Jump to content
Sign in to follow this  
SelfLoadingRifle

Norton Sticky

Recommended Posts

Could the Battlefront team please put a well displayed sticky on this site that explains how to deal with Norton issues such as de-quarantining files?

I can really sympathise with those who do not know how to circumnavigate the big N. A simple sticky on the subject would prevent a lot of high blood pressure and save expensive monitors from having bricks chucked through them:eek:

Just a thought...

SLR:D

Share this post


Link to post
Share on other sites

I´m using the F-Secure antivirus program and it too hates the patch. F-Secure sees the patch as a trojan and removes some critical files. I had to uninstall and reinstall the CMFI.

Share this post


Link to post
Share on other sites

The same goes for Avira. A LOT of security programs are tagging the 1.01 patch as a 'generic encrypted trojan' simply because the file has encryption within it that the security programs do not understand, so they just quarantine the file as if it were a trojan. I wouldn't be surprised if a number of other security programs are going to do this (even if the files are 'signed').

With Norton, unfortunately there are several different versions and products and some of them are so simplified as to be almost non-functional if you have a 'false positive' such as this.

Share this post


Link to post
Share on other sites

Norton will try to prevent the installation of this game. There are a couple ways Norton tries to prevent the installation. This is what I have done to get CMFI up and running when my virus protection is Norton 360.

Click the Norton 360 Icon. Go to Tasks/Check Security history. There will be a tab that shows that Combat Mission was either "Blocked" or "Quarantined".

If you get the "blocked" message;

1) Disable Norton AV autoprotect (right click icon to find this) (Thank you Schrullenhaft)

2) Install CMFI patch

By doing step 1 and 2 it will change the Norton defense mechanism from "Blocking" to "Quarantining" the file.

So when you get the "Quarantined" message;

3) Enable Norton AV; this will bring up message of Norton blocking Trojan virus.

4) Go into Security History click on the "Quarantined" file. Click to restore this file.

I believe a good measure to take beyond this would be to "Exclude items from scans" which is found under Settings/Antivirus.

From my understanding the exe file you would need to exclude is found under C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy

Share this post


Link to post
Share on other sites
Could the Battlefront team please put a well displayed sticky on this site that explains how to deal with Norton issues such as de-quarantining files?

Start > Control Panel > Add or Remove Programs

Share this post


Link to post
Share on other sites
I believe a good measure to take beyond this would be to "Exclude items from scans" which is found under Settings/Antivirus.

From my understanding the exe file you would need to exclude is found under C:\Program Files (x86)\Battlefront\Combat Mission Fortress Italy

Thanks for that advice! I'm used to "restoring" the CM exe files from quarantine but this time with the new patch Norton kept automatically quarantining it over & over again. Never had that problem before.

Just to be clear for anyone else who may have this problem, exclude your CMFI folder from scans by the "Auto-Protect" system.

Share this post


Link to post
Share on other sites
Could the Battlefront team please put a well displayed sticky on this site that explains how to deal with Norton issues such as de-quarantining files?

I can really sympathise with those who do not know how to circumnavigate the big N. A simple sticky on the subject would prevent a lot of high blood pressure and save expensive monitors from having bricks chucked through them:eek:

Just a thought...

SLR:D

Here is my tip and I think I miss-typed it last night while in a hurry.

Option #1: Click on Norton Security. Go to "Tasks", Go to Security History (note you can search 5 pages). Find the CM exe file that was blocked, click on it and then under the right hand panel marked "Details" you should be able to click on to reverse the block or quarantine.

At least this works for me.

Option #2: which I used the first time. I called "Support." It was surprisingly very, very good. They simply went in and did all the work for me and set up the CM for me.

Share this post


Link to post
Share on other sites

This would certainly make for a good Sticky. However there are several other anti-virus softwares that also see Combat Mission as a virus. I would recommend there being a general Sticky pertaining to the AV software that block the Combat Mission installation. Perhaps people could list what it takes to get their game up and running with their own AV software.

I do believe this would be to Battlefront's best interest to post a sticky for this. With every Combat Mission release there will be more people who will have questions in how to get Combat Mission working again. Some of these people will burn up their activations in trying to get up and running, where a prominent note could quickly get them quickly going again.

Share this post


Link to post
Share on other sites
Thanks for that advice! I'm used to "restoring" the CM exe files from quarantine but this time with the new patch Norton kept automatically quarantining it over & over again. Never had that problem before.

Just to be clear for anyone else who may have this problem, exclude your CMFI folder from scans by the "Auto-Protect" system.

OK thanks on that, I'm having the same issue on the patch. Oddly I loaded it and I've been playing for several days (I think since the day released) and suddenly yesterday Norton issued a Trojan alert & Norton attacks the exe FI file. I've not quite figured this one out yet but I'm playing right now without the patch. Guess I might have to call my friends in India but if the exe is excluded from Auto-Protect your saying that does it, correct ?

Share this post


Link to post
Share on other sites

Yes. The day the patch came out I restored it from quarantine & was able to play as per normal. The next day, Norton automatically quarantined it again. I restored it again, but Norton then kept quarantining it over & over so I could never start the game. Finally, I read Paulverisor64's message & then figured out how to configure the Auto-Protect scan so that it would ignore the CMFI folder. I haven't had any problems since then, hope that works for you, too.

Share this post


Link to post
Share on other sites

Norton positively ID'ing Trojan.ADH.2 (about 2010 publishing date). File downloaded from Atomicgamer site. I'm loath to ignore that sort of warning. I'm happy to have removed quarantines before this but I'd like a little more re-assurance from BF on this, please.

Cheers

Share this post


Link to post
Share on other sites

Here's Symantec's definition of the 'Trojan.ADH.2' infection.

Here's a significant snippet:

If one or more files on your computer have been classified as having a Trojan.ADH.2 threat, this indicates that the files have suspicious characteristics and therefore might contain a new or unknown threat. However, given the sensitive nature of this detection technology, it may occasionally identify non-malicious, legitimate software programs that also share these behavioral characteristics. Therefore, it is recommended that users manually check all files detected as Trojan.ADH.2 by Symantec antivirus products for potential misidentification, and submit any suspect files to Symantec Security Response for further analysis.

The encryption within the file is what is most likely tripping up Norton.

These are the following specs I get with the Atomicgamer download of CMFI 1.01 patch (for PC):

File name: CMFI_v101_Patch_Setup.exe

File size: 47,328,312 bytes

MD5 hexadecimal checksum:

58B34E9388CDA521509FA1B381EF32F9

SHA1 hexadecimal checksum:

486CA4951A33A6211F56731A1EF6B295EE2987C4

Share this post


Link to post
Share on other sites
Here's Symantec's definition of the 'Trojan.ADH.2' infection.

Here's a significant snippet:

If one or more files on your computer have been classified as having a Trojan.ADH.2 threat, this indicates that the files have suspicious characteristics and therefore might contain a new or unknown threat. However, given the sensitive nature of this detection technology, it may occasionally identify non-malicious, legitimate software programs that also share these behavioral characteristics. Therefore, it is recommended that users manually check all files detected as Trojan.ADH.2 by Symantec antivirus products for potential misidentification, and submit any suspect files to Symantec Security Response for further analysis.

The encryption within the file is what is most likely tripping up Norton.

These are the following specs I get with the Atomicgamer download of CMFI 1.01 patch (for PC):

File name: CMFI_v101_Patch_Setup.exe

File size: 47,328,312 bytes

MD5 hexadecimal checksum:

58B34E9388CDA521509FA1B381EF32F9

SHA1 hexadecimal checksum:

486CA4951A33A6211F56731A1EF6B295EE2987C4

Schrullenhaft: By clicking on the attached link I was brought to a screen that allowed me to attach a file to have this checked. I sent the location of Combat Mission Fortress Italy's exe file. I also sent them this forum thread's link.

I'm not really sure what all the number's you have listed have to do with the issue; could you elaborate a little for the computer illiterate?

I'm not sure what I have sent will help, but at least it can be determined whether the file has a Trojan virus as it claimed.

Share this post


Link to post
Share on other sites

Paulverisor64 - costard wanted assurances that the file he has was not infected. I provided a link to Symantec's definition of the virus, suggesting that a file designated with such a definition has a high probability of being a valid file that is not infected.

The MD5 and SHA1 hexadecimal checksums are a way of checking files for their integrity. You can use a program such as Accuhash (http://www.accuhash.com/download.html) to generate these checksums and compare them with the results posted here. If your checksum is different, then there is a good possibility your file is incomplete or modified (possibly infected).

Share this post


Link to post
Share on other sites

This is what I received back:

---------------------------------------------------------------------------

Submission Summary

---------------------------------------------------------------------------

We have processed your submission (Tracking #26932286) and your submission

is now closed. The following is a report of our findings for the files in

your submission:

File: cm fortress italy.exe

Machine: Machine

Determination: This file is detected as 'Trojan.ADH.2, ' with our existing

certified LiveUpdate definitions.

---------------------------------------------------------------------------

Developer Notes

---------------------------------------------------------------------------

cm fortress italy.exe is detected by Symantec AV products with the latest

definitions.

---------------------------------------------------------------------------

Remediation

---------------------------------------------------------------------------

Existing certified LiveUpdate definitions successfully handle the files in

your submission. Please update your definitions by clicking the

"LiveUpdate" button in your NAV program. or refer to your product

documentation.

---------------------------------------------------------------------------

It appears that by "Live Updating" Combat Mission Fortress Italy will install without being blocked.

Fingers crossed.

Share this post


Link to post
Share on other sites

Thanks for making the submission.

The one unfortunate thing we have experienced when it comes to anti-virus data signatures is that one update may fix the problem and then subsequent updates manage to reintroduce the problem all over again. Similar things happen with video drivers too.

Share this post


Link to post
Share on other sites
Thanks for making the submission.

The one unfortunate thing we have experienced when it comes to anti-virus data signatures is that one update may fix the problem and then subsequent updates manage to reintroduce the problem all over again. Similar things happen with video drivers too.

Bummer; that's what I was afraid of.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...