How to obtain definitions via FTP download in Security

How to obtain definitions via FTP download in Security http://www.dslreports.com/forum/r19433135 en Thu, 10 Dec 2009 22:51:22 EDT Thu, 10 Dec 2009 22:51:22 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19491030 amysheehan :

said by BTWUR

:

Hello everyone,

Symantec is flagging WeatherPulse as an Trojan.Adclicker. This is a false positive.

Note that Weather Pulse Version 2.05 is effected by this false positive.
If you have WeatherPulse 2.10 Build4 BETA installed it isnot effected.

Downloads for all WeatherPulse Apps can be found here.

I also have posted at Calendar of Updates.
»www.dozleng.com/updates/index.ph···ic=16389

Full topic has been posted here »NIS 2008 - Another False Positive- Weather Pulse V2.05 B36
Symantec is aware of the problem and it should be resolved with today's [Thursday] virus definition updates.

-amy-

:)]]> http://www.dslreports.com/forum/remark,19491030 Thu, 22 Nov 2007 11:16:02 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19490951 BTWUR : Hello everyone,

Symantec is flagging WeatherPulse as an Trojan.Adclicker. This is a false positive.

Note that Weather Pulse Version 2.05 is effected by this false positive.
If you have WeatherPulse 2.10 Build4 BETA installed it isnot effected.

Downloads for all WeatherPulse Apps can be found here.

I also have posted at Calendar of Updates.
»www.dozleng.com/updates/index.ph···ic=16389]]> http://www.dslreports.com/forum/remark,19490951 Thu, 22 Nov 2007 11:03:31 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19460998 MagMan :

said by Longboard

:

Yes Yes we're pleased and grateful that Symantec have fixed their mistake. Real Thanks to Amy for working so hard. Not so thrilled about boo-boo by Symantec and apparent lack of testing or follow-up by them.

Dont really love my own security going on a little private rampage. :p

Now: possibly a stupid question: but how to go about restoring those hostfile entries that NAV 2008 removed ?

and: a little advice please: I keep setting NAV/NIS not to auto-update and keep setting the removal options to "manual/notify me" to try and stop just this irritation.
Blow me down if all the settings dont seem to secretly revert to "automatic" = current pickle.
How do I lock the settings?
Thx.

I have never had that problem I have my settings set that way to,and it always prompts me before it downloads anything or removes things. :)
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is."]]> http://www.dslreports.com/forum/remark,19460998 Sat, 17 Nov 2007 10:29:50 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19460535 Longboard : Yes Yes we're pleased and grateful that Symantec have fixed their mistake. Real Thanks to Amy for working so hard. Not so thrilled about boo-boo by Symantec and apparent lack of testing or follow-up by them.

Dont really love my own security going on a little private rampage. :p

Now: possibly a stupid question: but how to go about restoring those hostfile entries that NAV 2008 removed ?

and: a little advice please: I keep setting NAV/NIS not to auto-update and keep setting the removal options to "manual/notify me" to try and stop just this irritation.
Blow me down if all the settings dont seem to secretly revert to "automatic" = current pickle.
How do I lock the settings?
Thx.]]> http://www.dslreports.com/forum/remark,19460535 Sat, 17 Nov 2007 07:43:31 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19453480 amysheehan :

said by siliconman01

quote:
That info will be passed along

Thanks much Amy. You've always provided superior assistance on these Symantec issues. :)

Thanks to ALL of you who provided detailed info regarding your issues. This makes for related info to be all in one place making the research into and the development of a resolution much more efficient and is much appreciated by those who are responsible for taking the time to see that any issues I've passed along to them are handled by the best.
Once again, I'd like to thank all of those at Symantec who have worked with me and with all of you for their extra care and attention given to the dslr family.

-amy-

:)
--
DSLR Phishtracker]]> http://www.dslreports.com/forum/remark,19453480 Fri, 16 Nov 2007 00:05:17 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19452183 JRosenfeld : I can confirm that with the 15 November updates, the HOSTS entries are no longer flagged. I have reenabled the URLredirect detection that I had temporarily excluded.]]> http://www.dslreports.com/forum/remark,19452183 Thu, 15 Nov 2007 20:41:20 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19449436 siliconman01 : This HOSTS false positive issue appears to be corrected in the 15-Nov-07 LiveUpdates. At least a Quick Scan no longer finds anything wrong in the HOSTS file. :)]]> http://www.dslreports.com/forum/remark,19449436 Thu, 15 Nov 2007 13:28:46 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19447008 siliconman01 :

quote:
That info will be passed along

Thanks much Amy. You've always provided superior assistance on these Symantec issues. :)]]> http://www.dslreports.com/forum/remark,19447008 Thu, 15 Nov 2007 01:18:08 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19445804 Indy Sabre :

said by siliconman01

:

This HOSTS false positive issue is still not corrected in the 14-Nov-07 LiveUpdates.

