- Feb 1, 2013
- 969
That was my exact point I was trying to communicate! it's the only con of the product. Maybe the components do not communicate well with each other.
Norton Security 360 Deluxe 2023
- Thread starter Shadowra
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Feb 1, 2013
- 969
I also like that they scan HTTPS with the firewall/IPS technology without MITMing.
- Feb 1, 2013
- 969
Also, i want to add that while IPS can block malicious connections trying to establish, Sonar can work in the background collecting behavior data, so maybe detections can happen even after several hours or whole days, when many attributes show a higher malicious score. That's the way Sonar works from v4.0 released in 2012 and it's maybe a way to reduce FP's or submit more data to the NortonLifelock malware analysts.
This way, a more sophisticated malware can be detected at endpoint level, for example logic bombs malware or other malware that can hide via time based tactics. More like an EDR with no ability to represent such abilities in video testing. Another product with a smaller analysis time threshold, will flag something as malicious or not malicious quickly, but if it misses something, things are more dangerous.
I don't know for how long other vendors analyze behaviors, but this no-reaction time while blocking connectivity, brings me such thoughts to mind @Trident @Shadowra
This way, a more sophisticated malware can be detected at endpoint level, for example logic bombs malware or other malware that can hide via time based tactics. More like an EDR with no ability to represent such abilities in video testing. Another product with a smaller analysis time threshold, will flag something as malicious or not malicious quickly, but if it misses something, things are more dangerous.
I don't know for how long other vendors analyze behaviors, but this no-reaction time while blocking connectivity, brings me such thoughts to mind @Trident @Shadowra
Last edited:
- Feb 7, 2023
- 1,734
They communicate via the STAR bus, which is described here: Star Malware Protection Technologies
Hiding via time-based tactics, such as doing something on a specific date or only after a reboot is a valid concern. The emulator which works between the static analysis scan and SONAR should detect instructions related to that and should “trick” the malware into believing these events have occurred by supplying fake time, date, system uptime and others.
Behavioural blocking has no time threshold, data is written continuously about every process on disk as it works.
From my observations, SONAR doesn’t have issues with executables, it is more iffy with Non-Process Threats that hide behind valid and signed Windows executables. SONAR would either just terminate the attack without even deleting the original file, or it won’t really detect anything. Trend Micro AEGIS and F-Secure DeepGuard work the same way so not sure what’s going on, there is some limitation there that engineers know of.
- Feb 1, 2013
- 969
About threshold you mean about Norton or the other big ones too like BitDefender? Scoring system is not sth everyone is using though, I would like to now that
- Feb 7, 2023
- 1,734
None of them has any time threshold, they all work more or less the same way. What they call “process ledger is maintained” and that happens by recording all relevant actions. To know what’s relevant, the product will use a “filter” which will remove safe events or events not related to security. Everything else will be continuously recorded in a database stored on disk and will be continuously run again and again through classifiers. These classifiers will output probability of the program to be safe/malicious in percentage. Once certain percentage (or score in points) is reached, the remediation engine will be supplied with data from the recordings and will start undoing what it can. This can be days after the initial execution. There is no timeframe.
Does Norton has a specific feature to block/disinfect/files rollback with ransomware like Bitdefender, Avast etc? Or it depends on its superior malware detection/disinfection capability? Norton website says
Quote
Virus Protection Promise includes a virus removal service provided by a Norton expert and may come with the following qualifying subscriptions........ In the unlikely event that we are unable to remove the virus from your PC, Mac, Android and/or iOS device, you may be entitled to a refund of the subscription.
Unquote
Huh? System already screwed then they say you may be entitled for a refund.
What if Norton fails to prevent a ransomware infection for files and folders not protected by Norton? Any rollback of encrypted files feature? If no, then NeuShield Data Sentinel can use for remediation. One con is that it don't work with removable drives....only fixed drives.
Norton allows the backup to removable drives. Are the backups protected against ransomware like its cloud backup?
Quote
Virus Protection Promise includes a virus removal service provided by a Norton expert and may come with the following qualifying subscriptions........ In the unlikely event that we are unable to remove the virus from your PC, Mac, Android and/or iOS device, you may be entitled to a refund of the subscription.
Unquote
Huh? System already screwed then they say you may be entitled for a refund.
What if Norton fails to prevent a ransomware infection for files and folders not protected by Norton? Any rollback of encrypted files feature? If no, then NeuShield Data Sentinel can use for remediation. One con is that it don't work with removable drives....only fixed drives.
Norton allows the backup to removable drives. Are the backups protected against ransomware like its cloud backup?
Last edited:
Similar threads
