Not what you were looking for? Ask our experts!
Reply
Contributor
tm100
Posts: 69
Registered: ‎10-30-2008
Accepted Solution

Strange firewall logs in security history

Hi,

 

I'm getting these strange history logs from Norton, they go like this:

 

Rule "Default block EPMAP"  blocked (78, 152, 198, 40), port dcom(135), inbound tcp connection. There are many of these happening every few minutes.

I'm also getting some saying "Microsoft windows 2000 SMB" blocked on port (445)inbound tcp connection.

 

Can anyone explain whats going on?

 

Thanks

Rootkit Eradicator
Posts: 5,357
Registered: ‎05-30-2008

Re: Strange firewall logs in security history

Those are Firewall Rules that symantec put in to Block, because they are Ports used by Attackers.  Please do not Remove these Rules, otherwise your computer will become Infected.

 

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Contributor
tm100
Posts: 69
Registered: ‎10-30-2008

Re: Strange firewall logs in security history

Sorry, I forget to mention that the process name of the "default block EPMAP" is C:\windows\system32\svchost.exe. The address of the incoming traffic changes every time. Am I safe if Norton keeps blocking these or could the pc already be infected?
Rootkit Eradicator
Posts: 5,357
Registered: ‎05-30-2008

Re: Strange firewall logs in security history

[ Edited ]

If you are worried, I would suggest Running Norton LiveUpdate and doing a Full System Scan if you're worried, dis-connected from the Internet, but this is normal to see this.  Norton is Protecting you!

 

What Norton Product and Version are you using?

 

Message Edited by Floating_Red on 05-09-2009 10:25 PM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Contributor
tm100
Posts: 69
Registered: ‎10-30-2008

Re: Strange firewall logs in security history

I'm using Norton 360 version 3.0.0.134. I ran live update did the full scan and nothing was found. If you say the logs are normal then I'll forget about them, they just looked a bit odd .Thanks.
Rootkit Eradicator
Posts: 5,357
Registered: ‎05-30-2008

Re: Strange firewall logs in security history

[ Edited ]

tm100 wrote:
I'm using Norton 360 version 3.0.0.134. I ran live update did the full scan and nothing was found. If you say the logs are normal then I'll forget about them, they just looked a bit odd .Thanks.

If you are happy you got your question answered, please select the Post that best answered you question(s) and Mark it as the Solution.

 

Message Edited by Floating_Red on 05-10-2009 12:59 PM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]