NIS 2011 Upgrade and Run LiveUpdate patch failure. Posible Trojan.

mttxn12 · ‎02-05-2010

Hi, I recently upgraded some of my computers to NIS 2011 and I had no problems with the installation. But when I ran the LiveUpdate, there was a failure to install one of the patches. It was attempting to install like 22 patches and one of them called Web Anti-Phising update failed to install. I thought this was temporary and did a reboot. After the reboot, I tried to run LiveUpdate again and it failed. I did not notice anything unusual with the computers and I just ignored the error. I ran a full scan and NIS did not detect anything.

I have a SonicWall firewall installed on my network. I recently checked my emails and the SonicWall informed me today (when I was upgrading the computers with the latest NIS) that it blocked several attempts from a Trojan called Phish_PayPal. I'm wondering if this is what's causing the patch to fail during install. Any suggestions on how to tackle this issue?

I'm wondering if the Norton installation files were infected. I had no problems until this morning (Nov 28, 2010). The only other thing that I installed was an upgrade for a Dell Support program.

Thanks in advance.

delphinium · ‎11-21-2008

How many of the computers had problems with the patch, one or all? How is the Sonic firewall installed, on a server or on the machines? Norton files are not infected, or they would not be distributed. Was the firewall blocking incoming attempts or outgoing attempts?

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain

mttxn12 · ‎02-05-2010

I have like 3 computers affected. These were the computers where I upgraded the NIS from 2010 to 2011. The SonicWall is installed on a peer-to-peer network. The SonicWall blocked both incoming and outgoing attempts.

When I try to run LiveUpdate, I get the following error message:

Norton 2011 Web Protection Definitions Updates Antiphising to verify authentic websites failed to install. Update Criticality Critical.

When I scan the systems with anti-malware products, things come up negative. I'm thinking this may be a false positive. I recently was able to generate a SonicWall Phish_PayPal alert by just running the LiveUpdate. I don't know why the NIS is failing during the update process. I'm going to try to reinstall the NIS from fresh.

Tywin7 · ‎09-02-2010

Is it possible to disable or uninstall the sonicwall firewall just to see if its causing a problem?

Norton Internet Security 2011 , Windows 7 Home Premium 64 bit (Check if you are eligable for a FREE Norton upgrade)
Success is 10 percent inspiration and 90 percent perspiration.”--Thomas Alva Edison
I'm not a Symantec employee and my posts do not represent the views of Symantec.

mdturner · ‎04-11-2008

Tywin7 wrote:
Is it possible to disable or uninstall the sonicwall firewall just to see if its causing a problem?

Sonicwall is a hardware firewall.

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone

Tywin7 · ‎09-02-2010

Can't it be bypassed? Surely you can place a pc outside the firewall?

Norton Internet Security 2011 , Windows 7 Home Premium 64 bit (Check if you are eligable for a FREE Norton upgrade)
Success is 10 percent inspiration and 90 percent perspiration.”--Thomas Alva Edison
I'm not a Symantec employee and my posts do not represent the views of Symantec.

mttxn12 · ‎02-05-2010

There is definitely an issue between that patch, the LiveUpdate, and the SonicWall firewall. After doing a fresh install on some Norton's, they were able to install the patch successfully for some strange reason. The ones that weren't able to install successfully, I will continue to monitor. I have a PC not protected by the SonicWall and it was able to update without any problems.

mdturner · ‎04-11-2008

HI mttxn12

The Sonicwall's logs should show what was blocked and with that information you should be a able set a rule to allow the blocked communication.

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone

mdturner · ‎04-11-2008

Tywin7 wrote:
Can't it be bypassed? Surely you can place a pc outside the firewall?

That would mean physically changing network cabling for the affected PCs or putting them in a DMZ.

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone

Tywin7 · ‎09-02-2010

That's what I was suggesting dmz, didn't know how to spell that out so I used bypass.

Norton Internet Security 2011 , Windows 7 Home Premium 64 bit (Check if you are eligable for a FREE Norton upgrade)
Success is 10 percent inspiration and 90 percent perspiration.”--Thomas Alva Edison
I'm not a Symantec employee and my posts do not represent the views of Symantec.