BBC BASIC for Windows
Programming >> Operating System >> Norton doesn't like Load/Save files http://bb4w.conforums.com/index.cgi?board=os&action=display&num=1400223620 Norton doesn't like Load/Save files
Post by g3nrw on May 16th, 2014, 07:00am
I have written a program that includes a Load/Save files menu. It works fine here on Windows 8.1 64-bit, but someone says that on his similar system, Norton takes exception to it whenever he tries to load or save a file.
Norton reports "Sonar" detection and high security risk. It not only stops the program executing, it deletes the exe from the folder he created for it. (This folder is outside the Windows tree). Same happens if he runs the program as administrator.
His workaround has been to set a Norton exclusion for the program folder and its subfolders. He is now able to save and load files without Norton throwing a fit.
Has anyone here seen anything similar?
-- Ian
Re: Norton doesn't like Load/Save files
Post by rtr on May 16th, 2014, 08:29am
As you probably know, SONAR is a heuristic detection technology so is inherently prone to false positives. Your friend should contact Norton to report the false detection; after some investigation they should modify their product to fix the issue.
Quote:
and high security risk
It's a joke to call a heuristic detection a "high security risk", considering no actual 'threat' has been detected at all! It is the sort of thing that gains some virus scanners a bad reputation. Personally I wouldn't touch Norton with a barge pole, and I know I'm not alone.
The only thing to add is that, of course, you should check that you have taken sensible precautions to reduce the likelihood of a heuristic detection. For example, as frequently stated here, it is vital that you include a Version Info resource in your compiled EXE - attempting to remain anonymous is quite reasonably considered suspicious by virus scanners.
It is also highly desirable to digitally-sign your EXEs - that's probably one of the greatest safeguards against a false positive - but of course there is a cost involved. There are some bargains to be had if you shop around though. I routinely sign all my EXEs
Richard. Re: Norton doesn't like Load/Save files
Post by g3nrw on May 16th, 2014, 3:10pm
Many thanks Richard.
Can you point me to where I can find out about how to add the Version Info to the .exe, and how to digitally sign it, to keep everyone happy.
-- Ian Re: Norton doesn't like Load/Save files
Post by rtr on May 16th, 2014, 4:42pm
Can you point me to where I can find out about how to add the Version Info to the .exe
If you use the BB4W Help Search facility to look for 'Version info' it comes up with only one hit!
But since the Search tool appears to be unpopular, the information can be found at 'Command and Editing Window... Utilities menu... Add-in Utilities' or online here:
That will depend to some extent on who you purchase the Code Signing Certificate from. They should give you details of how to use their certificate; most likely it will involve the use of Microsoft's signcode utility:
If you want BB4W to do the signing for you, the registry entries you need to create are documented at 'Command and Editing Window... Registry settings' or can be found online here:
It is also highly desirable to digitally-sign your EXEs - that's probably one of the greatest safeguards against a false positive - but of course there is a cost involved. There are some bargains to be had if you shop around though.
This is a useful blog post, although it's a few years old now: