[老佳前线]诺顿2010线产品已经能够查杀中华黑豹{已开贴}

jiayan72392

从铁壳区最近的帖子看来，大家都很关注诺顿安全产品是否能够查杀“中华黑豹”，不少朋友们对铁壳的处理速度表示失望。前几天本人从样本区下载了中华黑豹病毒实例（链接：http://bbs.kafan.cn/forum.php?mod=viewthread&tid=703703&highlight=%D6%D0%BB%AA%BA%DA%B1%AA），运行扫描。结果也确实令人失望，诺顿没有检测到任何威胁。根据部分网友的要求，本人讲该样本上报给了铁壳官方。以下是铁壳的确认函：

Jia Yan

This message is an automatically generated reply -- do not reply to this message.

This system is designed to analyze and process suspicious file submissions into Symantec Security Response and cannot accept correspondence or inquiries.

Your submission (Tracking #15721656) has been received and is being processed. Please reference this tracking number in any future correspondence.

---------------------------------------------------------------------------

This message was generated by Symantec Security Response automation.

Should you have any questions about your submission, please contact our regional technical support from the Symantec Web site, and give them the tracking number included in this message.

Symantec Technical Support

http://www.symantec.com/techsupp/

jiayan72392

很快，仅隔了数小时，本人再次收到铁壳的处理结果：

ia Yan

This message is an automatically generated reply -- do not reply to this message.

This system is designed to analyze and process suspicious file submissions into Symantec Security Response and cannot accept correspondence or inquiries.

---------------------------------------------------------------------------

Submission Summary

---------------------------------------------------------------------------

We have processed your submission (Tracking #15721656). The following is a report of our findings for the files in your submission:

File:
DC.exe

Machine: Machine

Determination: Please see the developer notes.

---------------------------------------------------------------------------

Customer Notes

---------------------------------------------------------------------------

(Unspecified)

---------------------------------------------------------------------------

Developer Notes

---------------------------------------------------------------------------

DC.exe is corrupted. Please delete, or restore from backup.

---------------------------------------------------------------------------

This message was generated by Symantec Security Response automation.

Should you have any questions about your submission, please contact our regional technical support from the Symantec Web site, and give them the tracking number included in this message.

Symantec Technical Support

http://www.symantec.com/techsupp/

该工程师大致的意思就是：DC.exe 已经损坏，请从备份区还原或删除该文件。

收到此回复后，本人表示欣慰，难得铁壳的处理速度会那么快。可是当本人更新了最新病毒特征码后，依然没有检测出。继续失望。

jiayan72392

今天上午，和往常一样，开机的时候总是手动运行liveupdate，在更新完毕后，再次拿出样本，扫描结果令人惊喜。请看：



这是样本原件，以rar格式压缩。


右键单击该文件，启用N360 4.0右键扫描。


结果令人十分满意，威胁被N360 4.0处理。


这是扫描后的历史记录。


文件分析记录。

从中可以得出，该威胁已经被赛门铁克入库。

jiayan72392

赛门铁克一直被很多朋友认为入库速度慢，不过从这次的表现看来，还算比较令人满意。这里本人还是希望今后朋友们能够正确对待被杀毒软件miss掉的样本。与其抱怨杀毒产品的时候，不如将样本上报给厂商。从而使厂商能够尽快分析样本以采取措施。

这里给出诺顿的上报链接：

病毒样本上报：
https://submit.symantec.com/websubmit/retail.cgi

误报上报：
https://submit.symantec.com/dispute/false_positive/

希望大家以后有文件被漏报或者误报的时候能够尽快联系官方，让官方尽快采取措施。

（完）

jiayan72392

本帖已开启

sli

不用诺顿的路过下

chiangkinghu

老佳辛苦，对于铁壳的反应速度甚感欣慰！

ctr54188

正在下NIS2011

和这个有啥区别？

jiayan72392

回复 8# ctr54188 的帖子

nis2011测试版不推荐使用，因为铁壳有官方声明，测试版病毒库更新频率很低，无法获得最大化防护
   

ming9888

这个样本我很早就上报过，诺顿一般对不是流行的病毒处理起来要慢些，如果是重大流行的病毒处理速度就会迅速一些。