# Norton AV log check — copies locked logs and searches for AI tool false positives # Usage: powershell -ExecutionPolicy Bypass -File norton-check.ps1 $ErrorActionPreference = 'SilentlyContinue' $logs = @( @{ Name = "detections"; Src = "C:\ProgramData\Norton\Antivirus\log\detections.log" } @{ Name = "filesystem"; Src = "C:\ProgramData\Norton\Antivirus\report\FileSystemShield.txt" } @{ Name = "behavior"; Src = "C:\ProgramData\Norton\Antivirus\report\BehaviorShield.txt" } @{ Name = "ransomware"; Src = "C:\ProgramData\Norton\Antivirus\report\AntiRansomwareShield.txt" } ) Write-Host "=== NORTON SERVICES ===" -ForegroundColor Cyan Get-Service | Where-Object { $_.DisplayName -match 'Norton|Symantec' } | Format-Table Status,Name,DisplayName -AutoSize Write-Host "=== NORTON KERNEL DRIVERS ===" -ForegroundColor Cyan Get-CimInstance Win32_SystemDriver | Where-Object { $_.DisplayName -match 'Norton|Symantec|SymEvent|BHDrvx64' } | Select-Object State,Name,DisplayName | Format-Table -AutoSize Write-Host "=== COPYING LOCKED LOGS ===" -ForegroundColor Cyan foreach ($log in $logs) { $dst = "$env:TEMP\norton_$($log.Name).log" if (Test-Path $log.Src) { Copy-Item $log.Src $dst -Force $size = [math]::Round((Get-Item $dst).Length / 1KB, 1) Write-Host " $($log.Name): ${size} KB" } else { Write-Host " $($log.Name): not found" -ForegroundColor Yellow } } Write-Host "`n=== AI TOOL FALSE POSITIVE SEARCH ===" -ForegroundColor Cyan $pattern = "claude|anthropic|codex|Evo-gen|PUP-gen|Trj|quarantine|chest|node\.exe|cursor" $results = Select-String -Path "$env:TEMP\norton_*" -Pattern $pattern -AllMatches if ($results) { $results | Format-List Filename,LineNumber,Line } else { Write-Host "No AI tool detections found." -ForegroundColor Green } Write-Host "`n=== RECENT DETECTIONS (last 50 lines) ===" -ForegroundColor Cyan if (Test-Path "$env:TEMP\norton_detections.log") { Get-Content "$env:TEMP\norton_detections.log" -Tail 50 } else { Write-Host "No detections log available" }