Virus detected upon doing a clean install - Sonar.am.c!g9

[garyn123]

Hi ... I've removed my installation of DCS 1.5 and want to start over. Upon downloading and running the installer Norton antivirus finds a virus, sonar.am.c!g9. Norton advises that I remove the offending file, then of course DCS doesn't work.

 

I'm hesitant to ignore Nortons advise.

 

Any thoughts?

 

 

Thanks,

Gary

[Dingo_Bob]

it's false positive, disable notron and add an exception for dcs to it, or best practice is don't use norton or mc acovfefe ever

[MarcSupilami]

it's false positive, disable notron and add an exception for dcs to it, or best practice is don't use norton or mc acovfefe ever

 

Hmm, I would be cautious about suggesting disabling an Anti-Virus, even if I am not a fan of it. :(

 

However, it is indeed likely a false positive: If you look at Norton's article on it, the alert was raised because of the component's behavior (you failed to indicate which file cause the alert), in particular its access to cloud data. If the file in question downloads/uploads data from the Internet, that likely would have cause the alert. As suggested in the article, submit the file to Symantec for analysis.

 

In the future, please provide more details, such as the OS version, update status, software version (both DCS and Norton), etc... :smartass:

[Pikey]

Sonar is a heuristic detection, that is, it's not reading from a database of file identities but rather looking at the file on it's own and seeing what it does in isolated behavioural ways inside a virtual sandbox. The technique is a trademarked name from Symantec but it's used in all advanced security software as part of your security defence layers. Free and rubbish AV solutions do not contain this technology.

 

Heurisitic detection are your only defence versus zero day threats and the world needs to get used to them, because you can change a virus signature to produce a variant in a few seconds, and this is commonly done by virus writers as they distribute threats in order to bypass security software using file based ID matches ONLY.

 

That your AV bothered to look at an unknown file is great news. But your common sense tells you that it's trusted and from Eagle Dynamics. Once you understand heuristic detections, file reputation and other extended techniques from proper security vendors, you can take the various steps to easily provide exclusions on TRUSTED software.

 

That some people don't understand what is going on and advise taking off your defence layers should be ignored and I wish those threads were deleted for spreading FUD and misinformation.

[Chump]

it's false positive, disable notron and add an exception for dcs to it, or best practice is don't use norton or mc acovfefe ever

I use SEP and it picks up random DCS files during install also. It is doing it's job: alerting you to anything that heuristics flags as suspicious/malicious behavior. If you trust the publisher, you can trust the file (if downloaded from the publisher).

 

I cannot back the advice to not use an AV program (ever). Everyone has their flavor that they prefer, but they exist for a very good reason.

 

If you question a file, you can always ask on these forums and someone will verify if it is part of the install/legit.

[v81]

I don't know why people opt for 3rd party AV when a free, functional, efficient solution is now free from Microsoft.

Whilst it rightly was considered rubbish a few years ago, it's come a long long way.

Just uninstall your AV and ensure that Windows Defender kicks in.