Same here on SAV 10.1 on XP pro with spywareblaster installed.]]> http://www.dslreports.com/forum/remark,19445804 Wed, 14 Nov 2007 21:36:40 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19443971 amysheehan :

said by siliconman01

:

This HOSTS false positive issue is still not corrected in the 14-Nov-07 LiveUpdates.

That info will be passed along :)
--
DSLR Phishtracker]]> http://www.dslreports.com/forum/remark,19443971 Wed, 14 Nov 2007 16:24:27 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19443885 siliconman01 : This HOSTS false positive issue is still not corrected in the 14-Nov-07 LiveUpdates.]]> http://www.dslreports.com/forum/remark,19443885 Wed, 14 Nov 2007 16:06:30 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19443291 JRosenfeld : I am also using mvps HOSTS file (latest update). Quick scan with NAV 2008 (today's updates), claimd to have removed 79 items from HOSTS.
In fact it only removed the following:

127.0.0.1 dl.jiangmin.com #[Adware-BDSearch.dr]
127.0.0.1 ads.mcafee.com
127.0.0.1 directads.mcafee.com #[Tenebril.Tracking.Cookie]
127.0.0.1 sdc.ca.com
127.0.0.1 sdc.mcafee.com #[statse.webtrendslive.com]
127.0.0.1 wdcs.trendmicro.com
127.0.0.1 om.symantec.com
127.0.0.1 tc.symantec.com

Clearly it sees the name of some recognised AV supplier and does not check the context in which those names occur (malware is known to add AV app sites to the HOSTS file).

I restored the risk and it put those entries back in. without the comment script (for the ghost ones that it said it had removed, the restore indicated nothing to do).

I Also checked the box to omit in future scans, but it is not clear whether that will just omit those particiular entries or whether it will simply not scan the entirs HOSTS file. If the latter, I can always restore the risk once Symantec have fixed the FP.]]> http://www.dslreports.com/forum/remark,19443291 Wed, 14 Nov 2007 14:27:14 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19437960 siliconman01 : The 13-Nov-07 LiveUpdate still deletes HOSTS file entries as per my post above. :mad:]]> http://www.dslreports.com/forum/remark,19437960 Tue, 13 Nov 2007 17:39:20 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19437814 altermatt :

said by amysheehan

:

Look for the update for your Symantec Corp Client Edition for 32 bit systems.

That's just it, Amy; as I read the descriptions for TWO of the files, BOTH symrapidreleasedefsx86.exe AND
symrapidreleasedefsi32.exe say they are 32 bit and for versions 9 and 10 of SAV client, among others. Probably a moot point, as I'll just run a manual update late on the 13th, but for the life of me, I can't see where I'm reading that page wrong.
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick]]> http://www.dslreports.com/forum/remark,19437814 Tue, 13 Nov 2007 17:15:22 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19437591 planet : When I saw the cleaning that had been done (on my pc, it was those same 2 files and 97 registry entries) I assumed that Symantec was informing me what could have been infected had I actually been infected by adware.systemprocess.

My hunch is SWB kill bit entries in the registry were the only things actually removed from my computer.

]]> http://www.dslreports.com/forum/remark,19437591 Tue, 13 Nov 2007 16:34:16 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19436521 anon : Ooops! I made a mistake about the Adware.SystemProcess prob not showing up a second time. I just checked my NIS history and it DID do the "removing" and the "fix" twice, but like siliconman01 says, I don't think these things were ever there to start with.

I'm using NIS 2007 on XP, BTW.

Surely, it can only be that updating the SpywareBlaster caused the hosts file "error", no?

I'll wait till the 14th before I get my updates from Symantec, then see what happens.]]> http://www.dslreports.com/forum/remark,19436521 Tue, 13 Nov 2007 13:46:11 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19436197 siliconman01 :

quote:
--------------------------------------------------------------------------------
C:\WINDOWS\system32\p.dat
C:\Documents and Settings\xxxx\Local Settings\Temp\ibho.log

--------------------------------------------------------------------------------

I honestly think that NIS 2008 is false reporting what it says it is doing on this False Positive.

I did a scan of my C drive yesterday just before my daily NIS full scan. P.dat and Ibhog.log were nowhere on the C drive (and yes I have all my files and folders visible).
When NIS reported removing this False Positive, it showed removing the 2 files again...3 days straight.

This same thing is occurring with the 79 entries it says it is removing from the HOSTS file. It falsely removed 8 valid entries from the MVPS. Where the other 71 entries reported came from, I have no idea. ]]> http://www.dslreports.com/forum/remark,19436197 Tue, 13 Nov 2007 13:03:02 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19434829 Doctor Olds :

said by amysheehan

:

If you are experiences the issues reported in these topics posted over the weekend or were one of those reporting those issues in the following threads -
»CCleaner now installs with adware?
»Norton and SpywareBlaster updates causing FP (likely)
or
»SAV 10 just started flagging hosts entires

Any news on the two files that are getting deleted that do appear to be a part of a true infection (maybe leftovers from a prior cleaning or from the AV stopping the full payload from dropping?)

quote:
C:\WINDOWS\system32\p.dat
C:\Documents and Settings\xxxx\Local Settings\Temp\ibho.log

--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?]]> http://www.dslreports.com/forum/remark,19434829 Tue, 13 Nov 2007 08:50:19 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19434610 anon : Hi guys

(Originally posted here »CCleaner now installs with adware? but copied by request)

I have just found this thread after I experienced the same Adware.SystemProcess problem after a Norton update a couple of hours ago (It is Tues 13th in my time Zone but I guess the fix isn't "out-there" yet, lol).

Anyway FYI...
my CCleaner is 2.0.0.500
my Spyware Blaster had 6 IE threats unprotected (but I don't use IE!)
So I thought I'd do a little experiment... I re-enabled all of SpywareBlaster's protection, updated it, and enabled everything again. I ran a quick Norton scan again, wondering if it would find the same problem a second time.

No, it didn't. But it did disable 6 SBlaster things again (without saying anything!)

AND ...

It "fixed" a security risk "SecurityRisk.URLRedir", this translates to 79 hosts file entries....or it would have done, except that I blocked Norton's change with WinPatrol (free version) I haven't checked all of the supposed bad entries, but the few that I did check were NEVER there!!! - things like Kaspersky, McAffee, F-secure etc.

Now that is two lies. That they were there, AND that they had been fixed.

...and why didn't it find this "problem" when it found the Adware.SystemProcess problem? Nothing had changed in the meantime except the SpywareBlaster update.

My Spybot S&D immunisation, however, hadn't been tampered with at all.]]> http://www.dslreports.com/forum/remark,19434610 Tue, 13 Nov 2007 07:36:26 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19434455 amysheehan : The daily release schedule for Nov 13 th will allow the direct download up the Daily Updates which will include the fixes included in any Rapid Release definitions after revision 20 on Nov 12th.

If you're not affected - just wait for the daily updates released Tuesday the 13th for your product.

-amy-

:)

Look for the update for your Symantec Corp Client Edition for 32 bit systems.

:)

-amy-
--
DSLR Phishtracker]]> http://www.dslreports.com/forum/remark,19434455 Tue, 13 Nov 2007 06:03:01 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19434436 altermatt :

said by amysheehan

:

32 bit products-
SAV10 versions: symrapidreleasedefsx86.exe
Norton [ all versions except 2008 symrapidreleasedefsi32.exe

Thanks, Amy! I'm confused as to the proper version, since on the webpage you link to, it states for BOTH of those files, under relevant software:
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
For those versions, how do we know which to install?

And are these updates not available with a manual "check for updates"?
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick]]> http://www.dslreports.com/forum/remark,19434436 Tue, 13 Nov 2007 05:44:40 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19434370 amysheehan : Let me set the record straight. I am not a Symantec/Norton employee. Just a home user of those products since 1994 who has volunteered numerous hours of research to see that problems get attention when posted topics are asking for sincere help and include details to resolve an issue.

Just blowing off a problem never solved one - they just multiple and remain longer due to the effort to get the facts to aid in resolution to in this case a complicated sense of issues.

In this situation, some tweaking and sharing of issues made for communications between many independents become the basis for good researched work.

Sure there may be more not yet reported.

I am only trying to make the process work in everyone's favor and that includes their contributions to the specific issues and a better understanding of how to resolve and prevent future miscommunication from affecting several entities.

I am not a fan-boy, just a consumer who wishes to see issues discussed and handled in an effective manner for everyone's benefit.

Sincerely,
Amy Sheehan
--
DSLR Phishtracker]]> http://www.dslreports.com/forum/remark,19434370 Tue, 13 Nov 2007 04:23:51 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19434281 siliconman01 : This False Positive is not yet fixed. I ran the rapid response update prior to running the NIS 2008 Quick Scan on my Vista Business system.

