Serious Discussion Nordvpn Threat Protection & setup comment

[simmerskool]

Last time I used Nordvpn was 8 years ago, and let it go. Today I noticed it features Threat Protection with its $13.99/mo plan, and also fast. so I was curious. Thought I try it for a month. Is anyone using it and liking it? I would have more to say about it, BUT... when I downloaded Nordvpn setup app for windows, my trusty AV quarantines it. Nord support AI email reply says to disable my AV. That is not my first inclination...

 

[Bot]

It's understandable to be cautious about disabling your AV. NordVPN is generally safe and their threat protection feature adds an extra layer of security. However, false positives can occur with AV software. If you're unsure, you can always scan the setup file with other antivirus software. If many users share positive feedback about NordVPN's threat protection feature, it might be worth a try.

 

[ForgottenSeer 114834]

Last time I used Nordvpn was 8 years ago, and let it go. Today I noticed it features Threat Protection with its $13.99/mo plan, and also fast. so I was curious. Thought I try it for a month. Is anyone using it and liking it? I would have more to say about it, BUT... when I downloaded Nordvpn setup app for windows, my trusty AV quarantines it. Nord support AI email reply says to disable my AV. That is not my first inclination...

Potential reasons for your antivirus detecting the NordVPN installer as a threat.

Overzealous Detection: Antivirus software, including Windows Defender, sometimes employs aggressive detection methods that can mistakenly flag legitimate programs as threats.

Heuristic Analysis: Some antivirus programs use heuristic analysis, which involves identifying patterns in software behavior that resemble malware. VPNs, due to their nature of encrypting internet traffic and potentially modifying network settings, can trigger these patterns.

Other Potential Reasons:

Outdated Antivirus Definitions: An outdated antivirus database might lack information about legitimate programs like NordVPN, leading to false positives.

Corrupted Download: A corrupted NordVPN installer could be misidentified as malicious.

 

[Jonny Quest]

And just for a second opinion scan, neither F-Secure or Bitdefender on two different Windows 11 notebooks, flagged the NordVPN.exe setup app.

 

[simmerskool]

And just for a second opinion scan, neither F-Secure or Bitdefender on two different Windows 11 notebooks, flagged the NordVPN.exe setup app.

a friend tested it too. thanks for the feedback, but I'm going to request a refund as it was more of a curious than a must_have.

 

[Digmor Crusher]

Well its very likely a false positive, if you really want to try it disable your AV and give it a go.

 

[simmerskool]

Well its very likely a false positive, if you really want to try it disable your AV and give it a go.

I want to understand why it was blocked, why false+, once I understand why & what happened I probably try Nordvpn again... It was quarantined by Check Point Harmony, so not expecting a sloppy false+ so could be some deeper setting needs to be tweaked.

 

[ForgottenSeer 114834]

I want to understand why it was blocked, why false+, once I understand why & what happened I probably try Nordvpn again... It was quarantined by Check Point Harmony, so not expecting a sloppy false+ so could be some deeper setting needs to be tweaked.

Troubleshooting Steps:

Check NordVPN's Reputation: Ensure the installer is downloaded from the official NordVPN website and verify its integrity using checksums or digital signatures.

Examine Harmony Logs: Review Harmony's logs for specific reasons for the quarantine. This might provide clues about the detection.

Create an Exception: If you're confident about the installer's legitimacy, you can create an exception in Harmony to allow the installation. However, exercise caution and ensure you understand the risks.

Contact Support: Reach out to both Check Point and NordVPN support for assistance. They can provide insights into the issue and potential solutions.

Update Harmony and NordVPN: Ensure both applications are up-to-date with the latest patches and definitions.

 

[Trident]

I am not getting such detection with HEP, meaning the management body, namely Sesseto, has created a custom detection. Most probably by digital signature. The detection is NOT from Check Point and on the portal will be indicated as Gen.Admin.Cert (or something similar). For more information why Sesseto thinks their customers should not be using NordVPN, it is best to contact them. As a management body, they also must assist in creating exclusions (@simmerskool is using their managed services).

 

[Adrian Ścibor]

Interesting discussion. I haven't imagine that the Nord have a threat / malware prevention feature. We will include the software into the September edition of Advanced In The Wild Malware Test

 

[Trident]

Interesting discussion. I haven't imagine that the Nord have a threat / malware prevention feature. We will include the software into the September edition of Advanced In The Wild Malware Test

It only covers executables and seems to perform pre-analysis. When this fails to come up with a verdict, it is uploaded for emulation. There is some sparse documentation when searching around. They don’t mention up to what size files will be uploaded but state that the technology is proprietary. Though for the sandbox, they may be using an API.

It is intended to add security to existing solutions already, it doesn’t scan local files and will not clean infected systems. It also doesn’t have any runtime behavioural monitoring features.

 

[Adrian Ścibor]

It only covers executables and seems to perform pre-analysis. When this fails to come up with a verdict, it is uploaded for emulation. There is some sparse documentation when searching around. They don’t mention up to what size files will be uploaded but state that the technology is proprietary. Though for the sandbox, they may be using an API.

It is intended to add security to existing solutions already, it doesn’t scan local files and will not clean infected systems. It also doesn’t have any runtime behavioural monitoring features.

I am already testing the software on local VM. It seems the protection is quite good, and as you said - it is working only for pre_execution level. IT IS IMPORTANT. Thanks!

HOWEVER - if you want to by NordVPN with their Threat Prevention, probably you want to know if it worth spend money. We can check it for the Community MTips.

Detailed information about configuration, and how to interpreted the test will be available in the report after publication. I think we can automate the Nord with our backend and we can include the software the test which is starting 1st September 2024.

 

[ForgottenSeer 114834]

I am already testing the software on local VM. It seems the protection is quite good, and as you said - it is working only for pre_execution level. IT IS IMPORTANT. Thanks!

HOWEVER - if you want to by NordVPN with their Threat Prevention, probably you want to know if it worth spend money. We can check it for the Community MTips.

Detailed information about configuration, and how to interpreted the test will be available in the report after publication. I think we can automate the Nord with our backend and we can include the software the test which is starting 1st September 2024.

NordVPN provides comprehensive security for online activities. I rely on it exclusively for protection on both my Android and Chromebook.

 

[simmerskool]

I am not getting such detection with HEP, meaning the management body, namely Sesseto, has created a custom detection. Most probably by digital signature. The detection is NOT from Check Point and on the portal will be indicated as Gen.Admin.Cert (or something similar). For more information why Sesseto thinks their customers should not be using NordVPN, it is best to contact them. As a management body, they also must assist in creating exclusions (@simmerskool is using their managed services).

you are correct sir, but that was a secret

 

[simmerskool]

got a semi-runaround from Nord re refund, first cancel the auto renewal subscription, but no button for a refund, they say go to email or chat, I went to chat requested a refund and they replied "we can fix that" and directed me to another chat, "can you elaborate" so I told them MSSP (I use for this VM) blocks your setup app, and then no fuss -- "your refund will be issued in 1 or 2 business days." ok, we'll see... A little "curious" to me they did not ask which AV which MSSP... for me currently it is easier to ask Nord for refund than to get an explanation from MSSP why they block Nord, and to unblock it for me. I regularly use 3 other vpn without any issue so Nord must have some not-favored code...