• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!

Kudos0

Strange firewall logs in security history

Hi,

I'm getting these strange history logs from Norton, they go like this:

Rule "Default block EPMAP"  blocked (78, 152, 198, 40), port dcom(135), inbound tcp connection. There are many of these happening every few minutes.

I'm also getting some saying "Microsoft windows 2000 SMB" blocked on port (445)inbound tcp connection.

Can anyone explain whats going on?

Thanks

Replies

Kudos0

Re: Strange firewall logs in security history

Hi,

I'm getting these strange history logs from Norton, they go like this:

Rule "Default block EPMAP"  blocked (78, 152, 198, 40), port dcom(135), inbound tcp connection. There are many of these happening every few minutes.

I'm also getting some saying "Microsoft windows 2000 SMB" blocked on port (445)inbound tcp connection.

Can anyone explain whats going on?

Thanks

Accepted Solution
Kudos0

Re: Strange firewall logs in security history

Those are Firewall Rules that symantec put in to Block, because they are Ports used by Attackers.  Please do not Remove these Rules, otherwise your computer will become Infected.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Strange firewall logs in security history

Sorry, I forget to mention that the process name of the "default block EPMAP" is C:\windows\system32\svchost.exe. The address of the incoming traffic changes every time. Am I safe if Norton keeps blocking these or could the pc already be infected?
Kudos0

Re: Strange firewall logs in security history

If you are worried, I would suggest Running Norton LiveUpdate and doing a Full System Scan if you're worried, dis-connected from the Internet, but this is normal to see this.  Norton is Protecting you!

What Norton Product and Version are you using?

Message Edited by Floating_Red on 05-09-2009 10:25 PM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Strange firewall logs in security history

I'm using Norton 360 version 3.0.0.134. I ran live update did the full scan and nothing was found. If you say the logs are normal then I'll forget about them, they just looked a bit odd .Thanks.
Kudos0

Re: Strange firewall logs in security history


tm100 wrote:
I'm using Norton 360 version 3.0.0.134. I ran live update did the full scan and nothing was found. If you say the logs are normal then I'll forget about them, they just looked a bit odd .Thanks.

If you are happy you got your question answered, please select the Post that best answered you question(s) and Mark it as the Solution.

Message Edited by Floating_Red on 05-10-2009 12:59 PM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]

Replies are locked for this thread.