|
 |
Indy Sabre
Sabre Rider From Indianapolis
join:2003-10-02 | Thanks Amy! | |
|
|
|
 | 
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
 ·RoadRunner Cable
| Re: NAV/ SAV defintions release for 'weekend bug-fixes' said by Owlbet  :Amy, you rock! All updated and not an issue to report.  My goal is to get this info available especially to those who have not yet been affected due to once a week updating and scanning before they have the problem.
Tuesday's certified daily updates will include the remediation and the Live Update weekly won't include them until Wednesday.
So this info and fix could help many many folks.
The info included by all those posters with their different situations and combinations of products really speeded this resoltion along as that was used to locate the common linkings in several setups and products that needed some 'tweaking' on an older release set to make it work with changes in other programs that innocently caused flagging of items that resembled each other in name and action to set off 'alarms'.
Again, please report any issues and lack of problems after your updates to your product so they may all be in one place for follow up by the Symantec writers and engineers.
Thank you all for your input.
-amy-
--
DSLR Phishtracker | |
|
siliconman01
Premium
join:2005-05-08
Saint Albans, WV
| This False Positive is not yet fixed. I ran the rapid response update prior to running the NIS 2008 Quick Scan on my Vista Business system.
Interestingly, it says it deleted 79 entries from the HOSTS file; however, my HostsMan only shows 8 entries were deleted. Using MVPS hosts entries only.
This has been going on since 10-Nov-07. I would hope that the Symantec group gets it resolved soon. | |
|
|
|
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
1 edit | Re: NAV/ SAV defintions release for 'weekend bug-fixes' Let me set the record straight. I am not a Symantec/Norton employee. Just a home user of those products since 1994 who has volunteered numerous hours of research to see that problems get attention when posted topics are asking for sincere help and include details to resolve an issue.
Just blowing off a problem never solved one - they just multiple and remain longer due to the effort to get the facts to aid in resolution to in this case a complicated sense of issues.
In this situation, some tweaking and sharing of issues made for communications between many independents become the basis for good researched work.
Sure there may be more not yet reported.
I am only trying to make the process work in everyone's favor and that includes their contributions to the specific issues and a better understanding of how to resolve and prevent future miscommunication from affecting several entities.
I am not a fan-boy, just a consumer who wishes to see issues discussed and handled in an effective manner for everyone's benefit.
Sincerely,
Amy Sheehan
--
DSLR Phishtracker | |
|
altermatt
Premium
join:2004-01-22
White Plains, NY
 ·Verizon Online DSL
1 edit | said by amysheehan :32 bit products- SAV10 versions: symrapidreleasedefsx86.exe Norton [ all versions except 2008 symrapidreleasedefsi32.exe Thanks, Amy! I'm confused as to the proper version, since on the webpage you link to, it states for BOTH of those files, under relevant software:
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
For those versions, how do we know which to install?
And are these updates not available with a manual "check for updates"?
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick | |
|
| |
| |
altermatt
Premium
join:2004-01-22
White Plains, NY
·Verizon Online DSL
| Re: NAV/ SAV defintions release for 'weekend bug-fixes' said by amysheehan :Look for the update for your Symantec Corp Client Edition for 32 bit systems. That's just it, Amy; as I read the descriptions for TWO of the files, BOTH symrapidreleasedefsx86.exe AND
symrapidreleasedefsi32.exe say they are 32 bit and for versions 9 and 10 of SAV client, among others. Probably a moot point, as I'll just run a manual update late on the 13th, but for the life of me, I can't see where I'm reading that page wrong.
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick | |
|
might join
@btcentralplus.com
 from:
antdude
amysheehan
| Hi guys
(Originally posted here »CCleaner now installs with adware? but copied by request)
I have just found this thread after I experienced the same Adware.SystemProcess problem after a Norton update a couple of hours ago (It is Tues 13th in my time Zone but I guess the fix isn't "out-there" yet, lol).
Anyway FYI...
my CCleaner is 2.0.0.500
my Spyware Blaster had 6 IE threats unprotected (but I don't use IE!)
