11-01-2011 09:39 PM
I am thinking about purchasing the full version of 360 Version 5.
I downloaded the trial version which I am using now. However under the Manage Firewall settings,and Advanced Settings I want to enable "Advanced Events Monitoring" so I can see what those settings are. The firewall failed a leaktest I did and I want it to notify me when a program tries to launch or open. It looks like you can set Norton 360 to do that, howver it will not let me turn "ON" Advanced Events Monitoring to edit those settings. It's grayed out.
My question was... is this just a limitation of the trial version or when I purchase 360 will I be able to edit those settings? It also occured to me that maybe those are features of Norton 360 Premier edition. Is this the case?
Any help will be greatly appreciated.
11-01-2011 10:43 PM - edited 11-01-2011 10:58 PM
You need to turn off Automatic Program Control before you can enable Advanced Events Monitoring. However, the recommended configuration is to leave APC on. In this mode, whenever a request for network access is made, the firewall verifies that the program making the request is known and trusted and that the traffic is legitimate with no suspicious characteristics. The firewall can actually query other Norton components for additional information, if necessary. The firewall actually has more information about the program requesting access and the specifics of the traffic than most users would know on their own. So, in addition to being more convenient, APC is also arguably the most secure way to operate the Firewall.
Leak tests always give misleading results when Norton is in Automatic Program Control mode. Your leak test failed, not because Norton does not block that type of traffic, but because the leak test is a known safe program that is not actually engaging in anything malicious, and so is allowed to connect out (your leak test is probably listed in Program Control). When a malicious or suspicious program attempts to use the same tricks, the traffic will be blocked. When using leak tests, you do have to turn on Advanced Events Monitoring so that all programs generate prompts. Norton will then alert you to how each program is attempting to access the network, and the leak test techniques will be apparent. The important point is that in either Automatic Program Control mode, or Advanced Events Monitoring mode, actual malicious or suspicious traffic using methods that are demonstrated in leak tests will be blocked. But leak tests themselves, being recognized, trusted, and having no malicious payload, will be permitted by APC, because there is no actual threat involved.