+ Reply to Thread
Results 1 to 3 of 3

Thread: Norton Detecting Rifterrorhander as injected process

  1. #1
    Soulwalker
    Join Date
    Jan 2011
    Posts
    2

    Default Norton Detecting Rifterrorhander as injected process

    Since the update today Symantic's Norton 360 started detecting the rifterrorhandler.exe as process injector.

    It looks to me like 00048B98 may be the cause of Norton to start inspecting the file.

    If you need assistance with debugging or fuzzing contact me through my email.

  2. #2
    Shadowlander
    Join Date
    Feb 2011
    Posts
    31

    Default

    I have been getting this as well. Norton quarantined rifterrorhandler.exe. Is it needed?

    ./Whysper

  3. #3
    Soulwalker
    Join Date
    Mar 2011
    Posts
    8

    Default

    Quote Originally Posted by Whysper View Post
    I have been getting this as well. Norton quarantined rifterrorhandler.exe. Is it needed?

    ./Whysper

    Naturally, weigh all advice received on the internet against your own research and best judgement.

    That said: I'm fairly positive you're okay to tell norton et al to ignore rift related alerts. I would keep an eye on it and undo it whenever Trion et al get it worked out, but thats me & paranoia, YMMV.

    Basically, I haven't noted the error handler warning, but I'm not running AV on this box outside of the standard windows defender. However, the patching process triggered windows defender a few days ago during patching and I just told it to ignore it. The gist of it is that when doing heuristics based virus detection, there are actions a program can take that are entirely legitimate but that look a lot like something a virus would commonly do-- like copying itself to everyone in your address book, patching the applications entry point, **creating a remote thread in another process during a fatal/unrecoverable error as part of the exception handling (id est rifterrorhandler.exe)**, being downloaded from the internet and then copying itself into an existing application (id est the files related to patching), et cetera.


    This is sorta what you can expect from a new application/game. It actually used to happen a lot, it's just a distant memory now-- if you google like +'anti-virus' +'self-extracting zip' you'll surely find tons of hits for false positives from all sorts of anti-virus.

    This used to happen a lot more, you just don't remember it ;] If you go wayback, it was really common with self-extracting zip files

+ Reply to Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts