Norton Antivirus' "Insight Network" blacklisted plugin-container.exe




9 years ago
5 years ago


(Reporter: Ricmacas, Unassigned)


Windows 7

Firefox Tracking Flags

(blocking1.9.2 -)




9 years ago
Reproducible on Mozilla/5.0 (Windows; U; Windows NT 6.1; WOW64; en-US; rv:1.9.3a5pre) Gecko/20100506 Minefield/3.7a5pre

Can anyone contact Norton to remove this or check what code is triggering this false positive?
BTW this is related to bug 543045, which already occurred before, but this time instead of a warning (Norton warns about downloaded files, and it thinks Plugin-container is one), the file is blacklisted and wont run.
you can also file this form:

Comment 2

9 years ago

This is the crash report generated by this bug.

Norton 360 v4.0 has identified plugin-container.exe and crashreport.exe as a threat and causing Firefox to crash constantly. I start Minefield, load up a webpage, click a new webpage, crash. I have since disabled the auto protect and the crash has stopped. The Norton update was only downloaded in the last 30 minutes.

I am running on Windows 7 Home Premium 64-bit with Norton 360 v4.0.

Mozilla/5.0 (Windows; U; Windows NT 6.1; WOW64; en-US; rv:1.9.3a5pre) Gecko/20100506 Minefield/3.7a5pre ID:20100506040636

EDIT: Norton 360 v4.0 identifies the virus as 'WS.Reputation.1'
Blocking until we can get this resolved.

(timeless: I think your comment 3 isn't really relevant to this bug)
blocking1.9.2: --- → .4+
I have reached out to Symantec and asked for their help, will update the bug as I have more info.

Comment 6

9 years ago
A couple of days ago I sent the new Firefox installer and binaries to them using their preferred process (ALE request). Note from the documentation I have it says they only update their lists on the 1st and 15th of every month.

Comment 7

9 years ago
Also note I only did the above for 3.6.4. This issue was written about Minefield.

Comment 8

9 years ago
I've been having the crash reports described by  Michael Mak [Scanorama].
Will a stacktrace help, Timeless? I could do it.

Comment 9

9 years ago
ricardo: please, i'm looking for a stack to replace comment 2.

Comment 10

9 years ago
Regarding comment 2, according to the website, the proper form would be:
Since I clearly indicate this is an insight detection, not a signature-related problem, the blacklisting of Firefox was automated.
Regarding the stacktrace, working on it.

Comment 11

9 years ago
So in this case, what would help would be a SHA-256 of the plugin-container. Though, I hope that when the hash gets changed in a future nightly, it wont blacklist it again.

Comment 12

9 years ago
typically all modules in our entire product are changed w/ each nightly....

Comment 13

9 years ago
The bug happens again: Mozilla/5.0 (Windows; U; Windows NT 6.1; WOW64; en-US; rv:1.9.3a5pre) Gecko/20100510 Minefield/3.7a5pre
Can someone just tell Norton not to consider every child process of Firefox as a downloaded file?? 
Depends on: 543045

Comment 14

9 years ago
Just perfect, now I have to disable my antivirus to even update Firefox (update.exe blocked).

Comment 15

9 years ago
Removing blocking flags for 3.6.4 as we sign the binaries for rc/final builds. This should only affect users of nightly builds.


9 years ago
blocking1.9.2: .4+ → -

Comment 16

9 years ago
Thunderbird nightly trunk build is also affected by this bug (20100924). Norton insight has blocked and deleted thunderbird.exe

I am using Windows 7 Home Premium 64-bit and Norton 360 v4.0

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b7pre) Gecko/20100924 Thunderbird/3.3a1pre ID:20100924041605

Comment 17

9 years ago
norton won't even let me install basic mozilla.  it deletes it from my computer.

Comment 18

5 years ago
This old bug of mine isn't applicable anymore
Last Resolved: 5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.