Norton Antivirus 2011 removes the exiftool 8.50 application

Started by rugru, March 02, 2011, 12:35:42 PM

Previous topic - Next topic

rugru

Hi Phil,

I have the following problem with exiftool version 8.50:
First run for one jpg-File with exiftool(-k -a -u -g1 -w txt): all is ok, txt-File is created.
Second run for one jpg-File with exiftool(-k -a -u -g1 -w txt): NAV 2011 removes exiftool(-k).exe from my computer (Win7, 64bit).
The problem is reproducible. I have no problem with exiftool version 8.31 or 8.42.

Regards
Rudolf

Phil Harvey

Hi Rudolf,

Can you use NAV to scan exiftool(-k).exe manually to see if it has a problem with it?

- Phil
...where DIR is the name of a directory/folder containing the images.  On Mac/Linux/PowerShell, use single quotes (') instead of double quotes (") around arguments containing a dollar sign ($).

Phil Harvey

#2
FYI: I just used an online service to scan exiftool(-k).exe (version 8.50), and the following virus scanners found nothing:



The MD5 for this file is 8b7856ee7c2c77081cb511a379246d4f

- Phil
...where DIR is the name of a directory/folder containing the images.  On Mac/Linux/PowerShell, use single quotes (') instead of double quotes (") around arguments containing a dollar sign ($).

rugru

Hi Phil,

NAV finds nothing if I scan the file. I think some program-actions are suspect for NAV, it writes: Versuch, einen Remote-Thread in einem Prozessadressraum zu starten (Performed by c:\users\gru\appdata\roaming\microsoft\windows\sendto\exiftool_8-50(-k -a -u -g1 -w txt).exe, PID:4612).

Regards, Rudolf

Phil Harvey

Hi Rudolf,

I can't explain this difference since my technique for generating the executable is identical (using the same system with the same version of Perl and the same version of the packager), and there are no significant structural differences in ExifTool between the versions you mentioned.

Perhaps someone else running Norton Antivirus has some ideas.  Maybe there is a way to configure it to suppress this behaviour.

- Phil
...where DIR is the name of a directory/folder containing the images.  On Mac/Linux/PowerShell, use single quotes (') instead of double quotes (") around arguments containing a dollar sign ($).

Phil Harvey

It sounds like some other people are seeing this new problem with NAV using software that was OK before:  read here

I suspect that you would have the same problem now if you went back to the older versions of exiftool.  My guess is that the difference is a change in NAV.  I suggest taking this to an NAV forum for help.

- Phil
...where DIR is the name of a directory/folder containing the images.  On Mac/Linux/PowerShell, use single quotes (') instead of double quotes (") around arguments containing a dollar sign ($).

rugru

Hi Phil,

The problem is exactly as discribed in the other board (your link: read here).
Your older versions still works perfect. I don't know how this NAV Sonar-Protection works, maybe if enough user trust exiftool, it will be accepted?

Regards, Rudolf

Phil Harvey

Hi Rudolf,

OK.  Well, as I said I don't think this is a problem with ExifTool.  But since the older versions work, it could be that future versions will work too.  If you can't get 8.50 to work by changing some NAV settings, then at least this provides some hope.

- Phil
...where DIR is the name of a directory/folder containing the images.  On Mac/Linux/PowerShell, use single quotes (') instead of double quotes (") around arguments containing a dollar sign ($).

BogdanH

Hi,

Quote from: rugru on March 03, 2011, 11:15:55 AM
...I don't know how this NAV Sonar-Protection works, maybe if enough user trust exiftool, it will be accepted?

I just can't resist: what kind of AV software is that, relying on "..if enough user trust.."?

I'm a freebie... I've tried all free Windows AV software (just name it) and the only one that does the job as it should, is Avira Antivir: light on resources, ultra-fast and easy to configure. Needless to say, that after almost two years of use, I never had any troubles. Actually I don't even notice it's running -until "something" happens  :)

Bogdan

pelic9425

Hi All!

I'm using GeoSetter & ExifTool GUI on Windows 7 SP1 (64) with Norton Internet Security 2011.

I generally download & install the latest version of ExifTool when prompted. I tried to do this for Version 8.50 yesterday, but as others have found, NIS deletes ExifTool 8.50.
NIS 'SONAR' appears to delete 8.50 as soon as it has downloaded, and does not appear to allow installation to start.

I've now re-installed ExifTool 8.49, and that is working fine - perhaps version 8.51 will have no problem!

Thanks to all concerned for extremely useful programmes. 

pinguicula

I've just tried installing ExifTool 8.51 and encountered the same problem with Norton Internet Security.

I was able to install 8.49 without any trouble.

Phil Harvey

Darn.  OK, well thanks for reporting on this.

This points to some difference in exiftool.exe between 8.49 and 8.50 that Norton doesn't like, but I can't understand this because there were no notable changes between these 2 versions.

Also, I find it unlikely that my Windows development system could have picked up a virus or something since I don't use it for anything else and I don't think that it has even been connected to the internet since version 8.49 was released.

But I'll see what I can do about installing NAV on my Windows system and play around with it myself to see if I can learn anything new.

- Phil
...where DIR is the name of a directory/folder containing the images.  On Mac/Linux/PowerShell, use single quotes (') instead of double quotes (") around arguments containing a dollar sign ($).

Phil Harvey

I've got Norton Antivirus 2011 fully installed and running, and other than REALLY slowing down exiftool (by a factor of 10 the first time I launched it), I don't have any problems when just double-clicking on "exiftool(-k).exe" version 8.51 or dragging and dropping an image file to extract information.

So I'm going to need some help to be able to reproduce this problem.

1) What are the steps you take when you lauch exiftool.

2) Do you have any special NAV settings (mine are all the default right now).

Thanks.

- Phil

P.S. I've just started a full system scan just to see if NAV finds any potential viruses.
...where DIR is the name of a directory/folder containing the images.  On Mac/Linux/PowerShell, use single quotes (') instead of double quotes (") around arguments containing a dollar sign ($).

Phil Harvey

#13
The full scan finally finished (it took about 4 hours!), and it found only 37 "tracking cookies" that it didn't like.  But the nasty HTTP cookies won't be related to our problem.

Also, I completely uninstalled exiftool and downloaded 8.51 from my web site then extracted it and ran it both as a drag-and-drop application and from the command line.  I tried both reading and writing information with no problems.  Norton Antivirus 2011 is installed and active with all protection enabled.

My system is Windows XP.

I am at a loss since I am not able to reproduce this problem.  I am more confident than ever that this is a NAV issue and not an ExifTool problem, but I am disappointed that I was not able to track it down further.

- Phil

Edit: I just tried re-downloading 8.50 and testing it too.  Again, no problems.
...where DIR is the name of a directory/folder containing the images.  On Mac/Linux/PowerShell, use single quotes (') instead of double quotes (") around arguments containing a dollar sign ($).

pelic9425

Hi!

Earlier this week I was prompted by GeoSetter to install Exiftool 8.51 - it was again deleted by Norton, as was 8.50, so I reverted to 8.49 without problem.

With no obvious changes to my set-up, I tried again today to install ExifTool 8.51. This time it installed without problem, and I was able to use GeoSetter as usual.

It looks as if a Norton auto-update in the last few days has corrected the problem for the moment.

I don't know if it is significant, but about six months ago, my earlier Norton installation announced that it had dealt with a threat from ExifTool, and had deleted it.
This was a copy of ExifTool that I had downloaded to try, but had not got round to installing. It had been downloaded at least two months before Norton objected - I suspect that the reaction was triggered by one of the Norton auto-updates, which appear to come daily,

-David (pelic9425)