Norton issues

[ebr 16184]

As has been pointed out by others, the control of this issue lies mostly with Norton as they are the ones who decide what they will and will not identify as a threat.  Due to the nature of what Emby does, it has a much larger chance of being falsely identified than probably any other piece of software you use and Norton does have a long history of triggering lots of false positives with lots of software (not just us but we do seem to get hit a lot).

 

That all being said, there are two things we can do that should nullify this situation:

 

1) Try to talk to Norton and get them to quit identifying us as a threat. Luke has already started this process but, I suspect, it will only have limited effect.  I mean, if the maker of a product tells them "hey really, we're okay, let us through" they would be stupid to do it as that's all anyone would have to do to get their virus-infected product out there.  So, instead, what we need is for all of you Norton users to report to them that we are okay.  If enough users say its okay then they will listen.

 

2) We should have a system here running Norton so we can test this with each release.  We should have done this before now.  Our bad.  We will do this in the future.

 

After further thought, it appears option 1 is really all we can do.  We could set up a system running Norton but all that will tell us is if it will re-identify us as a threat and, it appears, we can pretty much assume that it will just about every time.

 

Us knowing this won't help you folks that run into the issue as you would still need to run the update, let Norton identify the threat, and then grant the exception.

 

So, we really need All Norton users to report us as safe.

[Deathsquirrel 745]

Assuming he's "US" Army then he is eligible for a free copy of Symantec Endpoint which is the commercial business version which is actually not bad in my opinion

 

The business version is an entirely different beast yeah.  If that's what he's running it's likely a heuristic engine error and it's very possible that the calls to Symantec will produce some results but only if he calls them through their platinum support contract.  I don't know what kind of attention a developer relations-type call will produce.

[plazma 13]

Just to harp in late, working with software that is either obscure (unlike emby) or when exe/dll/etc files get updated frequently this sort of thing is common place.

 

As other users suggested excluding the emby dir will help (assuming it doesn't upack to temp during the update).

 

The other av issue can be (and I know is the case with endpoint and Norton), they use a community based scoring system for unknown files (this can also be adjusted).

 

With no adjustment to Norton you will likely find if you set for release instead of beta and turn off auto update (manually updating behind everyone else) that Norton will know, recognise and have a registered good score for the file by the time you get there.

 

Personally if I was you I wouldn't run emby on a live system, I would host the data on what ever nas/server and run emby inside a virtual machine.

 

This way, you could run with more simple av for the vm (microsft av for example) and more importantly have the use of a snapshot system. this way you get it all working great, but if emby does have an issue for any reason all a user would need to do was restore the snapshot. it could even be made as simple as giving them an icon (which runs a script, forces the vm offline, blows the last good snapshot back and then brings it back online).

 

With morden chips running a vm is very very close to real speed depending on your hardware, all your really losing is maybe 2gb of extra ram to run the dedicated emby vm. Ram Is cheap at the mo, so this is the way I would go, hell you could remap the power button on the case to your script (use flock or a lock file so no double runs). user cant connect to emby  walks to the physical server (hosting the vm), taps power button, script runs and a few minutes later and its all back to a working state.

 

:-) hope it helps ya, if you need any help setting up feel free to drop me a message.