Norton 360

[mbell]

Norton keeps removing Coutal. Says it's a bad fiole

[virtuali]

Norton is clearly defective, and Symantec even confirmed they have white-listed the current version of Couatl.exe in the last email we got after we reported a False positive for what is probably the 10th time. They always reply like this, and I really don't know what else we can do, other than suggesting users to switch to a reliable antivirus.

As explained, many times already on the forum, when your antivirus is bugged, you must:

- Download and install with the antivirus turned entirely OFF

- Before running the antivirus, configure it to exclude the following files from scanning:

FSX\fsdreamteam\couatl\Couatl.exe
FSX\bglmanx.dll

[mebe]

Not shure, this is the right place to ask, but with the addon Manager not working all my Airports and GSX are in Trouble.

Starting my FSX yesterday I got the message, that there was a conflict with a file of the addon manager and that I should delete the file/program. What I unfortunatelley did.

I then started the download (version 024) and got the Norton 360 message.

Deleted what was downloaded again and repeated it with anti virus and firewall inactive.

Installation Ok, when I started the FSX I was asked if I accept the software as I was used it from previous installations.

After the insatllation there were no icons on the desktop, in the FSX Task bar the addon Manager is not indicated, GSX not reacting/working. If I try to start the addon manager from the .exe, there is no reaction at all.

I am a little confused, what went wrong and what shallI do to get it running again ?

Do I have to install GSX again (and probably all my airports) ?

[virtuali]

I am a little confused, what went wrong and what shallI do to get it running again ?

- Download and install with the antivirus turned entirely OFF

- Before running the antivirus, configure it to exclude the following files from scanning:

FSX\fsdreamteam\couatl\Couatl.exe
FSX\bglmanx.dll

If you don't do both steps, nothing will work.

[mebe]

Hi,

just did like you suggested. Norton accepted, during download and install. I had deinstalled the Addon Manager before, excluded the two files.

When installing everything worked well, I accepted the two questions when starting the FSX.

But no result. Addon Manager does not Show up in the FSX Task bar, nor on the Desktop, nor can be started via the cuatl.exxe .

GSX not reacting at all, Airports (only two checked) no buildings, just jetways.

Sorry.

Regards Bernd

[virtuali]

But no result. Addon Manager does not Show up in the FSX Task bar, nor on the Desktop, nor can be started via the cuatl.exxe .

It's possible the antivirus is still blocking it. It's not the first time we heard reports of an antivirus still blocking files even if they are explicitly excluded. Have you tried doing it again with the antivirus entirely disabled ?

If that still doesn't work, perhaps you have two problems at once, in addition to the bugged antivirus, you might have a problem with your VC++ libraries missing/corrupted, so the modules try to be loaded, but they can't find the required .DLLs in your system.

You can activate the Simconnect diagnostic mode to see what's wrong with your system. Open notepad, and copy the following text:


[SimConnect]
level=errors
console=1
RedirectStdOutToConsole=1
OutputDebugString=1
; file=c:\simconnect%03u.log
; file_next_index=0
; file_max_index=9


Save the file as SIMCONNECT.INI in this folder:

Documents And Settings\YOUR LOGIN NAME\Documents\Flight Simulator X files

At the next launch of the sim, you should see a text window with diagnostic message, that should tell what's going wrong. Let me know what you are getting, so we can have an idea what's happening. Only the first 15-20 lines are important. If the scrolling goes too fast, try again and use the "Pause" key on the keyboard to read the first lines of the screen.

[mebe]

Thks, I will try it over the weekend.

Is it may be the problem, that I uninstalled the Addon Manager completely via the Windows system uninstaller?

I was asked a bunch of questions/warnings, and just installing the 024 is not enough ?

Shall I try to install an airport (KIAH again, in order to repair missing links and open it for the rest ? I am not the big software expert, just as an idea ?

I am not on my FSX PC, but I remember that there were other bglmanx beside the .dll but obviously also related to your software. Probably they should also be excluded in Norton 360 ?

Best regards
Bernd   

[virtuali]

Shall I try to install an airport (KIAH again, in order to repair missing links and open it for the rest ? I am not the big software expert, just as an idea ?

Yes, the installer for the scenery includes everything needed for it to work. If you have uninstalled the Addon Manager entirely, and you had GSX, you will have to reinstall GSX too.

I am not on my FSX PC, but I remember that there were other bglmanx beside the .dll but obviously also related to your software. Probably they should also be excluded in Norton 360 ?

No, just the executables ( .DLL and .EXE ) need to be excluded.

[mebe]

SimConnect Diagnostic Output:

0.00000 SimConnect Version 10.0.61259.0

Thats all.


I will now download and reinstall GSX. Will see, what happens.

Best regards
Bernd

[mebe]

Just downloaded GSX again without turning off Norton 360.

Norton reported the .exe as save.

After the Installation Norton Report:

cuatel_updater.exe Blocked because including (SAPE.Heur.54ba).

Is  it a threat ?

