Welcome to Comcast Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,724,639

members

69

online now

1,886,619

discussions

Back to Top

Norton and Ransomware protection

Posted by
Frequent Visitor
  • You have posted 5 replies to the community. Thank you for keeping the conversations going!
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.
  • Congrats on Posting your first topic!

Message 1 of 7
762 Views

I've been hit twice recently by ransomware; fortunately I have  what is turning out to be reliable protection (acronis true image 2017 premium). It seems like most other antivirus software companies are pursuing ransomware solutions with the notable exception of Norton, except for this AVTest/PitStop sponsored testing at 

 http://techtalk.pcpitstop.com/2016/11/29/important-security-test-decade/ 

a more current report, February is located at https://www.av-comparatives.org/wp-content/uploads/2017/03/avc_sp_pcpitstop_201702_en.pdf

which makes it look very good at ransomware detection and elimination, but unfortunately not in my 2 experiences.

 

Norton was running during both incidents and never reacted while my email files were being encrypted (30+GB of them).. True Image detected the encryption activity and alerted me, and at the press of a button, True Image removed the encrypted files and restored my files from a backup. Most vendors specifiy that they detect and eliminate ransomeware and how they do it, however I do not see this with the Norton product  (Symantec's end node protection product does however its a corporate product). 

Questions:

  1. Comcast: Are there any plans to augment or replace Norton security with an anti-ransomware solution? 
  2. Norton Users: Has anyone had any success with Norton preventing a ransomware attack

 

Thanks, 

-Steve

 

 

6 REPLIES
Posted by
Security Expert

Message 2 of 7
738 Views

Hi Steve,

 

I do not know a lot about Acronis Active Protection, nor how it reacts when and if it detects a false positive - in other words does it alert and tell you it has stopped encryption, even if it falsely detects that ransomeware is present?

 

I know Norton from time to time will block a new file listing it as WS Reputation - a file that contains the similar malicious behaviour patterns of other known threats.

 

So, I guess my question at this point would be - how do you know they were not false positives that triggered Acronis?  ..... and of course the next comment would be perhaps Norton did not miss anything (as they were false positves).

 

If interested in seeing what Norton blocks, have a look in History > Resolved Security Risks and also Intrusion Prevention.

 

I'm not sayng they are false positives, nor am I saying Norton did not miss them, but I am saying False Positives are possible and not being familiar with Acronis I do not know how it would react.  Hopefully we have some Acronis users that see this and make comments.

 

 

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Posted by
Frequent Visitor
  • You have posted 5 replies to the community. Thank you for keeping the conversations going!
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.
  • Congrats on Posting your first topic!

Message 3 of 7
696 Views

I take your point. To answer your question,  I encountered symptoms of the encryption activity (as it turns out later) prior to Acronis taking action. One of them was trying to search through email, which was unsuccessful and the other was reading an email was very slow taking ~30 seconds just to display one message.. So I knew something was slowing my machine down, but I was not aware of what it was. Within about five minutes of me noticing the symptoms, Acronis gave me the alert. The sluggish email response to at opening a message occurred in both instances, I was only searching in the first instance.

 

Acronis may have missed one file in the second instance because I could not open it with Outlook, Outlook said it was corrupted and wanted to know if I wanted to try and fix it with the scan tool, I said no, deleted it and restored a file from backup.

 

So I'm about 99% sure that these were not false positives and equally sure that Norton did not react. Acronis has popped up other times, in fact there is apparently one file that bothers it every day when I start up. Acronis just tells me that it stopped the file from modifying one of the backup files. So it looks at more than encryption behavior, it looks at file modifications, etc.

 

 

-Steve

Posted by
Norton Expert

Message 4 of 7
662 Views

Hi,

 

Please DM us with more information. We would like to get a few more details regarding this.

 

Anirban

Norotn support

Posted by
Frequent Visitor
  • You have posted 5 replies to the community. Thank you for keeping the conversations going!
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.
  • Congrats on Posting your first topic!

Message 5 of 7
595 Views

Sorry, I am unable to DM you for some reason. It may think I am a new poster...

 

-Steve

Posted by
Norton Expert

Message 6 of 7
553 Views

Hi,

 

Can you check now if you can respond to my private message.

 

Regards

Anirban

Posted by
Frequent Visitor
  • You have posted 5 replies to the community. Thank you for keeping the conversations going!
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.
  • Congrats on Posting your first topic!

Message 7 of 7
532 Views

 

 

I did respond via PM. Please let me know the next steps.