Norman Virus Control
The "Sandbox" feature provides a safe way to monitor suspicious program behavior.
The centralized installation feature is limited to systems in the same Windows Domain.
An effective antivirus system with useful administration features.
Although Norman Virus Control offers support for the current versions of Windows, including Windows 95, and various versions of Linux, it also supports OS/2 Warp 4 and OS/2 Warp Server.
While these systems no longer make the headlines in computing magazines, there are still plenty of them doing useful work. In terms of Windows systems, it is possible to manage large deployments to systems running NT4, 2000 and XP, but only if they have MS File and Print services running and are in the same domain as the "NDesk" management system. Otherwise, the software will need to be installed manually.
The NDesk software is the core of the Norman environment, managing updates for client systems and monitoring their health. The software seems to assume that malware will be caught during normal scanning: catching an infestation under way would simply involve pushing out updates across the enterprise (and Norman scales very well for this) and forcing a scan. We would have liked more tools to report on outbreaks, but the basic approach is workable enough.
Norman Virus Control provides a useful "exclusion list" facility that allows individual files to be ignored during virus scanning. The list will allow directories and associated sub directories to be excluded as well, and can exclude files by file extension if required.
The most obvious use for this option is to exclude software such as remote control programs that might otherwise generate a false positive alert.
A major feature of Norman Virus Control software is its "Sandbox". In this case, it is a virtual environment that provides everything a program needs to run while isolating it from the real operating environment. In this way, a program can be checked for suspicious behavior without exposing the system to attack.
Since the virtual environment always starts from a known state, any changes that occur in it are the result of the program's activity.
These changes can then be examined to see if there are any undesirable effects before judging the program acceptable. In order to reduce the number of false positives that might otherwise be caused by the behavior of some types of software, such as Remote Administration systems, the program refers to the exclusion list and the latest virus definitions.