Norton Security alert on Electrum node.ispol.sk

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: cryptospin on March 14, 2019, 12:53:50 PM

I was not so worried about this issue as i use hardware wallet and trust to norton security. But I thought that this fact might be interesting to the community.
Thanks to all.

It is indeed interesting. At least it shows that some Electrum server address is somehow detected as malicious because it was detected to run Coinminer which is a famous web browse mining apps if I remember it correctly. Maybe the owner of the server run its own web based mining apps or he apply that script for any request coming to his server (if that is even possible), so his client needs to run Coinminer first before his request got confirmed (not sure about this, just my speculation).

Thanks for the info.

cryptospin

newbie

Activity: 4

Merit: 1

I was not so worried about this issue as i use hardware wallet and trust to norton security. But I thought that this fact might be interesting to the community.
Thanks to all.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: ryap12 on March 14, 2019, 05:10:14 AM

~snip~

Nothing is wrong with Norton Security, I use it for years without any problems. Compared with some other security solutions I can say that has proven to be the best. You may be bothered by notifications which are turn on, or something like that, but it is very easy to enable / disable any option.

cryptospin, you can try to report this issue to Norton, maybe it is just false positive detection. Even before Norton ( and some others AV) blocked Electrum as threat, and they fix that. For more info visit this thread.

ryap12

member

Activity: 700

Merit: 14

This is why I don't use Norton as an anti-virus because it affects some of my running softwares plus I am not that techie. It also takes my time to work on something whenever Norton blocks it. Hope you get to figure it out or got answers from above. They said it's okay and it's clean so I guess it is safe then.

Pmalek

legendary

Activity: 2730

Merit: 7065

The address seems to be clean according to VirusTotal - https://www.virustotal.com/#/url/c9fbbc7411cc0d754fbdf7a2e5c16f86549a8b0d5a9708ec224b07c6f58c4b52/detection

Abdussamad

legendary

Activity: 3682

Merit: 1580

you can switch servers

cryptospin

newbie

Activity: 4

Merit: 1

Yes, Electrum installed to a not default location. This is exactly that place where i chose to install it.

This issue only appear when conntected to node.ispol.sk.

I have already made transaction on this wallet version with my ledger device and it went to the right address.

Thanks for answer.

HCP

legendary

Activity: 2086

Merit: 4361

Reading the Symantec description of this type of threat... it appears they might just be detecting connections to specific IP addresses associated with "Coinminers"... hence why it only triggers if you connect to "node.ispol.sk".

Quote from: https://support.symantec.com/en_US/article.TECH249302.html

Unusual network activity (e.g. connections to mining-related websites or IP addresses). For example, you may notice unexpected PowerShell processes connecting to IP addresses associated with xmrpool[.]net, nanopool[.]org, moneropool[.]com, and similar addresses.

If the alert doesn't show up when you connect to other nodes, then you should be fine... Norton is just scanning your network and preventing connections to what it considers to be a "bad" IP... If it shows up when connecting to ANY Electrum server, then I'd start to be really concerned... although, you already stated you checked the signature file.

Also, can you confirm that you installed Electrum to a non-standard location (or are using the standalone/portable version)? Your alert message shows it is running from a very unusual location... Huh

cryptospin

newbie

Activity: 4

Merit: 1

Helo,

Just have an issue with electrum 3.3.4. When it connetcted to node: node.ispol.sk Norton antivirus show an alert and block connection to this ip.
It show the Warning: System Infected: PUA.Coinminer Activity 5 and connetct it with ELECTRUM-3.3.4.EXE
I check signature of electrum file and it's good.

This alert can easily replay when in manual mode connect to this node: node.ispol.sk with Norton Security

I have a screenshot but as I understand can't add it at this time. it accesable by this link: https://dropmefiles.com/zpA5U

What do you think?

Topic: Norton Security alert on Electrum node.ispol.sk (Read 207 times)