Leofwine Hi, 

Firstly, welcome to the community.

As a new update of NIS 2011 has just been released, can you please tell us which version you are using?

Please let us know all the details about your computer, the OS and software which you are using.

Also, are you using another security program, or were you, and, if so, did you fully remove it.

 Secondly, If you feel satisfied with one of the answers that you have been given, please mark it as “Solved”, so that others may easily see it and benefit from the advice given to you.

Cheers,

 drshlomo.

I'm using Norton Internet Security 2011, current version number shows as 18.5.0.125.

Computer is using Vista 64.

Intel Core 2 Quad CPU Q6600

Two Samsung HD103UJ

ATI Radeon HD 5700

Two Asus DRW 2014LIT

8GB RAM

Software wise at the time I was mostly just using Internet Explorer (8.0.6001.19048).

I do have the free version of Malwarebytes installed however it is only used to do very occasional scans and is not running for the vast majority of the time. This has been installed for quite sometime and has never resulted in any problems that I have noticed. Windows firewall is turned off always.

Hello Leofwine

Please try running live update and see if you get the downloads for the newest patch. It is being given out in a phased in manner. You may get part of it and then may have to reboot. Then run live update again and reboot if anything else comes thru. Thanks.

I've done the update-reboot-update-reboot until there are no more updates.

Looking through the history on Norton it seems there are entries for most of the night in question (the 4th) which would suggest to me that it was actually running. However at the time in question the 'box' in the sidebar for vista that normall is lit with a 'secure' bar had no bar and was greyed out (+the norton icon in the toolbar was present until I clicked 'show hidden icons' at which point it vanished leading me to assume it was not actually running in the first place).

On an unrelated (hopefully) note, there also seem to be a lot of 'new' entries in the history starting from the 3rd which I'll list briefly at the end of this post since I have no idea what a fair few mean so if only for my peace of mind I'd appreciate some insight into why they're popping up, and only since the 3rd, even if it is just a simple 'norton is working as intended and it's all normal, stop being paranoid'

Thank you for any advice/answers you can provide.

The history log entries:

Rule "Default block Microsoft Windows 2000 SMB" blocked communication. Local address: All network adapters (port  (445) )

Process name is System

Rule "Default block UPnP Discovery" stealthed (fe80:: -lots of letter/numbers etc, port ssdp (1900) ).

Inbound UDP packet.

Local address, service is ( -few letters/numbers- port ssdp(1900) ).

Remote address, service is ( -same letters numbers as line one-, port (50236) ).

Process name is c:\windows\system32\svchost.exe.

Rule "Default Block UPnP Discovery" stealthed ( ip address, port ssdp(1900) ).

Inbound UDP packet.

Local address, service is ( a different ip, port ssdp(1900) )

Remote address, service is ( first ip, port (31113) )

Process name is c:\windows\system32\svchost.exe

An instance of c:\windows\system32\wininit.exe is preparing to access the internet. (also for svchost.exe, symerr.exe, jusched.exe, ccscvhst.exe (in norton), services.exe, mdnsresponder.exe, sidebar.exe, + a few others)

Rule "Default Block Web Services on Devices" blocked communication.

Local Address: All local adapters (Port (5357) ).

Process name is "System".

Rule "Default Block EPMAP" blocked communication.

Local address: All local network adapters ( Port dcom(135) ).

Process name is C:\windows\system32\svchost.exe

Rule "default block windows file sharing" blocked communication.

local address: -ip address- (port (139) )

process name is "System".

not hte full message but : unused port blocked, has blocked inbound tcp communications (port 6881) on lots of different IP addresses.

Protecting your connection to a newly detected netwrok on adapter software loopback interface 1 (ip address: 127.0.0.1).

There is also this entry from the night in question:

Norton Internet Security has encountered an internal program error.

Error Id 104

Module Id 8504

error code 0x80004005

Hi Leofwine,

Those are all normal entries that log the instances when firewall rules are invoked and when the firewall monitors various programs that request network access.  Basically, it is a record of events that the firewall is in charge of overseeing.  Everything about your particular entries is as it should be, with the firewall watching the network traffic and blocking certain types of communications via rules that are based  on how your system is configured for networking, which Norton detects automatically.  Nothing to worry about, here.  I'm not sure about the program error, which seems to be related to your main 8504,104 issue.  Here is a KB article on that error:

http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20100423022057EN

Well I'm not sure since the error messages/info on the site doesn't say but I am wondering if the 8504 error at least might be because I tried to start Norton with the computer disconnected from the router (which I did when I found it was not running - unplugged it and tried to start norton which didn't work)?

Norton ran normally when I reconnected and rebooted that night, and I ran power eraser (as that page says) the morning after and while it flagged a couple as 'bad' and a couple as 'suspicious' all are files that I know what they are so...

As for the history log entries, why would they only have started on the 3rd? Just seems a tad odd.

Thank you for your reply.