• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Norton Security Suite tried downloading rootkit during live update

I have multiple PC's in my house and they WERE all running Norton Security Suite when my firewall appliance on my home network blocked 5 viruses from being downloaded via Norton's Live Update servers. While Norton Antivirus was trying to update itself on three of my computers that were turned on and in use throughout the day, Norton tried pushing rootkits onto these three, but it was caught by my Untangle firewall antivirus app before it made it to the network.

I'll attach a screen shot of me logged into the web utility for Untangle. I'm very concerned about this. It appears that, like I said, a rootkit was being downloaded over their update servers. Someone explain this. I've already stopped using the product, but would like to know. Pay attention to the inside of the red box.

The virus blocked was as follows: Gen:Rootkit.Heur.cu4@bi9U02g

File Attachment: 

Replies

Kudos0

Re: Norton Security Suite tried downloading rootkit during live update

I'd suggest this is a false positive.  You often see this when people run two AVs on a machine thinking they are twice as safe.

Can you submit it to the Untangle developers for analysis?

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Norton Security Suite tried downloading rootkit during live update

But that's the thing. There are not two AVs on one machine. Untangle is a standalone physcial appliance, it's also the router and handles dhcp addressing. Untangle sits independently on the network from all my clients. It's handles load balancing, web filtering, av, ad block, intrusion prevention, ect. . It does all of this long before passing the packets on to their intended destination.

I posted this same issue on their forum, too. Just waiting for a reply. But I've never had this issue before, so why now?

Kudos1 Stats

Re: Norton Security Suite tried downloading rootkit during live update

I understand that.  It may of detected Norton's SDS Definitions, which may contain part of a malware to help Norton detect the real deal.  That is why I suggested submitting it to Untangle.

In any case, Norton is not in the business of infecting machines.  It does its best to protect from infections.

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Norton Security Suite tried downloading rootkit during live update

AV products do frequently misidentify each other's files as malicious.  Security suites by their nature use some rootkit-type methods to monitor what is happening on a system, so it is not unheard of that a generic heuristic detection might be triggered in error.  Even though your other AV is not on the computer, it is nevertheless examining the Norton files in the download and heuristically seeing something that resembles rootkit behavior.  That does not mean it is seeing an actual malicious rootkit.

Kudos0

Re: Norton Security Suite tried downloading rootkit during live update

Hello

If Norton Security Suite was downloading rootkits to everyone who uses NSS, we would be hearing from users complaining about getting malware also. This product you are using even if not directly on the computers is still doing a lot of the same operations as NSS.

I haven't been able to find anything about Untangle being used together with other security programs. Most of the places that I saw in Google using this Untangle were schools, libraries, organizations, but I didn't see any mention of any other security programs in use with it. It has a large Forum, but I didn't go through the Forum.

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Norton Security Suite tried downloading rootkit during live update

I am also running into this problem as of 2/6/2017.  I have always ran Fix-It Utilities virus protection along with Norton and never experienced this issue. I have tried to resolve this issue with the available Norton tools: Running Antivirus Definitions Repair, Symantec Intelligent Update, Norton Power Eraser; including an uninstall & re-install of Norton Internet Security; no success.

Please see file attachment(.pdf; 2 pages) for details. Thanks.

Note: VCOM Technical Support has also been notified about this issue.

File Attachment: 
Kudos0

Re: Norton Security Suite tried downloading rootkit during live update

Hello

What is this Antivirus Definition Repair? If you are running 2 Antivirus programs, you are bound to get these kinds of issues. That other program is also a Registry Cleaner which is another NO NO unless you are an expert and know all about the registry. Norton even removed their Registry Cleaner because they are dangerous and also too many different types of equipment and programs today. There will be too many internal issues.

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Norton Security Suite tried downloading rootkit during live update

Thanks for the feedback...I have been utilizing Fix-It Utilities & Norton Internet Security for several years now without any issues on my PC.  In regard to the Antivirus Definitions Repair utility; this is part of Norton Autofix.  Upon further trouble-shooting today with Norton Internet Security, I had success with Norton Live Update. Please see attached screen shots via .pdf file.

Thanks again for all your help; including the members of the Norton Community and the Symantec Team.

File Attachment: 
Kudos0

Re: Norton Security Suite tried downloading rootkit during live update

I am glad you got your LU completed and all is green. 

I am not familiar with Fix-It Utilities, but I was wondering if perhaps the rootkit detection was a false positive and Fix-It caused LU to stop and thus LU failed, I may be mistaken but I see nothing that Norton showed as LU possessed a rootkit.  As floplot stated, this would be typical with 2 antivirus's butting heads for control of your system.  Once the LU could completely download and start to process, the Auto fix would kick in to continue the processing and everything would work fine. 

You said NIS and Fix-it played nicely together in the past, but any change (update) in either one could cause a conflict.

Kudos1 Stats

Re: Norton Security Suite tried downloading rootkit during live update

Thanks again to the Norton Community for sharing their expertise. I now have a better understanding that multiple Anti-virus software running on the same PC could cause conflict. VCOM has also been notified of the Threat Name: Gen:Rootkit.Heur.cu4@bi9U02g  during NIS live update. Awaiting for additional feedback from their developers.

The fight against Cyber War is not an easy task; keep up the great work!

********************************************

From: VCOM <support3@vcom.com>
Sent: Wednesday, February 8, 2017 10:06 AM
To: [Removed]
Subject: Re: [Case#120166] Norton Security Suite tried downloading rootkit during live update.

 Hello [Removed]

Thank you for contacting VCOM Technical Support.

Thank you for the screen capture I have sent it to the developers so they are aware.

If you have any further questions, please write back to us.

Thank you,

VCOM Technical Support

Office hours are:
8:00AM to 5:00PM Pacific Time, Monday-Friday
Closed, Saturday and Sunday
We are closed on all major holidays.

[Admin Edit: Removed personal email address and name]

This thread is closed from further comment. Please visit the forum to start a new thread.