As of a few hours ago Norton has started flagging compiled scripts as High Risk and quarantining them.
I say once again because I had the same problem back in 2017. Then it went away. But now it's back.
If I remember correctly back in 2017 it also flagged the ahk-basic ahk2exe executable as infected.
Running a full system scan right now and the tally is going up.
Not impressed - unless it really is an infection but I doubt that.
Is there a solution to this?
Norton at it again! Heur.advml.b
- Blue Kodiak
- Posts: 26
- Joined: 17 Mar 2019, 00:45
-
- Posts: 1472
- Joined: 05 May 2018, 12:23
Re: Norton at it again! Heur.advml.b
All compiled scripts? I do not get any virus alerts
- Blue Kodiak
- Posts: 26
- Joined: 17 Mar 2019, 00:45
Re: Norton at it again! Heur.advml.b
I wasn't getting them yesterday either; you never know what joys tomorrow might bring you.
- Blue Kodiak
- Posts: 26
- Joined: 17 Mar 2019, 00:45
Re: Norton at it again! Heur.advml.b
I might do that after the full scan completes - as long as they don't want me to yield control of my system over to them.
I need firewall and antiviral to be safe but I try to keep this system (my development platform) as isolated as possible
to reduce the chances of something getting past them.
2,500,000 files scanned so far - its going to be a long wait.
-
- Posts: 1472
- Joined: 05 May 2018, 12:23
Re: Norton at it again! Heur.advml.b
How many of your compiled did it mark as a virus? What version ahk?Blue Kodiak wrote: ↑28 Mar 2019, 03:17I wasn't getting them yesterday either; you never know what joys tomorrow might bring you.
- Blue Kodiak
- Posts: 26
- Joined: 17 Mar 2019, 00:45
Re: Norton at it again! Heur.advml.b
The Norton app "should" have links but thanks anyway.nnnik wrote: ↑28 Mar 2019, 03:30https://www.autohotkey.com/boards/viewtopic.php?f=17&t=62266
^See this
555 quarantines so far - not counting the popup notification I was getting every few minutes that caused me to start the scan.
Maybe around half of those are/were temporary files or already in the recycle bin,
Still, yesterday nothing and today it's going to be 600+ detections - some of them in files archived years ago.
- Blue Kodiak
- Posts: 26
- Joined: 17 Mar 2019, 00:45
Re: Norton at it again! Heur.advml.b
See my previous reply.How many of your compiled did it mark as a virus?
I was thinking some might be older ahk basic but it looks like they're all 1.1.27.07 U64What version ahk?
- Blue Kodiak
- Posts: 26
- Joined: 17 Mar 2019, 00:45
Re: Norton at it again! Heur.advml.b
OMG, the scan is still running, for almost 14 hours now.
605 hits so far but it's not as bad as I thought as most of those aren't significant.
Still not good though. Approximately 150 to 200 AHK 1.1.27.07 executables have been quarantined.
605 hits so far but it's not as bad as I thought as most of those aren't significant.
Still not good though. Approximately 150 to 200 AHK 1.1.27.07 executables have been quarantined.
Re: Norton at it again! Heur.advml.b
Did you submit a false positive report? You didn't clearly answer the question on that.Blue Kodiak wrote: ↑28 Mar 2019, 15:46OMG, the scan is still running, for almost 14 hours now.
605 hits so far but it's not as bad as I thought as most of those aren't significant.
Still not good though. Approximately 150 to 200 AHK 1.1.27.07 executables have been quarantined.
Were these compiled scripts? If it's the AutoHotkey.exe, then you can submit that to Norton in order to get it cleared. As an open source tool, where the source code can be viewed and compared, it shouldn't be a problem for any competent personnel to clarify and verify.
If these are fake versions of AutoHotkey, that's a different matter. If it's a fake version of AutoHotkey, Norton researches can identify such. And you can reinstall the real AutoHotkey from this website or GitHub.
https://www.autohotkey.com/boards/viewtopic.php?f=17&t=62266
(Report False-Positives To Anti-Virus Companies)
- Blue Kodiak
- Posts: 26
- Joined: 17 Mar 2019, 00:45
Re: Norton at it again! Heur.advml.b
I said I would do that when the scan is complete.
Then I can also select a quarantined file to upload - if I can get one back out of quarantine.
I can't restore them from my day-to-day account (the one I'm using); there is no restore option.
I will have to log back in as Admin and try again.
If that fails .... well then I won't have anything I can send them - brick wall.
Are there fake AHK exes around? Presumably not at autohotkey.com.
The affected exes seem to be ones that make a lot of api calls.
Re: Norton at it again! Heur.advml.b
You have a group of options that you can try, which may solve the problem:Blue Kodiak wrote: ↑28 Mar 2019, 16:43I said I would do that when the scan is complete.
Then I can also select a quarantined file to upload - if I can get one back out of quarantine.
I can't restore them from my day-to-day account (the one I'm using); there is no restore option.
I will have to log back in as Admin and try again.
If that fails .... well then I won't have anything I can send them - brick wall.
Are there fake AHK exes around? Presumably not at autohotkey.com.
The affected exes seem to be ones that make a lot of api calls.
1) You can attempt to re-download a fresh copy of that version of AutoHotkey from this website or GitHub.
Might be that your previous files were corrupt or fake, where the new download will not be.
2) If your Anti-Virus detects a fresh copy as malicious...
A) You might be able to provide Norton personnel with the link to the file
Keep in mind, it's very doubtful that the version from this website or GitHub will be malicious, since code is open-source and easy to inspect.
B) Turn off your Anti-Virus temporarily, download the file from this website or GitHub, and then upload the file to Norton
3) You can make an exception in your Anti-Virus scanner to leave AutoHotkey files alone.
https://smallbusiness.chron.com/set-exclusions-norton-antivirus-61906.html
(How to Set Exclusions in Norton Antivirus)
https://community.norton.com/en/forums/nis-2017-how-whitelist-program
(How to Whitelist... a program?)
- Blue Kodiak
- Posts: 26
- Joined: 17 Mar 2019, 00:45
- Blue Kodiak
- Posts: 26
- Joined: 17 Mar 2019, 00:45
Re: Norton at it again! Heur.advml.b
Submitted to Norton/Symantec.
Hopefully they will fix it.
Hopefully they will fix it.
Re: Norton at it again! Heur.advml.b
Good to know. Please do let us know the results when you get them.
Also, Heur.AdvML.B is a heuristic detection. This type of detection is a "best guess" based on machine learning versus a verified signature, and is more likely to be a false-positive or wrong. Therefore making an exception for AutoHotkey or changing the heuristic detection settings, are some ways to get around the issue. If you Google Heur.AdvML.B, you will see many Norton/Symantec users complain about this issue.
Who is online
Users browsing this forum: No registered users and 149 guests