Norton AntiVirus and Windows Defender

[Shane Goodman]

Greetings,

Norton AntiVirus 2008 has been going crazy giving me "Unauthorized access
logged" alerts. Each one looks like this:

Event Details:
Actor: c:\Program Files\Windows Defender\msmpeng.exe (pid=1780)
Target: c:\Program Files\Norton AntiVirus\Navw32.exe
Action: Unauthorized access
Reaction: Unauthorized access stopped

The "Target" changes in each log message, but the "Actor" is always
msmpeng.exe.

Does Norton consider Windows Defender to be spyware? Or vice-versa?

Thanks,
Shane.

 

[Bill Sanderson]

This came up with some frequency during the beta of Windows Defender, but I
haven't noticed many such messages lately.

If you are clearly on the current version of Windows Defender (and I'd think
that any beta versions would be long expired)--then I don't have any
suggestions for fixing this except to either remove Windows Defender, or to
throttle back you alert settings in Norton so that these messages are simply
logged.

In Defender, in the Tools, Options dialogs, you can scroll down--look for a
large open box--and Add areas to be excluded from scanning--you could try
excluding the Norton areas that seem to be sensitive.

Norton does seem to be overly sensitive.

 

[Shane Goodman]

I will try excluding Norton from the location that is being scanned.

Thanks,
Shane.

 

[Shane Goodman]

If you are clearly on the current version of Windows Defender
I'm using Windows Defender Version: 1.1.1593.0

In Defender, in the Tools, Options dialogs, you can scroll down--look for
a large open box--and Add areas to be excluded from scanning--you could
try excluding the Norton areas that seem to be sensitive.

I'm excluding the following locations:
c:\Program Files\Common Files\Symantec Shared\
c:\Program Files\Norton AntiVirus\
c:\Program Files\Symantec\LiveUpdate\

However, I'm still getting Alerts from Norton AntiVirus. For example:
Event Details:
Actor: c:\Program Files\Windows Defender\msmpeng.exe (pid=1772)
Target: c:\Program Files\Common Files\Symantec Shared\cclgview.exe
Action: Unauthorized access
Reaction: Unauthorized access stopped

Is it possible that Windows Defender is still scanning the locations that
have been excluded?

Thanks,
Shane.

 

[Bill Sanderson]

I don't know what is happening.
You could try putting an eicar text file in one of the excluded areas--do a
google search on eicar if you don't know what that is. You will need to
turn off antivirus apps to work with the eicar text files, but they are
absolutely safe...

 

[Jean Rosenfeld]

In my experience, indicating the folders is not enough, you have to give the
full path to each file, including the file name.

I just clear the log in NAV from time to time.

 

[pauld]

Looks like same problem is happening with Norton 2009 also

 

[Bill Sanderson]

I would expect any current version of Norton to disable Windows Defender.
It should, of course, notify the user, and give them a choice, but the user
is not always the person who does the installation, etc, etc...


--