConfigstartupfolder
HKEY_LOCAL_MACHINESoftwareMicrosoftSharedToolsMSConfigstartupreg

Check for any suspicious processes running in task manager:

–  Press Ctrl+Shift+Esc to open the Task Manager.
–  Click the Process tab.
–  Click “Image Name” twice to sort the processes.
–  Look through the list for possible threats and take a note of the file name.

Submit suspicious files for analysis:

Any suspicious files identified in the above steps should be submitted to Symantec Security Response for analysis:

–  There are 2 locations to which you can submit malware:

http://www.threatexpert.com/submit.aspx – use this submission page if you would like a quicker response on your submitted malware. It also provides a place to track your past submissions

https://submit.symantec.com/retail – use this submission page if you would like to pass along malware information to Symantec without an immediate follow-up

–  Locate the files identified above and submit for analysis following the instructions provided

–  An email with a tracking number one will sent once the submission has been received.
–  A closing email will be sent once submissions have been processed with the results of the analysis
–  For files which are determined to be malicious, details of the definition versions which provide detection will be included in the email.

New Feature – KUDOS

Hi everyone,
 
There’s a new feature we’ve just implemented for the “Norton Forums BETA” – Kudos!
 
Kudos are a way for you to give approval to content that you think is helpful, well-formed, insightful, or otherwise generally valuable in the community. When you give kudos to a message, you are not only offering a thumbs up for good content, but also a pat on the back to its author. Kudos also allow Moderators and Administrators to identify and organize the content that you are likely to find most relevant.
 
Here’s how you do it: Simply click the “Kudos!” button to give a kudo to the message and its author. The author of a message cannot kudo his/her own messages; Also, you can only kudo a message once.

 

If you have any questions or concerns about this new feature, please let us know on the Forum Feedback Board. Thanks! 

Forums Usage Guidelines

Forums Usage Guidelines

Symantec provides
these Norton Forums as a service to
help customers exchange ideas, tips, information, and techniques
related to
our products. These Forums are here for the enjoyment and benefit on
Symantec customers, and are accessible to all who register and are 13
years of age or older. These guidelines and
rules are presented here so that you know what is expected of you and
what you can expect from other participants when using the Forums. By
participating, you agree to follow these Usage Guidelines.

– Stay on topic –

 

For
everyone’s benefit please stay on topic. These Forums are provided for
the specific purpose of making it possible for Symantec customers to
exchange information and help each other in using Symantec products.
Please refrain from discussing personal matters, abusing
any company or product, or, in general, from posting in a manner
unrelated to the direct resolution of issues expected in the support of
Symantec beta products.

 

 

– Keep it courteous –

Everyone
wants to have a positive experience while on the Forums – please make
sure that you are not detracting from any other participants
experience. In particular, please refrain from posting anything
unlawful, libelous, defamatory, obscene, pornographic, indecent, lewd,
harassing, threatening, harmful, invasive of privacy or publicity
rights, abusive, inflammatory or otherwise objectionable or injurious
to third parties. Your opinions are always welcome, but personal
attacks and harassment ( “flaming” ) in either the Forums or through
private messaging are not acceptable.

– Keep it spam-free –

The
Forums are provided as a benefit to Symantec customers and
are not intended for the promotion of third party services, products,
websites, or organizations. Please refrain from posting content that
would constitute advertising, junk mail, spam, chain letters, or any
other form of unauthorized solicitation.

– Keep it legal –

It
is unacceptable to post any material (i) that would infringe on any
patent, trademark, trade secret, copyright, or other proprietary rights
of any party, (ii) that contains software viruses or any other computer
code or files that are designed to disrupt, damage, or limit the
functioning of any software or hardware, or (iii) that is deemed to be
illegal by any local, state, federal, or international law.

– Be careful –

Most
people are happy to help out on these Forums, but remember that their
advice is theirs only and that you are responsible for deciding whether
or not to follow it. If the advice given by a participant sounds wrong
to you, do not try it. In particular, if any participant asks you for
personal information, such as an account number, address, password or
credit card number, do not provide it.

– Symantec retains the right to remove content and limit users’ access –

Symantec
does not generally edit or monitor content posted by participants to
the Forums. However, Symantec retains the right, at its sole
discretion, to limit participants access to the Forums and to remove
material that, in the sole judgment of Symantec, does not comply with the
present Usage Guidelines, or that is otherwise inappropriate for these
Forums, harmful, objectionable, or inaccurate. Symantec is not
responsible for any failure or delay in removing such material.

Symantec
Forum moderators may take any action they deem necessary in their own
judgment to support the Usage Guidelines. Such actions may include
editing or deleting material and banning individual participants.

– Disclaimer of Warranties and Limitation of Liability –

Members
like you are providing most of the material in the Forums. Such
third-party content is the sole responsibility of the person
originating the material. Symantec does not control and is not
responsible for this third-party material.

Symantec does not
warrant or guarantee the accuracy, reliability, completeness,
usefulness, non-infringement on intellectual property rights, or
quality of any material in the Forums, regardless of who originates
that material. You expressly understand and agree that you bear all
risks associated with using or relying on the material. Symantec will
not be liable or responsible in any way for any content in the Forums,
including, but not limited to, any errors or omissions in the material,
or for any losses or damage of any kind incurred as a result of the use
of or reliance on any material. This disclaimer and limitation on
liability is in addition to the disclaimers and limitations contained
in the Legal Notices posted on Symantecs web site that apply to all use
of Symantecs web site, which can be found at http://www.symantec.com/about/profile/policies/legal.jsp.
In case of discrepancy between this document and Symantec Legal
Notices, or with the Symantec Privacy Policy, the Legal Notices and the
Privacy Policy will prevail.