I have a quite unique problem regarding Norton AV and viruses. I do software security research as a hobby. As such, I routinely harbor various “hacktools”, keylogers, exploit code and viruses on my machine.

My problems began when I installed Norton Systemworks 2006. As usual Norton AV done a full system scan. This time however I forgot to dismount my virus directory and lost several years worth of downloads and research. This did not hurt that bad since I had all the viruses backed up but pissed me off none the less.

What really irritates me to no end though is Norton tries to delete certain “hacktools” from the system without warning. This includes Cain and Able, netcat, and even nmap. I DO NOT WANT THESE DELETED! They are very legitimate tools for my machine and I need them to do my research. Besides I have no idea why nmap or netcat would be considered a hacktool, they both have very valuable non-hacker uses.

Does anyone know how to take care of this annoyance? If not what general system suite would you recommend? I like Norton for the high level of protection and frequent AV definitions. It has gotten me out of sticky situations when surfing into the underbelly of the Internet. I hate to loose it but Symantec is starting to leave me no choice.

Believe it or not, I've had the same problem once. It's quite easy to overcome, you just tell Norton which folders not to scan and also set the virus detection mode to 'Always ask me what to do'.

I'm using Norton 2005 which I've installed with GooglePack, but I think it should work in Norton 2004 and 2003 also.

Click Options in Norton Antivirus and then click on 'Auto-Protect' on the left. The Auto-Protect option will expand. Click on 'Exclusions' below it and then set the folder you want to be excluded on the right. Do the same thing for 'Manual Scan'.

If you're not sure where the hacktool or virus is, you can set Auto-Protect ->'How to respond when a virus is found'->'Deny Access to the infected file' and also set 'Manual Scan'->'How to respond when a virus is found'->'Ask me what to do'

This worked for me. Hope it helps you out.

This post has been edited by abhiram: Jun 2 2006, 01:53 AM

Or here's a great idea! Replace Norton with another virus scan that isn't so finnicky about deleting all non-active viruses. Or use a program like PGP to encrypt those files so norton doesn't recognize them. how about PGP's virtual disk? that would keep them all in one safe place, and it's only a click away to open them all.

well i guess why norton wants to delete nmap and necat is that most of the time they are used to attack systems other than perform research.

though norton is not a problem on my side but i have used it a few years ago and if i can remember you can exclude certain directories from the scan.

I encountered though a problem when nmap is currently running in the machine since norton will popup and wil force you [maybe depends on version of norton] to remove or kill the process.

--

never been my problem now since i switch to *Nix when performing those research task. =)

--
AVG is equally a pain in the ass when it detects a virus either active or passive in your system. even source codes of viruses was filtered out and moved to the virus vault.

--
when performing viral research, i just switch to no AV system [no anti virus] coz i have a spare box of system and I have a cd mirror of winXP. The whole system loads from CD and a spare harddrive is only used as data disk for temp and so on.. only problem though is that I got the CD from an anonymous org member from my club. the second problem is that if you need registry edits.. it is a hell to configure to allow that and mount the registry into the harddrive.

I do perform port mapping alot to test proxies ability.

I have searched to no end to find a place to exclude directories. The big problem is the weekly scan, you know the one that run when you are not there and always forget about. In the weekly scan it just deletes the files without asking you what you want to do.

As for the action you want to take, Norton does not exactly give you very many options. I have the Cain and Able setup file in my downloads folder. Whenever I download a new file, Norton pops up asking me if I want to delete the Cain and Able file. At the bottom there is an action, *Exclude. Like this is an option, there is only one choice. Even with it set to exclude it still happens every time. If I didn’t know better this is almost a software bug. It’s just getting too annoying.

i feel your pain about that, it happens to me also a few months ago but with office scan.. it wants me to kill cain and abel because i was running as a client. though this is hilarious on my side since there is no security exploits in running a client..

i was nagged also to delete cain and abel everytime i download it. the popup is per chunk of download in my dload accelarator.

These are just like what latest medicines do. If you want a strong medicine, that strong medicine will kill off stuff you dont want AND some stuff that you actually need.

So far, i've been using only up to Norton 2002 since i really do not need such a high security computer for what i do (play games). Even so, Norton 2002 gets very annoying when it blocks internet access for almost every program on the computer unless it is Microsoft certified or something. Especially now when I've just got Norton Internet Security 2006 and it has that new "Learning" feature, which to my opinion, is an irritable and annoying aspect of Norton that shouldn't be added there in the first place.

Of course, soon after i learned how to turn it off and now Norton asks me whenever i use a program that uses the internet. But my first week of Norton 2006 was a nightmare, and it was a little buggy too, as sometimes when i open the Norton window, the borders will show up and the "content" will be empty (So you see whatever is in the backround of that window). Surprisingly, it fixed itself, fortunately for me.

Google for AVG free best virusscanner ever

First a question... if you are collecting viruses and don't want to delete them than why did you get an anti-virus program?
Ways to fix this.

-The simplest solution would be to just get rid of Norton, but if you don't want to do that than there are several other things you can do to protect your viruses and spyware.

-You can tell Norton not to do automatic scans or updates

-You can completely disable Norton so that it won't scan anything unless you tell it to

-When Norton detects a virus it should give you the option of whether or not you want to keep that program, along with that it should also give you the option of not considering the program a virus

I hope these help they are the only ways i can think of at the moment to solve the problem.

I have to agree, the learning feature is horrible but I see it as being bad from a different perspective. From what I read, Norton “learns” what wants to access the Internet and then allows it. What keeps Norton for “learning” that a piece of spyware wants to access the Internet and then just allows it. I turned this feature off as soon as I found it. I also turned off automatic program option. This basically lets any program that is on a white list access the Internet without you being prompted. From my experience there are quite a few programs that I don’t want accessing the Net. An example of this is Explorer.exe. Quite frankly I do not want a program with such low level access to my system touching the Net. I also block such things as Windows Media Player (some of those “content protected” files have nasties hiding in them), notepad, and any other application that I feel has absolutely no business accessing the Net. If someone has never run a secure firewall before, they might be surprised what wants to phone home.