Norton Internet Security 2010

[Farleyjim]

I have recently downloade P2E version 6 having been delighted with the software so far and have made many slide shows. I have also just renewed my Norton Internet Security to 2010. Imagine my dismay when I just tried to open my lataset slide show using P2E 6 to find that Norton Sonar Protection not only blocked it but could not quarantine it because it was too large and I therefore lost a slide show which had taken me hours to compose. I tird to show another of my shows and the same thing happened. The only way I am able to present my slide shows is to turn off the Sonar protection which means I have to disconnect from the internet. I have uninstalled P2E but I now have the same problem using version 5. If I've imported something nasty when I downloaded version 6 I am surprised because I have never been on line without Norton Protectio. Does any body have any suggestions, please?

[Ken Cox]

DISABLE NORTON

IT IS CAUSING A FALSE POSITIVE - THIS IS AN ONGOING NORTON PROBLEM

http://www.picturest...t=0entry71421

I have writtem Igor

ken

[nobeefstu]

Farleyjim,

The issue is Norton and especially it sonar scan detection. Other virus protection programs also exhibit the same behaviour on one occasion or another.

The business of protection is venturing over the line of possibility ... they need to start thinking along the lines of whats most a probability.

I still use Norton on my main C Drive .... but most other drives I have excluded it use. Its has in the past tried to take out some of my compiling/programing tools because of its possibilities.

Your best bet is to relax and reserve some folders or drive(s)space so as to be excluded. Users still need to use some common sense in their selection of settings.

[Don]

Hi Farleyjim,

I, too, am fairly new to PTE. It is terrific! Check into the forums regularly and you'll learn a lot. I use McAfee and do not have the problem that you referenced. I have scanned many files here with McAfee prior to opening, including the PTE program, and have never found anything to be worried about.

Don

[Farleyjim]

Thank you All for the replies. I'm glad it's not just me. I had in fact scanned all the relevant files and folders and was told that everything was safe! C'est la vie.

[Ed Overstreet]

I haven't (yet) had Norton clobber one of my EXE shows, but both NIS 2005 (my system) and NIS 2010 (my wife's sytem) have clobbered some of my PTE-created screen savers, intermittently. As suggested above, I've learned to back up all my PTE projects (including screen savers) to an external hard drive, and to limit NIS's scanning solely to my C drive. I've repeatedly found that if a screen saver is deleted by Norton, if I wait about a week and then re-install the screen saver from my external drive, Norton leaves it alone. The problem clearly has something to do with Norton; some of these screen savers were created several years ago and survived multiple virus scans before raising a false-positive red flag. They've never been opened or revised since being created, so it's impossible that they were somehow infected by a virus after being created. Especially since Norton has always been active on both computer systems and wouldn't have let a virus through anyway ... or so one would hope.

[Ed Overstreet]

Maybe one of the moderators can move this post, perhaps to an FAQ since so many of us recently have found various anti-virus programs running afoul of our PTE EXE and SCR files. What I'm about to say applies to Norton Anti-virus, also applies to AVG

(see http://www.picturestoexe.com/forums/index.php?showtopic=8165&pid=51457&st=0entry51457)

and probably applies to other anti-virus software.

NAV 2005 (on my system) has periodically attacked and removed screensavers and some EXE shows that I created in PTE. My wife's NAV 2010 is very aggressive in going after both SCRs and EXE files. Today I did a little exploring in both versions of NAV, triggered by a related question from Peter Appleton to me in a private email regarding my experience with NAV 2010. I discovered that, if you're lucky and were sensible in the way you configured your NAV options, your precious SCR and EXE files are NOT dead and gone -- they're backed up in Norton's Quarantine folder somewhere. The question is, how to get at them and restore them. It's possible in both 2005 and 2010 (and probably other versions), though it's by no means obvious at first, and of course it's different in 2005 and 2010. I'll tell you how to do it in 2005, which I know a lot better than 2010, but I'm sure with some exploration you can find a way in 2010 to work around the problem.

The key to prevent the problem (one hopes, but one is never 100% certain with these things ) is to find where your current version of Norton lets you set "exclusions" from scans. In Norton Systemworks 2005 (which is where I have NAV 2005) do the following: go to Options>Norton Antivirus Options, then drill down to Other>Threat Categories>Exclusions. There you will find a browser icon where you can select individual files (maybe even a folder, I haven't tried that yet) to be excluded from virus scans. Use this to identify all those AV shows you want to protect from the paranoid fantasies of Norton when it scans.

