• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Where is the Exclusion list?

Hi,

Norton Security with Backup (NSBU) 22.5.4.24 on Windows 7 Pro 32 bit

Question:

You download and run a program, and NSBU detects that it's a virus based only on heuristics, not that it's actually a virus (it's actually DVR viewing software), and NSBU deletes the program.

You make an exception or exclusion (I'm sorry, I didn't write down the exact wording) in order to download and run the program again.

Where is the exception or exclusion list stored in NSBU so it can be viewed and/or undone later? I've looked and I can't find it anywhere.

Thanks.

Replies

Kudos1 Stats

Re: Where is the Exclusion list?

Settings > Antivirus > Scans and Risks > Exclusions / Low Risks.

Win10 x64; Proud graduate of GeeksToGo
Kudos0

Re: Where is the Exclusion list?

Thanks. That's what I thought.

There's nothing there. No exclusions listed. Not in Items to exclude from scans, Items to exclude from Auto protect, or Signatures to exclude.

And yet, when I reset Internet Explorer to default settings (it's an ActiveX plugin that it's complaining about), which deletes cache and cookies, wipe the downloads folder and download the installation program again, Norton doesn't complain now. It's as if it knows that there's an exclusion for it. It complained once, I made an exclusion, and now it doesn't complain anymore.

But where's the exclusion stored???? I can't find it anywhere.

One other related problem:

When I run Norton from a non-Admin account, even if I right click and Run as Administrator, it does not give me the option to modify or even look at these settings. They're greyed out. I have to be actually logged in to an Administrator account to view these settings.

Is this a bug or a feature, not to be able to look at or change certain settings, even when I Run as Administrator?

Kudos0

Re: Where is the Exclusion list?

Hello

You have to be logged into the Administrator account in order to access the changing of settings. This is not a bug. The idea behind this feature I believe is that it makes the product more secure so that every one can't change the settings.

Have you clicked on the ? at the end of those exclusion features to see what it says? You can probably find the answer to that question in the product manual which comes with the product and can be found in Help on the main page of the program.

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Where is the Exclusion list?

Hi dbdan22,

Go to Settings > Antivirus > Scans and Risks > Exclusions / Low Risks as dbrisendine   suggested.  Then click on the configure[+]  for Items to Exclude from Scans, Items to Exclude from Auto-Protect, SONAR, and Download Intelligence Detection and also Signatures to Exclude from All Detections and see if the item you are looking for is listed.  Once you find it, left click it to highlight it, and select Remove and OK out.

Kudos0

Re: Where is the Exclusion list?

I did all that.

There's nothing there.

Kudos0

Re: Where is the Exclusion list?

Is it possible the "threat" was removed as a result of a Reputation Revocation Update?  You download it, Norton detects it as a "threat", you exclude it and go on your way.  Norton changes the "threat" to a "non-threat" (safe item), release it as "good" on the revocation list and as a result the exclusion is removed? 

I am not sure if that is how the revocation list works, nor if it is possible - but perhaps a reasonable answer??

Kudos0

Re: Where is the Exclusion list?

As an add-on to my previous post - in regards to the Reputation Revocation Update, Quarantine and it's rescan:

A bit more research into this area leads to the question if the detection was in fact quarantined?


There is a Quarantine rescan that runs every day at idle time.  One part of the rescan is used for False Positive Mitigation - in other words, has the quarantined item been white listed (added as having a good reputation).  Another part of the rescan checks to find out if the quarantined detection has since had a virus definition written to detect it. If so, it  converts the quarantined item from a  heuristics detection to a standard threat detection.


During the Quarantine Rescan, the reputation database is used for false positive mitigation. The Norton security product runs a virus scan, and a BASH(Behavior Analysis and System Heuristics) recheck on a removed heuristic detection. The convicted file then gets an exoneration check with the help of the White list  database.

Kudos0

Re: Where is the Exclusion list?

Thank you for your reply.

Is there any way for me to tell what actually happened after the fact?

I have an issue with a security system vendor: every piece of software that is recommended to be able to view the DVR feed over an IP network is being flagged as a virus. So naturally I am a little concerned.

Is there a place for me to submit the files for an analysis?

Thanks.

Kudos0

Re: Where is the Exclusion list?

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Where is the Exclusion list?

Thanks.

This thread is closed from further comment. Please visit the forum to start a new thread.