Learn what to do with repeated Norton detections

With Norton solutions, we strive to bring industry-leading, valuable and relevant security to help protect your devices and personal information. We’ve updated our technology architecture to provide a better Cyber Safety experience.

The new Norton app uses advanced scanning methods to help keep your digital life secure. We’ve made it easier to use your Norton app and created the new experience with your needs at the core. With the new design, we have added more robust features and capabilities, ensuring you stay safer in an increasingly complex digital environment. Learn more about the new Norton 360 app.

Why do I see the detections?

The fact you see the detection means that your Norton app is doing its job - we are protecting you.

In the latest version of Norton device security app, we've added some new advanced features that help protect you from threats. The newer app is more robust than the old one and hence you may see some additional detections.

Safe Web with HTTPS scanning, Uncommon application scanning, QUIC/HTTP3 scanning, Web socket protocol scanning, and DNS/DoH scanning

Works to help block scam websites and prevent malware from making its way on to your PC as you browse the Internet. Also protecting against botnets.
Remote Access Protection with RDP protection, File and printer sharing (Samba) protection, and with blocking of Brute-force attacks, Malicious IP addresses, and Remote Desktop exploits.

Helps prevent attackers from using the Windows Remote Desktop feature to gain unauthorized access to your computer.
Email Protection checks emails that you send and receive in dedicated email apps for potentially dangerous attachments, and works to block them.
Blocking vulnerable kernel drivers blocks exploitable drivers from loading into OS kernel memory, protecting your PC from malware.

What does this mean to me? Is my device hacked or infected?

Seeing a detection dialog means that your Norton app successfully prevented a potentially harmful action on the device. This action could have been a website visit, a file being run, or another process on your device.

It is natural to wonder if your device has been compromised. While the threat was blocked, we can't definitively say whether your device was already infected before this action. An important factor here is whether you initiated the action that triggered the alert or not.

If you performed the action (for example, visited a URL, clicked a link, downloaded or executed a file or program) right before the alert appeared, your Norton protected you from this action. This is the most common scenario. See the checklist in What should I do? section for further steps.

If the alert appeared seemingly out of nowhere, without you knowingly doing anything, the situation is bit more complex, depending on the specific system environment. See the checklist in What should I do? section for further steps.

To find out about the detections we block and what each type means, you can check the most common ones below. We block way more than these, so if you don't see the particular detection on the list, feel free to verify with us.

Website detections

Blacklist: This is malicious software that could harm your data, computer, or network.
Malvertising: This threat is a type of malware that is spread through online advertising.
Phishing: This is a scam designed to steal sensitive information like your credit card number, banking credentials, or passwords.
Scam: This threat aims to trick you into giving an attacker your personal information or money.
- Dating Scam: This is a type of fraud where attackers trick you into sending money or personal information by establishing a romantic relationship using fake profiles on dating platforms or social networks. Alternatively, attackers may deceive you into paying money to fake dating platforms.
- e-shop Scam: This is a type of fraud where attackers create fake online e-shops to trick you into making a purchase, but either the goods ordered are not delivered or they turn out to be counterfeit.
- Technical Support Scam: This is a type of fraud where the attacker pretends to be a legitimate provider of technical support so they can get access to your computer and data.
HTML.* and JS.*: This is a type of fraud where the website itself might not be malicious, but contains a redirect to another website or a script that is malicious.

File detections

Adware: This threat can display or download annoying advertising banners and pop-ups, or possibly hijack your search engine.
Banking Trojan: This threat targets banking websites or banking software to steal your banking credentials, or to make unauthorized payments or money transfers.
Bot: This threat recruits your computer into a network of other computers and provides its computing resources to the network on command.
Coin Miner: This threat secretly hijacks your computer's resources to generate cryptocurrency for the attacker (so-called \"mining\").
Dropper: This threat can secretly install other applications on your computer.
Keylogger: This threat records your keystrokes and sends everything you type (including passwords) to the attacker.
Ransomware: This threat locks your data (or entire computer) and demands you pay a ransom to unlock it.
Remote Access Trojan: This threat gives an attacker remote access to your computer, allowing the attacker to control the device or spy on you.
Trojan Horse: This threat pretends to be something else (for example, picture, document, or other file) to trick you into running it and infecting your computer.

What should I do?

We've prepared a checklist to help you navigate in this situation.

1. Was it a one-time detection that didn't appear again after?

In this scenario, Norton blocked some action on the device. Just to make sure there isn't any remaining process related, we recommend running a Norton scan. For instructions, go to point 4.

2. You want to visit some website, but Norton detects it as suspicious?

If you are familiar with the website, or you've been visiting it before, there is a possibility that the detection is incorrect (also called False Positive).

You can report it to us as False Positive:

Go to https://submissions.norton.com/reportfalsepositive.
On the URL tab, enter your email address and the URL that you think is safe.

You can provide a brief description to help us with the evaluation.
Click Submit.

After 24 hours, try visiting the website again. If Norton still blocks it, we consider it as malicious. If you are sure that the website is safe, you can set an exception. For instructions, go to point 8.

You can follow the same process with any website that Norton blocks.

You can also evaluate the URL with third party sites such as Virustotal.

Disclaimer: We are not responsible for the reliability of any data, opinions, advice, or statements made on third-party sites. We provide these links merely as a convenience. The inclusion of such links does not imply that we endorse, recommend, or accept any responsibility for the content of such sites.

3. You want to run some file or app, but Norton detects it as suspicious?

If you are familiar with the file or app, or you've been running it before, there is a possibility that the detection is incorrect (also called False Positive).

