virus warning
colin-t
Posts: 13 [Apprentice Traveler]
trying to update map on GO 5000 download failed and norton issued a warning my doom virus code execution,
i now have no maps ar all?
i now have no maps ar all?
1
Map installation
colin-t
Posts: 13 [Apprentice Traveler]
Comments
Virus warning [Norton AV] after updating MyDrive Connect and trying to update device
- Uninstalled MyDrive Connect
- Reinstalled MyDrive Connect
- Trying again (Downloading map in progress)
Will tell you the result
Superuser
Is this a help.
https://discussions.tomtom.com/en/discussion/1034305/what-to-do-if-your-device-displays-no-maps-found/p1?new=1
Doug
I think the main problem is that norton detects an intrusion and interrupts the upload to the device:
plz see
26.02.2020 11:29:44,Infos,Statistische IPS-ErkennungsÜbertragung,Gesendet,Keine Aktion erforderlich,26.02.2020 11:29:45,Norton AntiVirus,Statistische IPS-ErkennungsÜbertragung,"Signature ID: 20401 <br>Local or Remote Attacker: 1 <br>Remote Port: 51307 <br>Local Port: 3129 <br>Protocol: 6 <br>Signature Set Version: 20200225.061 <br>Application Name: \DEVICE\HARDDISKVOLUME5\PROGRAM FILES (X86)\MYDRIVE CONNECT\TOMTOM MYDRIVE CONNECT.EXE <br>Offending URL: <br>Date Detected: Wed, 26 Feb 2020 10:29:44 GMT <br>Application File Checksum: 8A99F8876B39B782959736950DFFAFFA <br>Application File Information: 4.2.7.3966 <br>Network Data: 434D50520014000078DAEDC7410A40600084D1A1286BD7B1111B1B4EE51A166EE0867E7209F55E7D4DB3CED3D8A5CED2E655959A6F1FD796B4E5EDFD709C0100000000FEE40603340493 <br>Sub-signature ID: 65542 <br>Signature Properties: 4628 <br>Referer URL: <br>Application File SHA256: 7347F29B8CDFDB68BF4D317FF14852304CA78D1AA368BA69CACE8A30ADD40AC0 <br>Application File CreateTime: 0 <br>IPSSubmissionID: a948a862-ec8f-11ea-8d43-806e6f6e6963 <br>Application File Reputation: 63 <br>Application File Prevalence: 139 <br>Forwarded For: <br>Signature Response: 1 <br>Remote Address: 169.254.255.1 <br>Message Disposition: 3 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:Intel64 Family 6 Model 78 Stepping 3 <br>System:Windows 10 build 18362 <br>Platform-GUID:21195EB8-252A-4EDA-A388-D069ED54E9CC <br>Telem-ID:D5E27967-0494-41E5-9637-77A0FFF16092 <br>HWID:E2FA5ECB-8A74-14ED-E4F7-6EE533682CDE <br>Hostname-MD5:81DD7DA6A959DA1D14E8C491DF781C29 <br>DateSubmitted:Wed, 26 Feb 2020 10:29:44 GMT <br>Product:Norton Security 22.20.1.69"
I am trying to update the device with a fresh installation of MYDRIVE CONNECT.
We will see what happens...
OK, Norton still interrupts the upload.
I now try to delete the downloaded maps (as told in Doug's link).
But after that I have no idea any more.
I Will keep you updated.
Superuser
Sorry can't help you with Norton. I had problems with Norton years ago and have not gone near it since as a result.
Hope you fresh installation sorts it.
Doug
Superusers
@LouiXIV
Maybe... How to Exclude Files From Norton Antivirus Scans
https://www.lifewire.com/exclude-files-from-norton-antivirus-scans-153348
ATB YFM
Excluding Files from Scan (or better from Autoprotect) maybe avoid the problem.
But how can I be sure, the file is not infected and Norton only returns false positive results?
Loui
Superusers
@LouiXIV
Tomtom use an unusual Secure Network system for MyDrive Connect updates... I guess Norton thinks this looks suspicious....
ATB YFM
quite a while ago:
https://discussions.tomtom.com/en/discussion/1037011/tomtom-trucker-6000-europe-v10-10-map-update-problem
Tomtom doesn´t seem to have done anything about it, so the solution (quick & dirty) is to deactivate the firewall for the duration of the map update...
Superuser
@YamFazMan
In my own experience, it's usually the firewall that blocks MDC. But exclusion can also be done in the antivirus.
According to the Norton report posted, this is an IPS (Intrusion Prevention Scan Norton) alert related to the firewall.
@LouiXIV
For the alert message "My Doom" it's a false positive. All major antivirus/firewall software considers TomTom software to be safe.
Some firewalls block connections with TomTom secure servers, even the one built into Windows (Defender)
I would not advise you to deactivate your firewall, download a map can take a long time and your PC would be unprotected against the Web. It would be dangerous for your PC.
You can try to create a complete exception/exclusion for MyDrive Connect software in Norton Firewall, this file:
C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
This is what I have to do on my PC with my Kaspersky firewall otherwise the maps will not install on my TomTom device.
I don't know how Norton works but I have found this if it can help you. The links are in English but at the bottom left of the pages you can choose another language (German). To try:
Allow a blocked program in the Smart Firewall Norton:
https://support.norton.com/sp/en/uk/home/current/solutions/v6958602
and/or Add a program to Program Control Norton:
https://support.norton.com/sp/en/uk/home/current/solutions/v1028102
In addition, because our TomTom devices are considered as network adapters (removable) switch the TomTom device as a "Trusted Network". It should be named "TomTom" or "Remote NDIS Compatible Device". I would choose "Full Trust".
Change the trust level of your device:
https://support.norton.com/sp/en/uk/home/current/solutions/v9802264
Intrusion Prevention exclusion list:
https://support.norton.com/sp/en/uk/home/current/solutions/v37652136
I hope this will help you.
Regards.
I set up an exception for MyDrive in Scan and AutoProtect.
If I install a map on the device memory, this works without problems, but I have to install the map on the inserted SD card because the map is too large, then Norton blocks the upload again (after 10-12% have already been uploaded)
I have no explanation for this behavior.
Superusers
@LAURE123
I used to run Bitdefender Anti-virus and the Bitdefender firewall is a right royal Pain
I would set-up MyDrive Connect in the Bitdefender Whitelist... When I logged out MyDrive and logged back in... Bitdefender would arbitrarily decide to remove MyDrive Connect from the whitelist and block access through the firewall
Bitdefender Support even sent a custom fix to install but nothing worked for me, in the end I gave up on BitDefender....
ATB YFM
Maybe it was due to this new "Corolla-virus" that is spreading around the world.
Are you using your GPS in a Toyota Corolla? Maybe it got infected...
Michael
Corolla-virus
Superusers
@Joopie10
See this thread... Are you using Norton Anti-virus ???
Here... https://discussions.tomtom.com/en/discussion/1121495/virus-warning/p1
ATB YFM
Superuser
@YamFazMan
The MDC problem with firewalls is quite subtle and not always easy to work around. Often there is no alert message. These are not the installation files but the https activity. During the process there are several inbound and outbound connections at the same time. The most frustrating: the firewall authorizes the download on the PC but blocks the transfer on the TomTom device of course after the old file has been deleted.
It took me a while to find the right settings for Kaspersky, MDC and the TomTom device (network adapter). This is what I tried to transpose for Norton in my previous message but it's not obvious or simple.
@colin-t and @LouiXIV I hope your map installation has finally been successful. 🤞
Regards.
I have merged both topics into one, just to keep the discussion under one thread.
I will forward the reports to the team.
Regards
Vikram
The firewall's settings might require knowledge of ports used in MyDrive Connect. All the communication (inbound and outbound, local and remote) via the following TCP ports should be allowed.
The most important are:
80 Main communication port
443 HTTPS (required for logins, associations and all kind of encrypted contents)
3128, 3129 Internal communication ports
4000 The Web connector port of MyDrive Connect (to communicate with the browser)
Regards
Vikram
All of the other maps go on just fine but I'm struggling with Europe.
Port 6479 to
Dest 169.254.255.1 : 3129
Now to fiddle with the firewall but MyConnect is already set up as safe in Firewall and Anti Virus . so the answer in Norton doesn't seem straight forward
As for the SD card that became unrecognisable and had to be reformatted before it could be used again.
Security/Advanced/Network/Intrusion Prevention switch to off
Firewall and Anti Virus remain active but Maps Update OK
Superuser
See the following
https://discussions.tomtom.com/en/discussion/comment/1694890/#Comment_1694890
Doug
We have raised a ticket for this problem. Along with the community we have also seen a similar trend of contacts to our customer service.
I have added all the above cases to the ticket.
Thanks
Vikram
I am switching now to the german discussion board.
Did not know that this exists
There they noticed the same.:
https://discussions.tomtom.com/de/discussion/1121479/neue-kartenversion-10-45#latest
See you.