Lawrence "The Dreamer" Chen's Blog

Well, before I posted on this subject a few days ago, I had submitted a support request using Norton Antivirus 2009. Shortly after the the blog posting, I got an Email for Symantec's PR company....sent to my work address. Not via the blog (or the associated email address).

Of course, that doesn't matter, my employer banned Symantec and Norton Antivirus on PCs a couple years ago. In fact, they would actively scan computers connected to its network to detect, and block access to, computers that continued to use the software. We have a site license for Trend Micro, and policy that requires it to be installed on all PCs connected to our network (including personally owned ones). The site license extends to allow (current) students and employees to use the software on their home computers, even if they are connecting via a 3rd party ISP.

Of course, TrendMicro doesn't support Mac or Linux users, but the use of Antivirus software is still required. A bulk license for software for the Mac exists, with a periodic review of how many are being used...and ClamAV is the recommended solution for Linux users, and I thought Bradford checked for it (along with being current on patches) in the dorms.

Anyhoo....I eventually got a response for Symantec Technical support. It was try to disable a feature of Norton Antivirus and see if the problem continues. If it does, then it isn't their fault.

Lucky for them, it is their fault. I disabled Auto-Protects Advanced Protection feature...to resolve the issue.

Then things continued to be less than helpful. Vague response on how they want me to be protected so make sure I keep running LiveUpdate....though are they saying they'll turn it back on when remotely when they think it'll be resolved or will LiveUpdate tell me that it has finally resolved this issue.

It did a provide a link suggesting that I submit information about the false positive to. But, it was for false positive phishing urls. And, submitting the false positives from "Advanced Protection" yielded the response that the submission does not appear to be URLs so, therefore, "We have concluded our research
of your submission and will take no further action.". Even though I included reference to the support incident ticket that led me to the form.

I emailed back, and was provided with yet another form. With the note that "Incomplete submissions and requests that are not deemed to be genuine will not be processed.". The form instructions say that it must be submitted by the software vendor of the false positive.

In other words, they don't care about its users.

Category: Resolved Security Risks
10/19/2008 16:51  High  prepare_dpf4_9.51_windows_intelx86.exe detected by SONAR        Removed
10/17/2008 19:11  High  prepare_receptor4_9.51_windows_intelx86.exe detected by SONAR   Removed
10/19/2008 16:52  High  prepare_dpf4_9.51_windows_intelx86.exe detected by SONAR        Removed
10/19/2008 16:51  High  prepare_dpf4_9.51_windows_intelx86.exe detected by SONAR        Removed
10/17/2008 19:12  High  prepare_receptor4_9.51_windows_intelx86.exe detected by SONAR   Removed
10/19/2008 17:08  High  summarize_results4_9.51_windows_intelx86.exe detected by SONAR  Removed

Category: Quarantine
10/19/2008 16:51  High  prepare_dpf4_9.51_windows_intelx86.exe detected by SONAR        Removed
10/17/2008 19:11  High  prepare_receptor4_9.51_windows_intelx86.exe detected by SONAR   Removed
10/19/2008 16:51  High  prepare_dpf4_9.51_windows_intelx86.exe detected by SONAR        Removed
10/19/2008 17:08  High  summarize_results4_9.51_windows_intelx86.exe detected by SONAR  Removed

So, now I'm going to ask them on how to remove this crapware.