So I thought I'd do a little experiment... I re-enabled all of SpywareBlaster's protection, updated it, and enabled everything again. I ran a quick Norton scan again, wondering if it would find the same problem a second time.
No, it didn't. But it did disable 6 SBlaster things again (without saying anything!)
AND ...
It "fixed" a security risk "SecurityRisk.URLRedir", this translates to 79 hosts file entries....or it would have done, except that I blocked Norton's change with WinPatrol (free version) I haven't checked all of the supposed bad entries, but the few that I did check were NEVER there!!! - things like Kaspersky, McAffee, F-secure etc.
Now that is two lies. That they were there, AND that they had been fixed.
...and why didn't it find this "problem" when it found the Adware.SystemProcess problem? Nothing had changed in the meantime except the SpywareBlaster update.
My Spybot S&D immunisation, however, hadn't been tampered with at all. | |
|
|
might join
@btcentralplus.com
| Re: NAV/ SAV defintions release for 'weekend bug-fixes' Ooops! I made a mistake about the Adware.SystemProcess prob not showing up a second time. I just checked my NIS history and it DID do the "removing" and the "fix" twice, but like siliconman01 says, I don't think these things were ever there to start with.
I'm using NIS 2007 on XP, BTW.
Surely, it can only be that updating the SpywareBlaster caused the hosts file "error", no?
I'll wait till the 14th before I get my updates from Symantec, then see what happens. | |
|
| | 
planet
join:2001-11-05
Olmsted Falls, OH
·Cox HSI
| Re: NAV/ SAV defintions release for 'weekend bug-fixes' When I saw the cleaning that had been done (on my pc, it was those same 2 files and 97 registry entries) I assumed that Symantec was informing me what could have been infected had I actually been infected by adware.systemprocess.
My hunch is SWB kill bit entries in the registry were the only things actually removed from my computer.
| |
|
|
| siliconman01
Premium
join:2005-05-08
Saint Albans, WV
| Re: NAV/ SAV defintions release for 'weekend bug-fixes' quote:
--------------------------------------------------------------------------------
C:\WINDOWS\system32\p.dat
C:\Documents and Settings\xxxx\Local Settings\Temp\ibho.log
--------------------------------------------------------------------------------
I honestly think that NIS 2008 is false reporting what it says it is doing on this False Positive.
I did a scan of my C drive yesterday just before my daily NIS full scan. P.dat and Ibhog.log were nowhere on the C drive (and yes I have all my files and folders visible).
When NIS reported removing this False Positive, it showed removing the 2 files again...3 days straight.
This same thing is occurring with the 79 entries it says it is removing from the HOSTS file. It falsely removed 8 valid entries from the MVPS. Where the other 71 entries reported came from, I have no idea. | |
|
siliconman01
Premium
join:2005-05-08
Saint Albans, WV | The 13-Nov-07 LiveUpdate still deletes HOSTS file entries as per my post above.  | |
|
JRosenfeld
join:2005-06-06
UK
3 edits | I am also using mvps HOSTS file (latest update). Quick scan with NAV 2008 (today's updates), claimd to have removed 79 items from HOSTS.
In fact it only removed the following:
127.0.0.1 dl.jiangmin.com #[Adware-BDSearch.dr]
127.0.0.1 ads.mcafee.com
127.0.0.1 directads.mcafee.com #[Tenebril.Tracking.Cookie]
127.0.0.1 sdc.ca.com
127.0.0.1 sdc.mcafee.com #[statse.webtrendslive.com]
127.0.0.1 wdcs.trendmicro.com
127.0.0.1 om.symantec.com
127.0.0.1 tc.symantec.com
Clearly it sees the name of some recognised AV supplier and does not check the context in which those names occur (malware is known to add AV app sites to the HOSTS file).
I restored the risk and it put those entries back in. without the comment script (for the ghost ones that it said it had removed, the restore indicated nothing to do).
