Announcement

**skinnybloke** · 11-Jul-2005, 09:19 AM

mmmm just found this on a website...

Forum website

Update: The problem appears to lie in the following HTML, specifically in the section of the URL after the question mark:

<a title="HarderFaster.net / Forums - CyberKitten & Fidget Records @ BBtB 05/03/05 - What a Night!!!" href="http://www.harderfaster.net/?section=forums&action=showthread&forumid =3&threadid=96072" target="_blank">

If you remove the part of the URl after the question mark (as I have done now) then the problem disappears.

Update2: It appears of you have a URL with the &action=showthread within your webpage it will trigger a false positive response from Norton Internet Security.

I believe that Actinic uses these kind of links.

Comments from someone at Actinic would be appreciated.

Regards
David

**magicalwonders** · 11-Jul-2005, 10:22 AM

Dave,

I had the same problem manifest itself during this thread.

http://community.actinic.com/showthread.php?t=14649

I submitted the problem to Actinic support, but then decided to start building my store again, so cancelled the ticket thinking it was something I'd done!

The support team were going to investigate up until that point, so sounds like it's one for them.

Myles

**retekdirect** · 11-Jul-2005, 10:39 AM

We've had complaints about this too. Only seems to affect users who are running Norton Internet Security and click on links similar to those in David's quote box above.

As i understand it, it's to do with the redirected links Actinic uses, and NIS flagging it up as a false positive (it wrongly thinks the link is dodgy).

It's scaring customers off. A comment from the devs would be more than welcome.

Ryan

**skinnybloke** · 11-Jul-2005, 12:59 PM

The posts I have read seem to indicate these problems started in June with the finger being pointed at Norton - I've read that it even affects sites like the MSN picture groups.

I have opened an incident with Norton and I am waiting for a reply.

**skinnybloke** · 12-Jul-2005, 03:16 PM

I have had this reply from Symantec which shows that the teccy person did not read the fault report that I submitted (pull my bl**dy hair out!!!)

Thank you for contacting Symantec Online Technical Support.

I understand from your message that your customer has encountered the intrusion attempt alert for the signature "HTTP Netscape Cookie Monster". And also it is happening with MSN picture group.

I apologize for the inconvenience this may have caused.

David, note that when Intrusion Detection detects an attack signature, it displays a Security Alert on your computer.

So I suggest that you disable the alert message for the above mentioned signature, then please follow the steps mentioned below:

1. Open Norton Internet Security.
2. Click Intrusion Detection.
3. Click Configure.
4. Click Advanced.
5. Scroll down until you find the signature "HTTP Netscape Cookie Monster".
6. Select the signature and click on "Properties" button.
7. Uncheck the "Alert me when this signature is detected" and click on OK.
8. Click Ok.
9. Close NIS.

Please note that disabling this option will prevent alerts from being displayed, but NIS will continue to block any intrusion attempts. You can view the data about alerts in the log files. Please follow these steps to view the log files.

1. Open NIS.
2. Click Statistics.
3. Click View logs.
4. Click Alerts to view the logged alerts data.

To determine who is attacking your computer, please refer to the Symantec Knowledge Base document by clicking the link provided below:

Title: 'How to determine who is attacking your computer'
Document ID: 2002012417472936
> Web URL:
http://service1.symantec.com/Support...rc=con_ols_nam

Also note that many updates and changes to our products and services are due to customer feedback.

Should you wish to provide additional comments regarding any Symantec product or service, you may post your message at the following URL:

> Web URL: http://www.symantec.com/feedback/

Our feedback database is reviewed by management directly, and provides a form for our customers to send feedback regarding enhancements to any Symantec product or service.

If you have further concerns or queries, please revert.

I have written back re-explaining what the problem is.

I am also disappointed that no-one from Actinic has yet commented on this.

**retekdirect** · 12-Jul-2005, 03:35 PM

Gah, monkeys. So it'll still block the "attacks". How very handy.

Keep us updated buddy.

**skinnybloke** · 14-Jul-2005, 07:32 AM

what !!!! Does anybody understand what this Symantec guy is saying in his latest reply? Has he not read my report that this is happening with Internet explorer.

Welcome back to Symantec Online Technical Support.

I understand your concern regarding this issue.

Please accept our apologies for the difficulty caused.

For more information on the alert that your customer is receiving, please visit the web site linked below:

http://securityresponse.symantec.com...gs/s20506.html

As a work around, I suggest that you inform your customer to disable the option to disable the alert for "HTTP Netscape Cookie Monster" signature and download the update or add a note on your web site to disable the alert.

Symantec will release the updates regularly for Intrusion signature updates and other updates for the Symantec products.

Note: I also suggest that you look for the alternate way for the web site link on your web site. For assistance, contact a good web developer.

...and still no word from Actinic on this subject. Are they all on holiday or is this a subject that they are very concerned about and keeping quiet?

**retekdirect** · 14-Jul-2005, 07:52 AM

Whut? We can't tell our customers to disable a security check!

1. They (Symantec) should be doing the donkey work, not their users
2. What's to stop people who are running dodgy sites to ask people to do the same / expliot users who have already turned it off?

And it is, indeed, not restricted to Navigator as they claim. Two parties have tested it - both running IE, probably v6.

It'd be nice to hear from other Actinic users who are having this problem, or have had it reported to them. (That is, if any customers have reported it, and not run off never to return). It'd be even nicer to hear from Actinic.

**Bruce** · 14-Jul-2005, 11:02 AM

Hi There,

Thought you might be interested in the latest release from Norton..

NIS 2004 update but did not show any increase in version or revision
number however NIS 2005 now shows:-

Intrusion Detection Signature File Version: 08/07/2005 Rev. 15.
Intrusion Detection Engine Version: 2.0.0.50609.

Previous faulty revision was Rev. 11.

This sort of an error occured with IE sites too once the v11 was released on the 20th of June. See this thread.

Kind regards,

**skinnybloke** · 14-Jul-2005, 11:16 AM

Hi Bruce - are you saying that Sysmantec have sorted this out and it is no longer a problem?

David

**retekdirect** · 14-Jul-2005, 11:57 AM

Thanks Bruce,

Will advising NIS users to run LiveUpdate sort this then? Or will it require a manual update of the Intrusion Detection signatures and/or engine?

**Bruce** · 14-Jul-2005, 12:53 PM

Hi There,

Symantec have given no indication as to what the latest update has changed
however we have noticed that 2 sites which triggered the alarm are not
doing so now.

If a site is having this issue I would suggest you check the NIS version and if prior to the latest version, run Liveupdate and then see if the problem is resolved.

Kind regards,

**skinnybloke** · 14-Jul-2005, 01:17 PM

Thanks for that Bruce.

Regards
David

**retekdirect** · 14-Jul-2005, 01:51 PM

Cheers

I'll see if I can get some testing done and see if this sorts it.

Ryan

Announcement

* Help * Netscape Cookie Monster problem

* Help * Netscape Cookie Monster problem

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment