Patch Solution - Norton High Security Threat

(Locked)

Support Forum Agent
Citah,

The steps mentioned will automatically turn Sonar back on after 15 minutes. After the patch is installed, there shouldn't be any more conflicts.

We do recommend having security on your system. Whichever security program you choose is up to you.
________________________________________________
Technical Support
Want to speak with someone directly? http://us.blizzard.com/en-us/company/about/contact.html

How's my driving? https://www.surveymk.com/s/R5D3LCF
100 Undead Rogue
16540
A false positive from your security suite isn't Blizzard's problem to fix, its (in this case) Symantec's problem to fix.

I just downloaded the most recent Norton virus definitions through LiveUpdate which is a part of the Norton security suite.

wow-4.0.1.2210-enus-tools-downloader.exe still trips SONAR.
It is listed as "High risk" because the program was "behaving suspiciously".
SONAR shut it down and removed the file before it accomplished anything.

The default rule is: This behavior would indicate Virus-like activity, or unsigned software (a big no-no).

Point of clarification: This has never happened with any of the previous downloads in over 4 years of playing.

I do not feel comfortable disabling SONAR on my machine, nor should it be recommended by Blizzard to do so.
I have it for a reason: to protect my computer, and by extension, my account from unwanted / unknown intrusion. Up to this point, it has been successful.
Since I am not the type of person who goes about fixing things that are not broken, I find it highly unlikely that I will be removing / crippling an effective security measure on my machine.

Please fix this ASAP so I can play.
~Donovan
Just as a note - this happened with my AVG as well, though it's possible mine is a bit out of date. It's easy enough to bypass on AVG though, just click "Allow" when a warning comes up about Launcher.Patch.exe.
85 Blood Elf Priest
6600
Symantec Endpoint Protection didn't seem to flag it as dangerous for me...so I doubt it is
Edited by Estarliia on 3/15/2011 1:56 PM PDT
87 Draenei Paladin
8095
This is not likely to be a Norton issue.

Here is my reasoning: 2 other anti-virus programs are also reporting this file as a threat (AVG and McAfee).

Other possibilities would include:
Blizzard did not properly sign the download, or did not communicate with the anti-virus manufacturers noting that this file is safe.

Another possibility: The file that Blizz signed off on is not the same file that was downloaded (i.e infected, etc). Not likely, but definitely possible ... and also the reason I have SONAR up in the first place

Edit: just noting here that I'm not trying to spread propaganda or anything foolish like that. I also do not believe that Blizz would intentionally load viruses on our machines, but compromised files do happen in the real world. That's why we have anti-virus software.
Edited by Donovan on 3/15/2011 2:07 PM PDT
85 Night Elf Rogue
2710
Why did Blizzard fail to sign the file in the first place? This is not a Norton problem, this is a Blizzard Dev/CM issue. Customers should NEVER have to disable security software to install an unsigned patch. Shame on you Blizz.
100 Draenei Mage
14510
Donovan, Azmodeus....

I take it you two didn't google what a false positive is?

So many people in this thread have no clue.
Edited by Hierophant on 3/15/2011 2:07 PM PDT
85 Dwarf Paladin
2925
It works fine so far.
85 Draenei Death Knight
5005
I don't like the idea either... I do everything by the book, have an authenticator and everything now Blizzard wants me to work around my anti-virus? Will not be long and the hackers are going to have a field day since they know everyone's anti-virus will be disabled albeit temporarily. I hope their is a real fix in the works and not just a band aid.
100 Human Warlock
16960
03/15/2011 1:29 PMPosted by Vangreth
You don't even have to turn it off for X mins. When the pop up appears click view more details, then options. And then you'll have the ability to exclude that file from scans. Which is basically telling SONAR that it is safe, until the community catches up.


Sonar uses the community as part of the way for it to detect it is safe. If you turn it off to install you are not helping the community and everyone else will continue to get the alert. Sonar only 5 had approved it last I looked. /sigh

When the message pops up click on the options link and restore file telling it to ignore that risk (file). Then close and restart the wow client.


You might have confused my post with someone elses. I was not saying to turn off SONAR. But to un-quarantine the tools patch. And, if you want, to exclude it from future scans. This allows the tools patch to install correctly, and for norton to not take any action from that file. This method also allows one to keep SONAR turned on instead of turning it off for 15 mins.

Since it takes a while for the SONAR community to catch up for a new file, and you want to play now instead of hours or even days from now, you can "mark it as safe and ignore" so you can continue. You still submit to the SONAR network either way.
87 Draenei Paladin
8095
@ Heirophant

I didn't need to google it, I'm a comp tech from way back in the day. I know what a false positive is.
85 Worgen Hunter
5185
Norton is garbage simply get a real anti virus solution and you would not have to be having these headaches and false positives and you would still be protected with out having bloatware installed on your computer :)

Check out malwarebytes and you'll never look back
100 Draenei Mage
14510
This is not likely to be a Norton issue.

03/15/2011 2:10 PMPosted by Donovan
I know what a false positive is.



Well...obviously not, or you wouldn't have suggested it's "likely not a Norton issue".



And to all the non-techie's who are saying Norton is garbage without having a real clue what you're talking about...

ALL AV software has false positives, AND Symantec (Norton) actually has a smaller false positive detection rate than Avast. Don't believe me. Google it.
Edited by Hierophant on 3/15/2011 2:23 PM PDT
93 Goblin Priest
12110
03/15/2011 1:05 PMPosted by Vangon
Optional fix-it steps: Uninstall Norton, download Avast! or Microsoft Security Essentials as free and better alternatives. Speaking as a computer and security expert, I would never recommend Norton.


Statements like this prove you know nothing about Security. Norton has consistently ranked in the top of AV-Comparatives results over the years. Ranking Gold in Whole Product Dynamic Protection, just being beat out by F-secure for the Overall Product of the Year. Go figure it would beat out both Microsoft SE and Avast! While I don't knock either of these programs because in terms of Free Virus they are the two best available options, but don't knock something when you clearly know nothing about it.
90 Undead Warlock
0
I stopped using AVG when version 7 decided it would be an awesome idea to change my boot files to a different file extension, causing all sorts of issues with my computer.

Never had an issue with Norton, ever...nor have I ever had a virus or trojan on any computer I have owned that has had Norton on it.

Then again, as a computer expert myself (aren't we all?), I know when I see a spoof, hack, etc.
87 Draenei Paladin
8095
@ heirophant

When I re-read your posts I realize that you are missing the issue that I have with the recommendation made by Blizz.

I recommend that you re-read them yourself. In doing so, you may realize that blindly following directions that have a potential to injure your system will help no one.
93 Human Mage
1695
Thanks;}
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]