I Also checked the box to omit in future scans, but it is not clear whether that will just omit those particiular entries or whether it will simply not scan the entirs HOSTS file. If the latter, I can always restore the risk once Symantec have fixed the FP. | |
|
siliconman01
Premium
join:2005-05-08
Saint Albans, WV | This HOSTS false positive issue is still not corrected in the 14-Nov-07 LiveUpdates. | |
|
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| Re: NAV/ SAV defintions release for 'weekend bug-fixes' said by siliconman01 :This HOSTS false positive issue is still not corrected in the 14-Nov-07 LiveUpdates. That info will be passed along
--
DSLR Phishtracker | |
|
| Indy Sabre
Sabre Rider From Indianapolis
join:2003-10-02
| said by siliconman01 :This HOSTS false positive issue is still not corrected in the 14-Nov-07 LiveUpdates.
Same here on SAV 10.1 on XP pro with spywareblaster installed. | |
|
siliconman01
Premium
join:2005-05-08
Saint Albans, WV | quote:
That info will be passed along
Thanks much Amy. You've always provided superior assistance on these Symantec issues. | |
|
| |
| | Longboard
join:2005-04-13
australia
| Re: NAV/ SAV defintions release for 'weekend bug-fixes' Yes Yes we're pleased and grateful that Symantec have fixed their mistake. Real Thanks to Amy for working so hard. Not so thrilled about boo-boo by Symantec and apparent lack of testing or follow-up by them.
Dont really love my own security going on a little private rampage. 
Now: possibly a stupid question: but how to go about restoring those hostfile entries that NAV 2008 removed ?
and: a little advice please: I keep setting NAV/NIS not to auto-update and keep setting the removal options to "manual/notify me" to try and stop just this irritation.
Blow me down if all the settings dont seem to secretly revert to "automatic" = current pickle.
How do I lock the settings?
Thx. | |
|
| | | 
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH
·AT&T Midwest
·AT&T Midwest
| Re: NAV/ SAV defintions release for 'weekend bug-fixes' said by Longboard :Yes Yes we're pleased and grateful that Symantec have fixed their mistake. Real Thanks to Amy for working so hard. Not so thrilled about boo-boo by Symantec and apparent lack of testing or follow-up by them. Dont really love my own security going on a little private rampage. Now: possibly a stupid question: but how to go about restoring those hostfile entries that NAV 2008 removed ? and: a little advice please: I keep setting NAV/NIS not to auto-update and keep setting the removal options to "manual/notify me" to try and stop just this irritation. Blow me down if all the settings dont seem to secretly revert to "automatic" = current pickle. How do I lock the settings? Thx. I have never had that problem I have my settings set that way to,and it always prompts me before it downloads anything or removes things.
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is." | |
|
siliconman01
Premium
join:2005-05-08
Saint Albans, WV | This HOSTS false positive issue appears to be corrected in the 15-Nov-07 LiveUpdates. At least a Quick Scan no longer finds anything wrong in the HOSTS file. | |
|
JRosenfeld
join:2005-06-06
UK
1 edit | I can confirm that with the 15 November updates, the HOSTS entries are no longer flagged. I have reenabled the URLredirect detection that I had temporarily excluded. | |
|
BTWUR
join:2004-04-07
Blue Ridge, VA
| Hello everyone,
Symantec is flagging WeatherPulse as an Trojan.Adclicker. This is a false positive.
Note that Weather Pulse Version 2.05 is effected by this false positive.
If you have WeatherPulse 2.10 Build4 BETA installed it isnot effected.
Downloads for all WeatherPulse Apps can be found here.
I also have posted at Calendar of Updates.
»www.dozleng.com/updates/index.ph···ic=16389 | |
|
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| Re: NAV/ SAV defintions release for 'weekend bug-fixes' said by BTWUR :Hello everyone, Symantec is flagging WeatherPulse as an Trojan.Adclicker. This is a false positive. Note that Weather Pulse Version 2.05 is effected by this false positive. If you have WeatherPulse 2.10 Build4 BETA installed it is not effected. Downloads for all WeatherPulse Apps can be found here. I also have posted at Calendar of Updates. » www.dozleng.com/updates/index.ph···ic=16389 Full topic has been posted here »NIS 2008 - Another False Positive- Weather Pulse V2.05 B36
Symantec is aware of the problem and it should be resolved with today's [Thursday] virus definition updates.
-amy-
| |
|
|
|
|
NAV/ SAV defintions release for 'weekend bug-fixes'