You can report it to us as False Positive:

Go to https://submissions.norton.com/reportfalsepositive.
In the page that appears, click the File tab.
Enter your email address and a brief description to help us with the evaluation.
Browse and select the file.
Click Submit.

After 24 hours, try running the file or app again. If Norton still detects it, we consider it malicious and don't suggest running it. If you are sure the file is safe, you can set an exception. For instructions, go to point 8.

You can also evaluate the file with third party sites such as Virustotal.

Disclaimer: We are not responsible for the reliability of any data, opinions, advice, or statements made on third-party sites. We provide these links merely as a convenience. The inclusion of such links does not imply that we endorse, recommend, or accept any responsibility for the content of such sites.

4. You want to verify there is nothing malicious present on your device?

Run the following scans to scan your device with advanced settings and highest sensitivity. Please note that due to these settings, the scans will take longer time to run depending on the speed of your computer and the number of files being scanned.

First, run a Startup Scan:

Open your Norton device security product.
On the left pane, click Security.
In the Security dashboard, in the Scans tile, click Open.
In the Preset scans tab, next to Startup Scan, click Set Up.
Wait for the Startup Scan to complete the setup, and then click Restart Now.

When the system restarts, the Startup Scan progress screen appears. Wait for the scan to complete and check the scan results.

Second, run a Full Scan:

Open your Norton device security product.
On the left pane, click Settings.
Select Scans.
Hover the mouse pointer over Full Scan and click the settings icon.
Scroll down and select Scan all archives.
Click Save to confirm.
Click Start next to Full Scan.
Wait for the scan to complete and check the scan results.

5. You see random website detection pop-up without you knowingly doing anything?

This is complex scenario that can relate to more system settings, installed apps, internet browsers' extensions, and others, that might be in the past installed with the consent, but typically included approval to perform side actions, which are now considered as malicious by Norton.

Follow the steps below that cover most of these scenarios.

Step 1: Run advanced scans by Norton

Follow the steps in point 4 and run Startup Scan and Full Scan to remove any malware from your device.

Step 2: Uninstall unknown browser extensions

Select your browser for instructions to uninstall unknown extensions (add-ons):

Step 3: Reset your web browser to its default settings

If you experience unusual browser behavior that is not flagged as malicious by Norton, we recommend resetting your browser to its default settings.

Select your browser for instructions to reset to default settings:

Google Chrome
Mozilla Firefox
Microsoft Edge
1. Open Microsoft Edge and go to menu (three dots) > Settings.
2. On the left pane, click Reset settings.
3. Click Restore settings to their default values > Reset.

Step 4: Uninstall unknown apps on the device

Check if you can identify apps that were installed recently and uninstall them.

Tip: From the list of installed programs, sort the list by install date to help you navigate the list.

Important: Uninstall only those apps that you are certain about.

To unintall the apps, follow the instructions in this Microsoft article.

Disclaimer: We are not responsible for the reliability of any data, opinions, advice, or statements made on third-party sites. We provide these links merely as a convenience. The inclusion of such links does not imply that we endorse, recommend, or accept any responsibility for the content of such sites.

6. You suspect some website to be malicious?

If you come across some website that looks malicious, and Norton doesn't block it (also called False Negative), there is a possibility that it is missing in our database.

To verify this, report it to us as False Negative:

Go to https://submissions.norton.com/reportfalsenegative.
On the URL tab, enter your email address and the URL that you think is malicious.

You can provide a brief description on why you suspect the URL is malicious.
Click Submit.

After 24 hours, try visiting the website again. If Norton still doesn't detect it, we consider it safe.

You can also evaluate the URL with third party sites such as Virustotal.

Disclaimer: We are not responsible for the reliability of any data, opinions, advice, or statements made on third-party sites. We provide these links merely as a convenience. The inclusion of such links does not imply that we endorse, recommend, or accept any responsibility for the content of such sites.

7. You suspect some file or app to be malicious?

If you come across some file or app that looks malicious, and Norton doesn't block it (also called False Negative), there is a possibility that it is missing in our database.

To verify this, report it to us as False Negative:

Go to https://submissions.norton.com/reportfalsenegative.
In the page that appears, click the File tab.
Enter your email address and a brief description (optional) on why you suspect the file is malicious.
Browse and select the file.
Click Submit.

After 24 hours, try running the file or app again. If Norton still doesn't detect it, we consider it safe.

You can also evaluate the file with third party sites such as Virustotal.

Disclaimer: We are not responsible for the reliability of any data, opinions, advice, or statements made on third-party sites. We provide these links merely as a convenience. The inclusion of such links does not imply that we endorse, recommend, or accept any responsibility for the content of such sites.

8. You want to exclude a website, file or app from being detected by Norton?

If the outcome of point 2 or 3 (reporting False Positive) was that we consider the website or file or app as malicious, but you are certain they are not, you can set an exception in your Norton app.

Please be aware that doing so is a security risk and we don't recommend it.

For websites, you can follow these steps:

Open your Norton device security product.
On the left pane, click Security.
Navigate to Advanced Security > Computer scroll down and click Safe Web.
In the Safe Web window, on the Exclusions tab, click Add.
Write the website URL and then click Add.

For files or apps, you can follow these steps:

Open your Norton device security product.
On the left pane, click Security.
Navigate to Advanced Security > Computer > Antivirus.
In the Antivirus window, on the Exclusions tab, click Add.
Browse for and select the folders or files that you want to exclude from the scan, and then click Add.

Upgrade for Free