[Dave_YVR]

 No it's not a threat....  Top of the post in Umberto's first reply..    "Download and install with the antivirus turned entirely OFF"

[mebe]

Ok, turning off the Anti Virus completely during installation, may solv  the problem, but  SAPE.Heur.54ba will be on my computer then.

And as far as I understand,  it is a heuristic behavior detection. So the question remains, what the hell is it good for ?

Or in other words, what is the Installer doing with it ? 

And it is not only Norton who are warning to accept this kind of virus.

... once it is executed has the capability of replicating itself and infect other files and programs. These type of malware, called Viruses, can steal hard disk space and memory that slows down or completely halts your PC. It can also corrupt or delete data, erase your hard drive, steal personal information ....

So what is the purpose in this case ?

If Norton is wrong it should not be difficult to clearly explain the need to have it in order to run FSdreamteam software ?

I am a bit concerned, hope this could be understood.

Kind regards
Bernd

[Dave_YVR]

 Look up "false positive" in the forums..

[virtuali]

Ok, turning off the Anti Virus completely during installation, may solv  the problem, but  SAPE.Heur.54ba will be on my computer then.

You are assuming that, *because* Norton said there is a virus in that file, it's true. That the main issue: it's a Norton BUG, there's no virus anywhere inside any of our files.

And as far as I understand,  it is a heuristic behavior detection. So the question remains, what the hell is it good for ?

You mean what heuristic behavior detection is good for ? Nothing. Is advertised to be a feature that enables the antivirus to detect new virus before they are catalogued. In practice, it only increase the chance of false positive.

Or in other words, what is the Installer doing with it ?  

Nothing, of course, it's a Norton bug.

And it is not only Norton who are warning to accept this kind of virus.

That's not the case.

Here's the report by virustotal.com on Couatl_Updater.exe file, NO antivirus detects it as a threat:
https://www.virustotal.com/en/file/8d1e2804908945d83a9b2e8c3f13dbc27df9d7a74168f0f566d8fc45cf39035a/analysis/

Here's the report by virustotal.com on Couatl.exe itself, 4 antivirus out of 55 are getting a false positive but, surprisingly, Symantec is NOT one of them:
https://www.virustotal.com/it/file/7322493831eb6ba32a6b8c16452b967b1c089ba2ffe7b2f69602c832cced9e2d/analysis/1418563556/

... once it is executed has the capability of replicating itself and infect other files and programs. These type of malware, called Viruses, can steal hard disk space and memory that slows down or completely halts your PC. It can also corrupt or delete data, erase your hard drive, steal personal information ....

If that virus was present, then yes.

If Norton is wrong it should not be difficult to clearly explain the need to have it in order to run FSdreamteam software ?

Of course it's wrong. An no, it's not "easy" to clearly explain to them to fix their bug, BECAUSE the perverse methodology the heuristic search works.

We contacted Symantec MANY times, sending samples of our files many times. Their reply is always the same, following these steps:

1) First, they deny their product detects that file as a threat. In fact, as you can see from virustotal.com, both files, taken independently, are NOT detected as threats by Symantec products.

2) We reply back with an explanation, that our Live Update system *downloads* that file, and all our installers downloads it too, and the way their bugged heuristic works, is they flag ANOTHER program to possibly be a threat, just because it *downloads* something that once WAS flagged as a threat.

3) They understand, and they reply they'll whitelist the program on their next Live Update.

This usually fix the issue temporarily, but after a while, they come up with a new update, that find a new kind of threat, always heuristically of course, because there's NOTHING wrong in the files.

The real reason is that, BECAUSE our programs are heavily encrypted in a way that nobody can peek inside them. Surely not an automatic antivirus program can figure it out what's inside. This protects us AND users as well: would you trust a product that allows you to buy directly in the sim typing your personal details including credit card info, if it WASN'T protected against tampering ?

So, BECAUSE Norton can't see what's inside the file, it assumes it "must" be a virus, based on behavioral patters: it protects itself against tampering. It downloads something. Then it MIGHT be a threat, because this is what trojan horses usually do.

That's HEURISTICS at work: they don't have the faintest idea what's inside a program, but since it appears to do things that sometimes trojans do, it might be one.

The issue is, since each and every of our installers downloads the Couatl.exe and the Couatl_updater.exe files, ALL of them might be heuristically detected as threats, so we should probably send several GBs of samples to Symantec EACH time we update something, which is really too time consuming, when it's clear their own fault.

The only sensible option for user is either:

1) Stop trusting Norton so blindly, and just exclude the files from scanning.

OR

2) Use a more reliable antivirus, one that doesn't require any configuration to begin with. Like the free and always updated one from Microsoft, for example.

[mebe]

Thank you for your answer.
I understand, that this is annoying and your answer should be pint (if not allready ? At least I did not see it, before finding this thread).

Up to now I did not have the opportunity to reinstall.

I am using Norton 360 in a bündle provided by my internet provider t-online and I will mail them also and send your reply.
Perhaps it helps.

Best regards
Bernd