Bugzilla – Bug 5331
Jive connexions to slim.exe detected as "worm" by Norton AV after reinstalling SlimServer 7.0
Last modified: 2007-08-29 00:43:29 UTC
I have noticed that each time after installing a new version of SlimServer 7.0(nightly build) my Norton Antivirus asks me to re-authorized slim.exe (my Jive remote being detected as a worm intrusion trying to access slim.exe) Usually Norton would only ask you once to authorize a suspicious intrusion.. then create the rule for you and off you go. But in this very case, as the slim.exe file has already been authorized (because of previous installation) but obviously has a different version id, there is some kind of conflicts and Norton do not create or overwrite the rule for you. In order to stop it, here is what you have to do: - Open your Norton Antivirus application - Go in Options tab - Choose the Internet worm protection option (guessed translation from a French Norton) - Click on Programs control button - Scroll down to slim.exe and select it - Press Delete button - Press OK button and close the antivirus interface A few seconds later, Norton should prompt you once again to authorize the connection to slim.exe. Select "Authorize" from drop down list and press OK to close the window. Hope this helps.
Created attachment 2123 [details] Norton Programs Control window
Created attachment 2124 [details] Norton Pop Up window
That's normal behaviour for this kind of protection: Norton notices that the authorized binary file (slim.exe) has been replaced by a new one. It therefore is asking you again. Otherwise worms and the like would simply install itself as eg. iexplore.exe or attach themselfs to that file, as it's been authorized to access the internet. It's a feature, not a bug.