posted on Apr, 12 2009 @ 12:29 AM
PIFTS.exe or Product Information Framework Troubleshooter
This entry was created to answer the following key questions around PIFTS.exe:
- What is PIFTS.exe?
- What is the function of PIFTS.exe?
- What information does PIFTS.exe collect?
Norton security products contain a component called Product Information Framework (PIF), and a feature called LiveUpdate Notice (LUN).
LUN is an in-product messaging mechanism that is used to notify customers when new product versions are available. The messaging is targeted to
particular systems based on product version, operating system version, and product state, and this state is determined by the PIF component.
For instance, LUN was used to notify users when a Vista compatible version of their product became available, and LUN will again be used to notify
users when a Windows 7 compatible version of their product becomes available.
LUN is fully integrated into 2008 and later products, but is a standalone component in 2006 and 2007 products. LUN became available after the 2006 and
2007 products shipped, and was added to the 2006 and 2007 products using LiveUpdate (LU).
Symantec is aware of a problem affecting some 2006 and 2007 products where a subsequent PIF update did not successfully apply. The cause of this
problem is currently under investigation, but the result is that these users may not receive appropriate LUN messaging.
To assist with identifying the extent, and potential cause, of the problem, Symantec created an investigative executable that analyzes the Norton
product state, and reports the details to Symantec. This information will help Symantec to identify and correct the problem with PIF, in time for the
Windows 7 release.
Product Information Framework Troubleshooter (PIFTS) executable details:
File name: PIFTS.EXE
File size: 102400 bytes
MD5 hash: 91b564d825a3487ae5b5fafe57260810
The PIFTS.EXE binary was released through LiveUpdate targeting 2006 and 2007 products. After downloading the LU package, LU executes PIFTS.EXE, and
PIFTS.EXE collects product state information, and reports this information to Symantec.
PIFTS.EXE does the following:
- Determines what product is installed, NIS, NAV, N360, NCO, or NSW, by looking under the HKLM\Software\Symantec\InstalledApps registry key.
- Determines the version of the installed product by looking at the file version information of a key product file.
- Determines if PIF is installed by looking under the HKLM\Software\Symantec\InstalledApps registry key.
- Determines the version of PIF by looking at the file version information of two key PIF files.
- Determines if PIF is enabled, and what the PIF state is, by looking at the PIF registry under HKLM\Software\Symantec.
- Determines the version of PIF that LiveUpdate believes is installed, by reading the LU catalog.
- The collected information, as described above, is reported to a Symantec server, called stats.norton.com, using an HTTP GET request. This server is
located at a Symantec datacenter located on the East Coast of the United States.
No additional information is collected, no personal information is collected, and no system modifications are made.