Interestingly, it says it deleted 79 entries from the HOSTS file; however, my HostsMan only shows 8 entries were deleted. Using MVPS hosts entries only.

This has been going on since 10-Nov-07. I would hope that the Symantec group gets it resolved soon.

]]> http://www.dslreports.com/forum/remark,19434281 Tue, 13 Nov 2007 03:29:22 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19433364 amysheehan :

said by Owlbet

:

Amy, you rock!

All updated and not an issue to report. :)

My goal is to get this info available especially to those who have not yet been affected due to once a week updating and scanning before they have the problem.
Tuesday's certified daily updates will include the remediation and the Live Update weekly won't include them until Wednesday.
So this info and fix could help many many folks.

The info included by all those posters with their different situations and combinations of products really speeded this resoltion along as that was used to locate the common linkings in several setups and products that needed some 'tweaking' on an older release set to make it work with changes in other programs that innocently caused flagging of items that resembled each other in name and action to set off 'alarms'.

Again, please report any issues and lack of problems after your updates to your product so they may all be in one place for follow up by the Symantec writers and engineers.

Thank you all for your input.

-amy-
--
DSLR Phishtracker]]> http://www.dslreports.com/forum/remark,19433364 Mon, 12 Nov 2007 23:26:53 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19433317 Owlbet : Amy, you rock!

All updated and not an issue to report. :)]]> http://www.dslreports.com/forum/remark,19433317 Mon, 12 Nov 2007 23:17:18 EDT How to obtain definitions via FTP download http://www.dslreports.com/forum/remark,19433135 amysheehan : What's new info via FTP for all definitions and releases by dates includes name changes and modifications are available here:
»ftp://ftp.symantec.com/public/english_···snew.txt

BY FTP The most recent defintions are available here:
»ftp://ftp.symantec.com/public/english_···release/
Note Current release RR's are 38, 39, and 40. Any RR set above Rev 20 include this fix as well.

Full certified included and modifications made info is also available here: »www.symantec.com/avcenter/whats_new_RR/

Protection modification info will be updated soon for Adware.SystemProcess at the bottom of his page.
»www.symantec.com/security_respon···&tabid=1

-amy-

:)
--
DSLR Phishtracker]]> http://www.dslreports.com/forum/remark,19433135 Mon, 12 Nov 2007 22:51:20 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19432883 Indy Sabre : Thanks Amy!]]> http://www.dslreports.com/forum/remark,19432883 Mon, 12 Nov 2007 22:15:05 EDT Re: NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19432757 MagMan : Thanks to you Amy and the people at Symantec that corrected this today.

Everything is back to normal on my system again,Spybot settings are now fine along with the items that where unchecked in SWB.

And no flags of any sort with NIS 2007. :)

Thanks again for your help!!!
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is."]]> http://www.dslreports.com/forum/remark,19432757 Mon, 12 Nov 2007 21:59:54 EDT NAV/ SAV defintions release for 'weekend bug-fixes' http://www.dslreports.com/forum/remark,19432720 amysheehan : If you are experiences the issues reported in these topics posted over the weekend or were one of those reporting those issues in the following threads -
»CCleaner now installs with adware?
»Norton and SpywareBlaster updates causing FP (likely)
or
»SAV 10 just started flagging hosts entires

Rapid release definitions released today are available.
How to fix today:

Full info:

The first set of definitions containing the fixed script is –
Rapid Release Sequence – 75350
Version – 12th November 2007 (rev. 020)
NOTE: Please make sure to select the appropriate release for your version and Operating System.

These updates will be available using the certified definitions from the 13th onwards.

Many thanks to my friends at Symantec who worked this issue today [ a holiday ] and got back to me with the official word before 5PM Pacific !!!!

Link to rapid release definitions:
»www.symantec.com/avcenter/rapidr···oad.html
NOTE: Please choose the download for your OS and product.
32 bit products-
SAV10 versions: symrapidreleasedefsx86.exe
Norton [ all versions except 2008 symrapidreleasedefsi32.exe
Norton 2008 symrapidreleasedefsv5i32.exe

64bit
2008 ONLY: [Norton] symrapidreleasedefsv5i64.exe
Prior versions: [Symantec10 & 2007 and earlier] symrapidreleasedefsi64.exe

Please feel free to post any dowload or other issues related to the download and installation problems if encountered in this topic for further follow up.

Thanks all !!!

-amy-
:)]]> http://www.dslreports.com/forum/remark,19432720 Mon, 12 Nov 2007 21:54:21 EDT