“HTTP Acrobat PDF Suspicious File Download” – False Positives?
December 10, 2008 | 10:02 amNote: There is now a potential solution for this – see the bottom of the post.
Today when browsing the web, I started to get notifications from Norton Antivirus telling me a malicious worm was blocked. I get these occasionally, so thought nothing of it the first time, but they kept coming up, and I realised I was only browsing sites I trusted (eBay, Wikipedia etc). I clicked on “More Details” to look at what was going on.
The Risk being reported (and blocked) was “HTTP Acrobat PDF Suspicious File Download“. The sites supposedly making this intrusions attempt include:
- eBay (My Ebay)
- Wikipedia (Only when I’m logged in – I have Popups installed on my profile)
- My WordPress “Write Post” page (I had to disable the antivirus to let me write this!)
Symantec blocks the Javascript which makes certain things not function correctly (the Popups on Wikipedia, the WYSIWYG editor on WordPress).
I can fairly confidently say that these three sites aren’t trying to attack my computer! I think Symantec need to adjust their definitions pretty urgently – I can’t be the only one getting these false Positives!
[Update]: I’ve found it also affects Google Maps!
[Update 2]: This seems to affecting loads of sites, and this post is getting hundreds of hits no it’s appearing on Google. Scott Clark has posted a screenshot of the problem on Flickr.
[Update 3]: JasonC has posted a possible solution. I have a slightly different version of NAV, and this is how I fixed it:
- Opened Norton Antivirus (double clicked on the icon in the system tray)
- Clicked “Settings” on the internet section
- Clicked “Configure [+]” next to “Intrusion Exclusions”
- Scrolled down to “HTTP Acrobat PDF Suspicious File Download”, and unchecked it
- Clicked “OK” on all open screens.
Note, this may leave you open to this particular worm, do so at your own risk. (See update below – this shouldn’t be required any more)
[Update 4]: Symantec claim to be working on a fix for this.
[Update 5 (2008-12-11)]: This now apears to be fixed in the latest Live Update. If you have applied the fix suggested above, I suggest you undo this (after running Live Update) to ensure your computer is fully protected.