Norton Help(less) Desk
We’d got a report that a page on the Battrick site was coming up as being a phishing url in Norton Internet Security. I tried contacting a Norton agent, to see if they could help, as although the page in question is in a “hidden” frame, it’s not even close to being a phishing page. As a pre-text to the live chat log that follows, I’ll say that I signed up as Gary Smith (incorrect), with email address as me@privacy.com (a common address if you don’t want to give out your proper addy) and telephone number 00000000.
What follows is a typical support desk routine, of not actually taking a blind bit of notice of the information given to them:
Problem : NIS phishing filter is blocking a site known NOT to be a phishing site.
Mr. Gary Smith has entered room.
We are experiencing higher than usual service times. Please wait and an analyst will be with you shortly.
**** 10 minutes later ****
Aneesh has entered room. (Sun Jun 01 2008 06:58:20 GMT+0800 (Malay Peninsula Standard Time))
Aneesh: Welcome to Symantec Chat support. I am currently reviewing the details you have submitted with your chat session and will be with you shortly.
Aneesh: Welcome to Symantec Virus & Spyware Solutions.
Is this the first time you are contacting us or do you have a Priority ID?
Mr. Gary Smith: Hi Aneesh, first time.
Mr. Gary Smith: A friend’s Internet Security package has blocked a page on a site I develop for, saying it’s a known phishing site. How do I go about getting the site removed from the list?
Aneesh: May I confirm your email address as me@privacy.com . am I right?
Mr. Gary Smith: It’s what I’m prepared to give at the moment, yes.
Aneesh: May I have your phone number with the area code ?
Mr. Gary Smith: No, sorry, that’s not possible. Would you like to answer my question please? (I’m not trying to be rude, just get to the solution quickly)
Aneesh: Alright
Aneesh: Are you connected from the computer, which is facing this particular issue?
Mr. Gary Smith: No, it’s a friends computer. The screenshot they’ve put up is at: {url removed}
Aneesh: Thank You for your patience.
Your Priority ID is 488537516 . Please make a note of it for future reference.
Mr. Gary Smith: The page in question only contains some javascript to update a value in another framed page. No alerts have arisen for the past three years this site has run, yet this alert has suddenly come up.
Mr. Gary Smith: Thank for the ID.
Aneesh: You are welcome !!
Mr. Gary Smith: I assume that the user has received an update, and the site/page is now included on the phishing list. I assume there’s a way that false positives can be removed from this list?
Aneesh: As I understand from your issue description, NIS phishing is blocking a site known not be a phishing site .
Am I correct?
Mr. Gary Smith: Correct. Further details above.
Aneesh: Thank You for your patience.
You are currently experiencing a technical product related issue which is supported by the Technical Support Team.
You can connect to them by visiting http://www.symantec.com/supportoptions .
However I can also connect this chat session to the Technical Support Team directly. Shall I proceed to do so?
Mr. Gary Smith: Yes please.
Aneesh: I will now transfer this session to the Technical Support Team, who would assist you further on this issue.
Please note that, you can also connect to them directly by visiting http://www.symantec.com/supportoptions .
It has been pleasure working with you, thank you for using Symantec; have a great day ahead.
Please wait while I connect you to the Technical Support Team. This would normally take around 2 to 7 minutes.
**** 3 minutes later ****
Aravind has entered room.
Aneesh: Please wait, while the issue is escalated to another analyst.
Aravind: Hello
Aravind: Welcome to Symantec Technical Support
Aravind: Gary Smith , in case we are disconnected, please click on the following link, which will reconnect you with me directly: http://www.symantec.com/dtl
Mr. Gary Smith: Hello Aravind.
Aravind: The connection code for this session is 284337
Aravind: May I confirm that the issue you are encountering is ” NIS phishing filter is blocking a site known NOT to be a phishing site.”
Mr. Gary Smith: Thank you.
Mr. Gary Smith: That is correct.
Aravind: which website are you trying?
Mr. Gary Smith: www.battrick.org - specifically the warning (screenshot at {url removed}) is to do with www.battrick.org/nl/{filename removed}
Mr. Gary Smith: The page itself contains some JavaScript that updates a “ticker” in http://www.battrick.org/nl/{filename removed} .
Aravind: I need to verify some information. Do you mind waiting while I check this information for you?
Mr. Gary Smith: Sure, go ahead.
Mr. Gary Smith: It’s a friends computer. I assume that the user has received an update, and the site/page is now included on the phishing list. I assume there’s a way that false positives can be removed from this list?
Mr. Gary Smith: It’s NIS version 10.2.0.30
Aravind: Thank you for confirming your details. Please make a note of this case no. 488537516 for your future reference.This case number will include the details of today’s chat.
Mr. Gary Smith: Thank you.
Aravind: The product you have mentioned is an Enterprise product. You have reached the Consumer Support desk of Symantec.
For assistance with your Enterprise product please visit this site: http://www.symantec.com/business/support/contact_techsupp_static.jspAravind: Is there anything else I can assist you with today?
Mr. Gary Smith: Is it possible for you to pass the chat over to the business support guys please?
Aravind: I am sorry, I dont have an option for that.
Aravind: You can get a phone number in that link.
Aravind: you can directly call them.
Mr. Gary Smith: Although it’s an enterprise product, then phishing list is surely used between consumer and business products. I just need to know who I can contact about getting a site removed from the phishing list, not a Norton-product specific question.
Aravind: Only the enterprise technition can help you.
Aravind: I would like to encourage you to provide feedback for this chat, as this helps in our ongoing efforts to improve the service we deliver. You can contact my manager at Symantecmanagers@symantec.suth.com.
Thank you for contacting Symantec, have a pleasant day.Aravind: thank you Bye
Mr. Gary Smith: Will they have access to this chat on the case number you gave me?
Aravind: yes.
Aravind: they can.
Aravind: you can refer the same case number.
Mr. Gary Smith: Thank you.
Aravind: Analyst has closed chat and left the room
Symantec_Chat_End (Sun Jun 01 2008 07:22:58 GMT+0800 (Malay Peninsula Standard Time))
So, having taken half an hour, they confirmed my fake details twice, passed me over to other agents twice, and didn’t even give me a hint at who it really is I should be talking to (I don’t hold up much hope for the Enterprise guy if he were to be contacted). Great job Norton. I’m considering whether to post some “feedback” as they’ve suggested. I understand they have to follow scripts, but sometimes a bit of humanality is needed.
UPDATE 2008-07-26: Thanks to George’s comment and subsequent contact, below, then the issue looks to have been resolved. In short, the error was only appearing on the one machine when it was going into/out of hibernation. No other reports have been received. Why couldn’t the support desk guys above just have given me the URL below, and saved all this bureaucracy?
Hi Gary,
I’m passing this along to Noah Edwardsen, cc’d here, who works in Public
Relations for Symantec. He has already been alerted to your issue.Have you checked back to see whether the site is still being blocked? If
so, here is a link to the Antifraud False Positive submission site:
https://submit.symantec.com/antifraud/false_positive.cgiSubmitting through the above link will go automatically to the appropriate
technicians and should very quickly remedy the problem. I’m sorry that tech
support wasn’t more helpful in directing you to this solution.The above should work — but if for any reason it doesn’t, please do not
hesitate to get in touch with Noah or myself.
