JavaScript Packed File False Positive by Norton Internet Security 2009

by Ric Galit on December 11, 2008

Norton Internet Security 2009 is incorrectly identifying JavaScript files that were minified or packed to make the file size smaller (or to obfuscate the code) as an attack to your computer. You’ll get a warning from Norton whenever you visit a website that has minified/packed JavaScript files. Prototype, jQuery, TinyMCE, these are examples of popular JavaScript files that are being incorrectly identified by NIS 2009 as a web attack.

Take a look at the screenshot below and you’ll see that even liveupdate.symantecliveupdate.com as the source of the attacking computer. The risk name reported was “HTTP Acrobat PDF Suspicious File Download”.

NIS 2009 JavaScript False Positive (click to enlarge)

NIS 2009 JavaScript False Positive (click to enlarge)

While writing this post I got several warning from NIS2009 because WordPress is using TinyMCE in its editor.

NIS2009 Popup Warning while writing this post.

NIS2009 Popup Warning while writing this post.

I’m not adivising to disable or create an exemption to this rule as I might forget to enable it again and make my system vulnerable to genuine attacks. For now it is best to wait for Norton to sort this out through their Pulse Update.

{ 3 comments }

1 Johan de Jong 12.11.08 at 4:49 pm

I’m glad I’m not the only one with this problem, except that I also get the problem with the source file of TinyMCE (tiny_mce_src.js)
The biggest problem I’m facing is that I can’t explain clients to disable their firewall, just to use the scripts. But at the same time they are complaining that it ain’t working :S

2 Ric Galit 12.11.08 at 5:29 pm

Johan

It has subsided already. Norton is no longer giving me the web attack warning and the Advanced TinyMCE plugin is already working in WordPress. You might want to advice your clients to force the “Run LiveUpdate” instead of waiting for the “Pulse Update” to kick in.

3 Accident Lawyer 09.16.10 at 6:29 am

I’m glad I’m not the only one with this problem, except that I also get the problem with the source file of TinyMCE (tiny_mce_src.js)The biggest problem I’m facing is that I can’t explain clients to disable their firewall, just to use the scripts. But at the same time they are complaining that it ain’t working :S
+1

Comments on this entry are closed.