Latest host and remote, several different Norton programs, they always seem to catch it and stop it. I have the user select Actions or sometimes More Actions and then Run Anyway and it works. Just a little confusing and worrisome for the clients.
I do not know the specifics of version and product, all I can tell you is that the customers had Norton and the fix was always the same, to have them click something like Options or More Options and then Run Anyway.
Getting back into contact with the clients and walking non-technical user through it again was not something I wanted to burden them with so I found another PC and removed it's antivirus. I then went online and downloaded the 30 day free trial of Norton Security and installed it. I activated it and ran the live update to get the program and its definitions up to the latest versions.
Next I went to my support website and downloaded the agent.exe (which is a newer version, and customized, than the one I had my clients originally install). Here is what happened:
Immediately after the file finished downloading (from selecting Run in Internet Explorer)...
Without clicking on anything, this window appeared:
After clicking Run This Program Anyway I receive this window:
After selecting Allow This Program To Continue everything goes normally (UAC prompt, then program appears with ID and password ready.
Thank you for taking the time to investigate this. We will definitely contact Symantec regarding this detection.
However, it should be noted that it's a grey area. Here is the classification description. Although it says "virus, trojan" this classification uses heuristic methods which are prone to errors. Heuristics isn't a surefire way to say if something is a virus or a trojan. It can only say that there is a probability of this file being a virus given some attributes.
This is a major issue with modern antivirus programs for us and any other remote control software vendor. Our program category is risky by definition. Antivirus programs try to be on the safe side and they will rather warn the user than not. Even if the program is legitimate there is a chance that it is used by a rogue to access a computer, and so the antivirus program's duty is to let the user know about it.
I certainly understand your reasoning, and agree with it. Unfortunately what bothers me is this.....
That image is a composite of four screenshots. I took the same computer I used previously that gave the warnings about Remote Utilities, running the same antivirus, and tried several different remote programs. In the image above you see that Norton gave the unconditional green light to [censored] , AnyDesk, AeroAdmin and ConnectWise.
Seecrean also ran without problems although since it runs differently, Norton never said a word, good or bad.
The only one I ran that had any problems other than Remote Utilities was [censored] Admin. ROMViewer triggered a screen from Norton complaining about a valid digital signature however it also showed that the file was fine and all it prompted the user to do was click OK.
All of this is provided FYI in an attempt to help you get it corrected with Norton. I hope it helps.
Have you guys received any recent reports of this happening again? I've come across two users this week running Norton. They cannot use the Viewer to connect outside their home to their office. I'd expect them to block the host, but the viewer?! Jeepers.
On one machine I had direct access to, I temporarily disabled Smart Filter and Auto Protect and was able to use the Viewer to connect to the Host. However, I'm trying to remotely help someone over the phone, she says she disabled both and still same result, "double clicking or selecting Full Control doesn't connect to server or give any errors or popups".
So my first complaint is to Norton, for being $^$.
But it is kind of frustrating when you go to connect to a server and there is no error, no pop up, and doesn't connect, the user is kind of left "what do I do now?" Is there somewhere it clearly says something like "unable to connect to host" or anything? Need something the user can feedback to the tech or just to google the next steps..
Could there be a way to detect when the Viewer is being blocked from making any outbound connections?