Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: desgnr on April 18, 2012, 04:04:10 PM
-
I keep having this message popping up about a program NMIndexStoreSvr.exe.
I cant find it on my PC & can't get the boxes from popping up.
-
do you have Nero installed ?
http://www.processlibrary.com/directory/files/nmindexstoresvr/27299/
-
I had Nero 7 but removed it awhile ago
-
as you see from the link i posted above, this comes with Nero and belongs to Nero Scout
is this a separat program you need to remove ?
-
Yes Nero Scout is still there,i can't remove it .
Do you know any way to remove it ?
-
Your not the only one. and it's JUST not NERO.
I have over 300 computers in the company i work for that i monitor and own AVAST licenses for.. and id say about 100 of them this morning gave those pop ups for internal use programs we've been using for years.
There must of been some update or something that caused this crap to happen. My helpdesk support line has NEVER been so flooded with calls before. This "popup" warning messages are to the point where we might uninstall and not use the product anymore. Something was changed / done or updated that caused this problem and it's making all our USERS "panic" thinking they've done something wrong and that there is or could be a virus on their machine.
Would someone at AVAST confirm or at least give us a status update as to what is going on and what is happening?
-
Google usually know stuff ;)
http://www.google.co.uk/search?hl=en&q=how+to+remove+nero+scout&meta=&rlz=1I7SUNC_no
-
in the sanbox pop up there is a dropp down menu....
where you can use "run as normal" for programs you trust
-
in the sanbox pop up there is a dropp down menu....
where you can use "run as normal" for programs you trust
Yes and i've been doing that.. the point is.. it just randomly happened to 100+ computers for no reason? We've been using these programs for years with avast and for some odd reason today it needs to ask for permission or want to know if i "trust them?" pfft
I will say tho that I've been using AVAST for a long time now and I will say that it's one of the BEST Anti-Virus programs out there and i'm happy to use it. Other then this "situation" which has cause me frustration all morning lol.
-
well, cant help you there...
maybe someone from avast will comment here
if not you find contact info here http://www.avast.com/en-eu/contacts
-
thank you, I'm hoping they can reply or out put out a announcement today rather then 1 on 1 ing with them.
-
@ Loominal
The autosandbox process is controlled in the first instance by the file system shield (FSS), the suspect.exe file is scanned before it is allowed to run. If it were infected, it could/should be detected by the FSS, so one reasonable thing in its favour is it hasn't had a definitive detection.
However, the FSS/AutoSandbox checks other things amongst those a) is the file digitally signed, b) its location and what it does (this is done in the emulation check). these can trigger a suspicion and it is this suspicion that results in the recommendation to use the autosandbox.
Now the user can accept this decision and run it in the autosandbox or have it run normally and to Remember the answer for this program. Provided of course you are familiar with the program and that it is clean and of course that you intentionally initiated the program.
If you check the attached image (click to expand), you will see the sort of thing that the autosandbox is checking for. Now some of those things can be adjusted as a result of updates to the generic/heuristic signatures, which could explain the reason for old programs subsequently being pinged. I also believe that the behavior shield information on that file may also be used by the autosandbox to arrive at the decision to allow or 'recommend' and it is just a recommendation, to run it in the sandbox.
So there is a problem with a shield/tool that is essentially trying to detect unknown/zero day malware and the balance between being too aggressive or too relaxed to be effective in detecting these unknown/zero day items.
Also see - AutoSandbox – why are you annoying me? https://blog.avast.com/2012/03/20/autosandbox-why-are-you-annoying-me/ (https://blog.avast.com/2012/03/20/autosandbox-why-are-you-annoying-me/)
-
Thank you David. I'll make adjustments as needed. I'd be willing to bet these were adjusted. Luckily i have a few pc's that aren't on the active network and still have a older version from about a month ago i can compare the settings with. I'll do that now. thank you!
-
You're welcome.
I had some issues with MS Word (winword.exe) from my very old version of MS Office 97 Business edition. In those days files weren't digitally signed. I too had to add an exclusion for it.
The key thing to remember is that it isn't a case iron indication of infection or the FSS would have alerted in the normal way. It is just adding another level of protection/checking to try and combat what could otherwise be an undated piece of malware.
So where the recommendation is to run it sandboxed on an existing old program, which has otherwise been unmolested, it is most likely to be OK, that however can't be 100% certain.