Several Security Vendors detect Norton Crypto as PUP or Riskware

Anthony Qian

Level 6
Thread author
Verified
Well-known
Apr 17, 2021
276
With the release of Norton 22.21.6.51, Norton Crypto, a "legitimate" mining application, was also formally provided to US consumers.

Interestingly but not surprisingly, Norton Crypto has been detected as Riskware by some "strict" antivirus vendors. According to VirusTotal, Norton Crypto is currently detected as PUA or Riskware by six antivirus vendors, including ESET.

批注 2021-07-22 175536.png


MalwareBytes previously detected Norton Crypto as Riskware.BitCoinMiner; however the detection was later removed, according to Norton Community.

Kaspersky, as a side note, whitelisted this program.

It's unclear whether the number of AV vendors that flag Norton Crypto as Riskware will increase or decrease, but it's just ironic that a security software is detected as risky by other security products.
 

Anthony Qian

Level 6
Thread author
Verified
Well-known
Apr 17, 2021
276
ESET still detects it as PUA.
Maybe anyone using ESET can report this detection to ESET support ?
ESET is very cautious about detection. So when a file is flagged by ESET, unless it is 100% clean, it is almost impossible for ESET to remove the detection.

Also, there may be no commercial relationship between this Slovakian company and Norton. So not revoking this detection may not have an impact on ESET’s operation. Instead, this decision can actually enhance ESET’s image as an INDEPENDENT AV company.

Anyway, one thing is for sure: there is definitely no "ESET Crypto" unless ESET changes its mind and removes the detection. ;)
 
Last edited:

Gandalf_The_Grey

Level 59
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
4,865
Users claim that Norton 360 antivirus installs a crypto miner on PCs
The official website states that Norton Crypto is not enabled by default, but some users claim otherwise and that the new version is installing the crypto miner without the user's consent. According to this thread on Twitter, the antivirus installs a miner called NCrypt.exe. Some users have suggested that it can be deleted from the software's directory after disabling the Tamper Protection from the antivirus' settings. Here's another interesting discussion about it on HackerNews.
 

peterfat111

Level 10
Verified
Well-known
Mar 25, 2021
493