Serious Discussion Norton File Insight

[Divine_Barakah]

One of the features on Norton that I love and on which I depend to check the trust rate of installation files downloaded from the internet is Norton File Insight.


I have a serious question though. Does Norton give "Trusted" rating for anything that is digitally signed?

 

[Parkinsond]

As far as I know, currently, Norton in not using the old file insight (belonging to Symantec); it is equipped with Avast's stuff.
How file insight calculates the score for each file exactly is beyond my knowledge, but it depends on several factors, including file age and prevalence (something similar to MD).

 

[Divine_Barakah]

As far as I know, currently, Norton in not using the old file insight (belonging to Symantec); it is equipped with Avast's stuff.
How file insight calculates the score for each file exactly is beyond my knowledge, but it depends on several factors, including file age and prevalence (something similar to MD).

I believe it is still the old File Insight as I could easily recognise the GUI. Unless you mean the source and user base of the trust rating changed from Norton to Avast's.

 

[Zero Knowledge]

File age and prevalence as Parkinsond posted then cert as last resort. That would be my belief.

 

[bazang]

One of the features on Norton that I love and on which I depend to check the trust rate of installation files downloaded from the internet is Norton File Insight.


I have a serious question though. Does Norton give "Trusted" rating for anything that is digitally signed?

Learn more about File Insight in Security History

Get all the support you need for your Norton products. We’ll help you with installation, activation, sales and billing.

support.norton.com

How Symantec Endpoint Protection uses Symantec Insight to make decisions about files

techdocs.broadcom.com

https://www.insight.com/content/dam/insight-web/en_US/media/whitepaper/partner/Harnessing%20Global%20Intelligence%20to%20Detect%20and%20Respond%20to%20Threats%20Faster.pdf

https://vox.veritas.com/legacyfs/online/veritasdata/SEP%2012%20Insight%20and%20SONAR%20Factsheet.pdf

 

[bazang]

The consumer versions of Norton include various insight features:

- file
- download
- scam

Essentially they are tweaked version of the Symantec SONAR security feature set.

 

[cartaphilus]

The consumer versions of Norton include various insight features:

- file
- download
- scam

Essentially they are tweaked version of the Symantec SONAR security feature set.

Does sonar still exist? Or was it delegated to the great silicon in the sky?

 

[bazang]

Does sonar still exist? Or was it delegated to the great silicon in the sky?

Current Norton 360 kbs indicate SONAR still exists and integrated into the Norton 360 product line.

 

[Trident]

SONAR is no longer used.

The new Norton uses the behavioural blocking that was once sold as Norton AntiBot, developed by Sana Security. This was later acquired by AVG, integrated into Avast and now it is back with Norton.
SONAR wasn’t super amazing but it was better at blocking many of the raw TTPs (many of the SONAR profiles targeted exactly that), whilst the Avast behavioural blocking is fairly average.

Norton file insight automatically boosts the rating when it encounters Class 3/EV signature which is normal. Even MS Smart Screen does not alert on EV-signed files. This is the entire point certs are used.

It adds to the trust if it’s a widely used file and it is more than 7 or 30 days old.

 

[Parkinsond]

Unless you mean the source and user base of the trust rating changed from Norton to Avast's

Yes, Avast has its own algorithm and reputation telemetry.

 

[Parkinsond]

Even MS Smart Screen does not alert on EV-signed files

During the period I was using SEP, I have found SONAR detections were comparable to MS SmartScreen, with nearly identical FP profiles; I decided it adds nothing compared to using MD, except customizable firewall with alerts and IPS (however, enabling network protection for MS can provide a similar tool, even if less effective),

 

[Trident]

Yes, Avast has its own algorithm and reputation telemetry.

Norton can retain their algorithm, which was their patent. Insight appeared in SEP 2-3 years after it appeared in Norton, initially called Symantec Quorum.

They can still use the raw data that Avast has gathered.

So the scoring is the same, just the database is different.

 

[Trident]

During the period I was using SEP, I have found SONAR detections were comparable to MS SmartScreen, with nearly identical FP profiles; I decided it adds nothing compared to using MD, except customizable firewall with alerts and IPS (however, enabling network protection for MS can provide a similar tool, even if less effective),

Just hang in there, my firewall is coming out on the 3/3/26.

I’ve scheduled this day.

It won’t be based on static rules but rather on dynamic response based on the current situation.

For blocking malicious traffic, there are heuristics and feeds, one of which will be from a leading provider that does very good job at it.

 

[Parkinsond]

Just hang in there, my firewall is coming out on the 3/3/26.

I’ve scheduled this day.

It won’t be based on static rules but rather on dynamic response based on the current situation.

For blocking malicious traffic, there are heuristics and feeds, one of which will be from a leading provider that does very good job at it.

Cannot wait for; we appreciate your kind efforts for providing better cyebersecurity