Hi, 

My question is, can a good hacker go undetected from Norton 360?

Like, not even show up in any logs with any activity?

Basically get around Norton totally?

I left my router unsecured for 2 hours,

and am wondering if they accessed my network

and stole my files without being logged by Norton with any activity

(even though I have no shared files in Windows Vista 32bit,

wondering if they still hacked in).

Is there any way to see which files they accessed (if any)?

Thank you for your reply, it will help me feel better. 

Is there any way to see which files they accessed (if any)?

Go to Tasks > View Security History. From the drop-down menu next to Show, select the categories listed under Internet section, and review the details shown for each(Firewall-Networks & Connections, Firewall-Activities, Download Insight etc). Let us know if you find suspicious entry during the time period you left your router unsecured.

Yogesh

"The only good hacker is a dead hacker" ? to adapt a Wild West saying <s>

But I understand your concern and I'm sure you will get help here.

This post was merged by an admin. But it's a different question.

Can somebody help me with the specific points I've addressed in these two posts?

Thanks again for all your help. 

Hi,

These are some of the logs I see that look suspicious,

would you help me decipher what they mean

and if it means the files on my system could have been hacked/accessed by someone on my network

(again I had an unsecured router)?

(running Vista 32 and Norton 360)

(I may have also had windows firewall on at the same time as norton 360 firewall,

does that lower my security?) 

1. Rule "Default Block windows file sharing" blocked communication. Process name is "system".

2. Rule "Default Block UpnP Discovery" stealthed (192.168.5.101, Port ssdp (1900) ). Inbound UDP packet.

My computer was 192.168.5.102 - does that mean another computer on the network was coming in?

3. What is "IP address has disappeared from adapter ... and is no longer being protected (IP Address: 192.168.5.102)"

4. Nothing shows for "Download Insight".

5. Severity: Medium - Unauthorized access blocked (open process token) blocked

Would you please help me by addressing each of these items?

Thanks so much, it will help me feel better on these issues. 

Rule "Default Block windows file sharing" blocked communication. Process name is "system"

This indicates that the Norton Firewall blocked the communications using the general firewall rule(default rule) in order to protect your computer and thus making the Trust Level of your computer to "Protected" status in the network.

"Rule 'default block UPnP Discovery' stealthed (my IP, port ssdp (1900) ). Inbound UDP Packet."

Read the informations provided in the below threads:

http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=34298

http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=10077

IP address has disappeared from adapter ... and is no longer being protected (IP Address: 192.168.5.102)

This is normal entry, read the post of  TomiRed in the below thread:

http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=40164

Unauthorized access blocked

If you could provide more information on the Actor, Ip Address and Target file; we can check this further. Mostly, this happens when one of the programs in your computer tries to access Norton program files(like ccSvcHst.exe) and Norton Tamper Protection blocked that attempt as it seems to be unnecessary. This just indicates that Norton program works as designed and tamper protection provides security over Norton files.

All these entries are due to the General Traffic Rules set in Smart Firewall by default. Norton products have application intelligence baked in, allowing it to make security decisions so that you don’t have to. The Smart Firewall intelligently makes security decisions for you—allowing you to use your computer without you needing to be a security expert. The Smart firewall will automatically configure and use the rules whenever it is required. And, all these entries indicate that Norton program is blocking some unwanted intrusion attempts which came to your computer through different ports or ways. So, there is nothing for you to worry about these entries.

Yogesh

Thank you for your clarification on those matters.

Here's some more detail on one of the logs that concerns me:

"Rule "Default Block UPnP Discovery" stealthed (192.168.1.101, Port ssdp (1900) ).

Inbound UDP packet.

Local address, service is (230.255.255.235, Port ssdp (1900) ).

Remote address, service is (192.168.5.101, Port (52235) ).

Process name is "C:\Windows\System32\svchost.exe".

I want to also note my ip on the network was 192.168.5.102 (not 101 like the remote address),

so does this mean a hacker came into my system?

Thank you again for your gracious help and attention. 

Anybody available to help me with this issue? 

Thank you.