Then, to be extra safe, go to Options>Norton Antivirus Options>Other>Threat Categories>Advanced there is a tick box labelled "what to do when deleting threats>create backup file in Quarantine." If that isn't ticked on by default during installation, it's a really good idea to tick it on, IMO. NOW. If you did that, or (I hope) if Norton does that by default, then whenever NAV attacks one of your EXE shows or SCR screensavers, you should be able to open the Norton interface, find the Quarantine, look at History to see what was a "risk" and was removed, and you should on that page find a link that will let you restore the file to your system (after telling Norton "yes I bloody-well DO want it restored, now go away please"). NAV 2010 cleverly hides this option under a tiny, innocuous little blue link labelled "Options" on the quarantine history page; when you ask to restore the quarantined backup file, it gives you an option (use it!) to tick on a box saying "exclude this file from virus scans."

The key to getting your files back, if you didn't already have them backed up off-line on a CD, DVD, or external hard drive (and if you didn't, why didn't you ) is to make very sure that neither you, nor Norton automatically, ever clean out the Quarantine holding-area until you're certain what's there isn't something you want to keep.

Another work-around I've adopted is that all my EXE AV-show files are now stored on a USB external hard drive. In fact, I create all my AV shows and screensavers on that external hard drive, not on my C drive, just to be safe. I NEVER let Norton scan that drive, just my C drive. No one except me can access that external drive, and with NAV resident in memory all the time, plus an active firewall, I seriously doubt any nasties are going to get into that drive, so why bother scanning it? I also keep backups of my screensavers on that drive, in case Norton some fine day takes it into its head to go hunting screensavers for fun.

The best solution would be for Norton to stop being so hyper-aggressive with our Wnsoft-created files, but I'm not holding my breath for that to happen.

I know some people who visit this forum don't know the above stuff; for the others, please indulge me for pointing out what might be obvious to you but wasn't to me until I figured it out earlier today ...

[fh1805]

Following on from Ed's post about the steps to take in Norton 2005, here are the steps to take in Norton Internet Security 2009:

Launch Norton Protection Center

Switch to the Norton Internet Security tab

Click on "Manage Quarantined Items"

Click on "Go to Quarantine" button

Under "Other Actions" click on the "More Details" button

Under "Actions" is the button to "Restore Risk"

N.B. This will move the selected quarantine item back to where it came from. DO THIS ONLY IF YOU ARE 100% CERTAIN THAT THE VIRUS ALERT IS A FALSE ALARM

regards,

Peter

[Ed Overstreet]

Further to my earlier post, I have verified that Norton Antivirus 2005 does allow one to Exclude from virus scanning an entire folder and its subfolders. Presumably later versions of NAV will also allow this. I have accordingly instructed NAV to exclude the folder structures which contain my AV shows and screen-saver backups (these folders are all on external hard drives).

I am a bit reluctant to exclude the screen savers my system is using, because they are all stored in c:/Windows/System32 root, which also contains a lot of other OS files that likely get targetted by viruses. It's probably safest not to exclude anything in that folder, but to keep backups of your PTE-created SCR files in a separate folder, maybe even (as I do) on a drive other than C. Since most of us probably use unique folder names for our AV collection, and since there are so many folders and files on most of our computers, I think it's probably safe to exclude the entire contents of an AV folder structure from virus scanning. I suspect that most viruses are going to be trolling through c:/Windows and assorted subfolders, and not roaming around the entire computer and its peripherals. (Maybe I'm wrong, but it seems to me that if I were a virus programmer I'd concentrate my energies on clobbering the operating system, which is going to do the most damage ...)

The other choice of course is not to exclude anything, wait until you notice your slide shows and screen savers disappearing, and then go to the NAV Quarantine, hope they are still in Quarantine, and restore them.

And as Peter rightly points out, be certain your files weren't in fact infected before restoring them. I wouldn't restore an EXE file that came to me from another user, for example. But anything I've created on my system should be safe from infection, given I never take down my firewall or disable NAV temporarily without first physically disconnecting my computer entirely from the internet. Every software I've installed on my system has first been scanned by NAV before I install it, everything I download is downloaded while NAV is active in memory, and I leave NAV active whenever I'm working in PTE or any other software, so it's highly unlikely that an EXE or an SCR that I created on my own computer is going to be infected. Especially, as was the case with all the files that NAV 2005 killed on my computer, when those files had previously survived several years of monthly system-wide virus scans and never were modified after they were created

[Farleyjim]

Very interesting replies to my post, thank you. Where I was caught out was that this was the first time I had ever encountered this problem and what exacerbated the situation was that once Norton had told me that my new exe file was "suspicious", it also told me that the file was too large to quarantine and it promptly deleted it before I had chance to gather my wits. Fortunately all my previous shows were backed up on an external disk, but my latest, (which was a memorable trip to South Africa!) had been destroyed. This meant starting all over and making a new show. We sometimes learn the hard way!!! I had previously used earlier versions of P2E without any trouble, but my problem arose when, coincidentally, I installed Norton 2010 and P2E 6 within a day of each other. Hence I wasn't sure which was the culprit! I have since run my slide shows successfully making sure that I was off line. I have yet to try excluding my P2E folder from being scanned.

It would be interesting to hear from Norton but I won't hold my breath!

[Conflow]

Farleyjim,

Jim I sympathise with your problem but you are not unique to this recent spate of 'Anti-Virus' problems.

This has absolutely nothing to do with the WnSoft PTE-Program but one heck of a lot to do with the

Anti-Virus Vendors.

A new wave of Anti-V Programs are being introduced by many vendors such as Kaspersky, Norton, Avast,

and Bit-Defender etc,etc. These new programs have introduced a new utility called 'Internet-Protection'

which is coupled within a suite with their normal Anti-Virus Program.

So in effect you have 2-Programs with a single container (confusing enough) without the added problem of

the highly invasive nature of their 'Internet Protection' utility.

Do the following:-

1)

Make absolutely sure that your XP, Vista, Win7 Firewall is TURNED-ON open your Control Panel and

check this.

2)

Now open up your 'Norton 2010 Internet Protection' and find the 'Net-Protection' part of the Program and

TURN-IT-OFF now Restart the PC and revert to your previous method of operations. You will find that

your problem has vanished.

3)

This will not effect your protection as the Anti-Virus part of the program is still active for EMails and for

your Web Utilities and further protected by your PC-Firewall.

*Note

The same procedure applies to'Kaspersky 2010 Internet Suite' and all others selling "so-called" combination

Internet-Security Suites. The problem with these (new) programs is that they 'Flag' anything with an EXE or

Script content which have not been pre-authorised with a Microsoft-Certificate. A list of these Vendors is

shown below.

Hope this helps...

Brian (Conflow).

[Igor]

We've sent a request to Symantic regarding this false positive with PicturesToExe Deluxe 6.0 slideshows.

[Ed Overstreet]

We've sent a request to Symantic regarding this false positive with PicturesToExe Deluxe 6.0 slideshows.

Thanks very much for taking action on this, Igor. I hope they respond promptly and appropriately

[Pat Ball]

Jim, I've just encountered the same problem using AVG. AVG has wiped out a lot of my PtoE executable files so perhaps Igor can contact AVG as well!! Luckily I've CD or DVD backups so I'm sure if I disable AVG first I should be able to restore them.

Best wishe, Pat.

[Ken Cox]

Pat

we need to know what version and dat files of avg

see thread

http://www.picturest...showtopic=11558

that was started

Posted 07 March 2010 - 06:23 AM

version

Grisoft AVG Ver.9.0 bld. 791/Virus Database: 271.1.1/2750 UPDATED March 16, 2010

Grisoft AVG Ver.9.0 bld. 791/Virus Database: 271.1.1/2756 UPDATED March 19, 2010

tested a 4.48 file ok

ken

[Pat Ball]

Ken,

I've looked at the thread and AVG on my PC is reporting the same virus as Marian has problems with. I'm using AVG version 9.0.791, database version 271.1.1/2756 (19th March 2010).

What is a 4.48 file? Is this the version of PtoE that created the file that you used for testing?

The files that are giving me problems are from several versions of PtoE - some going back 3 or 4 years - including version 6 which is the only one I now have on my PC.

Pat.

[Ken Cox]

Pat

the problem that Marian had was with a show made with pte ver 4.48 and i verified that my 4.48 show was also being detected

as described in the AVG thread

http://www.picturest...showtopic=11558

without knowing what version your shows that were lost were made from we are at a loss

ken

[Ken Cox]

I just made an 60 mb exe with pte ver 6

and tested it with the avg version that i previously mentioned this morning and it tested ok

Now this thread was started re a problem re Norton -- your problem is with AVG and should have been entered as an AVG problem so that we can keep track of these problems, so i will not be adding any more to this thread

ken

[cjdnzl]

Well, I might be a maverick here, but I do not run any antivirus software like Norton or McAfeee, or AVG. Overall, they are getting just too clever with fancy programming to be reliable. If they are so wrong as to take out perfectly legit files, what chance is there that they miss baddies? Nobody seems to answer that question, except laboratory tests with viruses that reveal there is no one antivirus tool that is 100% effective - and a lot of them are worryingly poor, only about 60% - 90% effective.

I do run Zonealarm Extreme Security, also do regular scans with Advanced System Care and SpyBot S&D,and my computer is behind a WPA2-protected modem-router sporting a hardware firewall. In 25 years of programming and using computers I have not had a serious infection from any malware.

Anti-malware software is advertised by the makers in lurid terms of what might happen to your computer and your data thereon, reminiscent of Chicken Little who ran around crying that the sky is falling. This is the ragged edge of sales advertising, scaring people into believing unrealistic scenarios of disaster and mayhem if you do not run their program.

ZoneAlarm has two major advantages. One, it will not allow any program that has not had permission from the computer operator to access the internet, so even if you do get hit by a phone-home trojan, it is caught before it can transmit anything, and ZA tells you the name of the program trying it on. Two, it 'stealths' your computer so any fishing attempts, or probes, will not be answered by your computer, keeping your presence on the net secret. In conjunction with a properly set up modem/router with a hardware firewall, about the only way you can catch a virus is if it is piggy-backed in on a legitimate download, and if you are careful what you do download, the chances of that are very small.

Just another point of view.

[Pat Ball]

Thanks for your replies Ken - much appreciated. Thanks also to cjdnzl whose comments are noted with great interest. I'm not sure what to do from here on - perhaps disable AVG?!

Pat.

[Slugman]

Thanks for flogging this in the forums folks, just upgraded to NAV 360 v4 and it did exactly as you described above resulting in much wringing of hands and gnashing of teeth in my office for a bit.

[fh1805]

This post documents my very recent experience (today) with Norton 2010’s SONAR feature.

I use two Windows Vista-based PC systems on a regular basis: my desktop system on which I do all my work and a laptop system which I use only in conjunction with my digital projector when I take slideshows “on the road” to audiences. When at home, both systems have internet access via a wi-fi router. From that they then connect through the broadband modem into my cable service provider (Virgin Media). The laptop can also connect to the internet when away from home via a mobile broadband USB modem using Virgin Mobile service. Both systems were, until this morning, protected by Norton Internet Security 2009 with which I have been very happy. (Note that the Windows Firewall is disabled on both systems in favour of the Norton firewall program).

For several weeks now my Norton software, on both systems, has been nagging me to upgrade to Norton 2010: and because of the problems that had been reported here on the forum I had been telling it “No!” Having given the matter a lot of thought I decided that I had little to lose by allowing the laptop to update to Norton 2010. After all, the data on it is all copied over from the desktop system. Whatever might happen I wasn’t going to lose anything vital. So this morning when the laptop nagged I said “OK, go ahead”.

The Norton install wizard duly removed Norton 2009, rebooted the PC and installed Norton 2010. I then waited until it had done a LiveUpdate run so that it had a chance to download and install all the latest definition files and then asked it to do a full scan of both the C: and D: drives on the laptop.

The scan ran to completion and found no security risks so I then launched a PTE sequence that had been created with PTE v5. Norton SONAR refused to let it launch, claiming that it was behaving suspiciously. The “suspicious” activity was that there were “Very Few Users” and it was “Very New”. I was given two options: Remove the file (Recommended) or Allow the program to continue. I chose the latter!

The sequence then ran normally. I tried a sequence that had been created using PTE v4.42 and this ran OK with no intervention by SONAR. I chose another sequence, this time created using PTE v6. SONAR stepped in again and blocked the attempt to run it. I again said “Allow”.

I then re-launched the sequence that had been the first one blocked – and it ran without any further SONAR intervention. Does this mean that SONAR is operating in a heuristic manner, I wonder. I have tried a sample of my sequences and have found that those created with PTE v4.4x seem to run free of any intervention by SONAR whilst those created with PTE v5.0 or later all get SONAR intervention.

What I needed to do next was find out whether the SONAR status was remembered across a power-off/power-on and also whether it got cleared down or retained across a “clean up” sweep by Advanced System Care. After doing the power-off/power on I found that the sequences that had been SONAR blocked and cleared all ran without SONAr intervention. So it does appear to be a heuristic system. Also, running Advanced System Care v3.60 (Free version) had no effect on the SONAR status of those sequences.

When I tried to execute a v6.5 beta sequence off the Windows desktop, SONAR refused to let it run and quarantined it (19.7MB). I was able to recover this file from the quaratine and tell Norton to ignore it in all future scans.

So the bottom line appears to be that Norton SONAR really is a pain in the **** because it steps in on every first launch of a PTE v5 or v6 sequence; but it is willing to listen to and learn from my voice of experience when I tell it that things are actually OK.

If anything else crawls out of this particular woodwork I'll be back with more news.

regards,

Peter