Closed Bug 564389 Opened 13 years ago Closed 9 years ago

Norton Antivirus' "Insight Network" blacklisted plugin-container.exe

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
blocking1.9.2 --- -

People

(Reporter: Ricmacas, Unassigned)

References

Details

Reproducible on Mozilla/5.0 (Windows; U; Windows NT 6.1; WOW64; en-US; rv:1.9.3a5pre) Gecko/20100506 Minefield/3.7a5pre

Can anyone contact Norton to remove this or check what code is triggering this false positive?
BTW this is related to bug 543045, which already occurred before, but this time instead of a warning (Norton warns about downloaded files, and it thinks Plugin-container is one), the file is blacklisted and wont run.
http://crash-stats.mozilla.com/report/index/10341324-f8d0-4add-b554-f8c042100507

This is the crash report generated by this bug.

Norton 360 v4.0 has identified plugin-container.exe and crashreport.exe as a threat and causing Firefox to crash constantly. I start Minefield, load up a webpage, click a new webpage, crash. I have since disabled the auto protect and the crash has stopped. The Norton update was only downloaded in the last 30 minutes.

I am running on Windows 7 Home Premium 64-bit with Norton 360 v4.0.

Mozilla/5.0 (Windows; U; Windows NT 6.1; WOW64; en-US; rv:1.9.3a5pre) Gecko/20100506 Minefield/3.7a5pre ID:20100506040636

EDIT: Norton 360 v4.0 identifies the virus as 'WS.Reputation.1'
Blocking until we can get this resolved.

(timeless: I think your comment 3 isn't really relevant to this bug)
blocking1.9.2: --- → .4+
I have reached out to Symantec and asked for their help, will update the bug as I have more info.
A couple of days ago I sent the new Firefox installer and binaries to them using their preferred process (ALE request). Note from the documentation I have it says they only update their lists on the 1st and 15th of every month.
Also note I only did the above for 3.6.4. This issue was written about Minefield.
I've been having the crash reports described by  Michael Mak [Scanorama].
Will a stacktrace help, Timeless? I could do it.
ricardo: please, i'm looking for a stack to replace comment 2.
Regarding comment 2, according to the website, the proper form would be:
https://submit.symantec.com/dispute/insight/
Since I clearly indicate this is an insight detection, not a signature-related problem, the blacklisting of Firefox was automated.
Regarding the stacktrace, working on it.
So in this case, what would help would be a SHA-256 of the plugin-container. Though, I hope that when the hash gets changed in a future nightly, it wont blacklist it again.
typically all modules in our entire product are changed w/ each nightly....
The bug happens again: Mozilla/5.0 (Windows; U; Windows NT 6.1; WOW64; en-US; rv:1.9.3a5pre) Gecko/20100510 Minefield/3.7a5pre
Can someone just tell Norton not to consider every child process of Firefox as a downloaded file?? 
Screenshot: http://i39.tinypic.com/ok4jza.png
Depends on: 543045
Just perfect, now I have to disable my antivirus to even update Firefox (update.exe blocked).
http://i42.tinypic.com/apa715.png
Removing blocking flags for 3.6.4 as we sign the binaries for rc/final builds. This should only affect users of nightly builds.
blocking1.9.2: .4+ → -
Thunderbird nightly trunk build is also affected by this bug (20100924). Norton insight has blocked and deleted thunderbird.exe

I am using Windows 7 Home Premium 64-bit and Norton 360 v4.0

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b7pre) Gecko/20100924 Thunderbird/3.3a1pre ID:20100924041605
norton won't even let me install basic mozilla.  it deletes it from my computer.
This old bug of mine isn't applicable anymore
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.