Norton AV ID's AdGuard as Dangerous!

David M

New Member
Hi:

I woke up this morning with a message from my longtime Norton Antivirus software that a catastrophic error had occurred and that it could no longer function as designed. I then spent an hour with their tech-support who remotely run Norton Power Eraser to identify bad and dangerous programs. Adguard 6.x (latest version) was clearly identified and recommended for immediate removal!

When asked why this was the case, they showed me the screen image below where Adguard was leveled as a medium security threat as it tried to access Norton program for some reason but was blocked and rebuffed by Norton. Their tech support pushed me hard to remove Adguard but I cautioned against it.

Norton Antivirus1.jpg

This needs to be addressed asap. Why does Adguard poke Norton this way and how can it be stopped? Or better yet, how can you make Adguard play nice with Norton and not be seen as a threat?

Thanks,
David
 

Boo Berry

Moderator + Beta Tester
Moderator
This is a false positive that only Norton can address (looks like their overzealous HIPS is to blame here). I'm sure somebody like @vasily_bagirov will contact them about it.
 

David M

New Member
My concern here is why Adguard's service program seems to be accessing or poking around Norton's executable file? To what end and can it be stopped?
 

avatar

Administrator
Staff member
Administrator
This is not even a false positive:
https://community.norton.com/en/forums/unauthorized-access-blocked-access-process-data-1

What you describe are Norton Product Tamper Protection events, which are normal and harmless. Legitimate programs often attempt to access Norton files and processes. All such efforts are blocked in order to prevent Norton's operations from being disrupted or compromised by any outside agent, legitimate or malicious. These are not attacks, and Norton is simply logging the events.
What happens in our case: AG detects outgoing traffic of some process and checks if it should or should not filter that process data. In order to do it, AG should first find out the process name (as we know only the process ID). When it happens with Norton's own process, it blocks our access to the process information.
 

David M

New Member
Thanks...but since they didn't listen to your earlier resubmissions on this same issue, I wonder if they will do so this time.
 

Boo Berry

Moderator + Beta Tester
Moderator
Well, the issue might be they whitelist a specific version of Adguard's files, but with every Adguard update they become flagged once again.
 

David M

New Member
That is a silly way of doing it. Can you suggest a more efficient way of doing it? There has to be one, since I assume other whitelisted programs can be updated without being flagged again.
 

Boo Berry

Moderator + Beta Tester
Moderator
Hmmmm, does NPE have an exclusion list you add files to yourself within the app?
 

David M

New Member
Sadly, not really. The tool is a brute force program that takes over your computer and runs independently, often restarting your PC in the process. Nowhere, that I know of, are you given options of any sort to whitelist any programs or files.
 

vasily_bagirov

Administrator
Staff member
Administrator
There is a whitelisting program in Symantec, but the whitelisting is version-specific anyway. A new version comes out and you have to repeat the process. So it looks like submitting a false positive report every time there is a detection is about as good as we can do.

By the way, they replied to my submissions and claim to remove the detection.
 

David M

New Member
This is weird. I have other programs (http://www.iobit.com/en/index.php) that constantly poke NIS, which in turn blocks them with a 'medium severity' warning, just like it does for Adguard. But Norton Power Eraser (NPE) doesn't flag them as potentially but flags Adguard as a security risk that it wants to remove immediately. Is the problem still with NPE or the way Adguard and NPE interact?
 
Top