Not what you were looking for? Ask our experts!
Reply
Newbie
Mouse_12
Posts: 1
Registered: ‎03-17-2011

Security History Alert-Default block ssdp. Inbound TCP connection

I confess I'm fairly ignorant of what NIS does to protect my computer, I just assume that it knows what it is doing:smileyhappy:.  Recently, NIS 2011 blocked some intrusion attempts (Fake AV webpage request and a http blackhole toolkit activity).  It then picked up and quarantined a downloader.

 

Since then I regularly look at the security history log.  There seems to be a lot of firewall activity logged as info that reports Rule "Default Block SSDP" blocked ....Inbound TCP connection.......process name is c:\windows\system32\svhost.exe"

 

Please can someone help to explain what this means and is it indicative of any problems that I need to address? eg intrusion attempts?  Also what number of alerts would be considered to be a normal daily level?

 

Thanks

delphinium
Posts: 9,862
Kudos: 2,964
Solutions: 293
Registered: ‎11-21-2008

Re: Security History Alert-Default block ssdp. Inbound TCP connection

Hi Mouse_12:

 

Norton is blocking malicious scripts on webpages when you see entries in intrusion prevention, such as the Fake AV.  These blocks are an indicator that you need to avoid that site.  Use your back button to withdraw from it, do not click on anything in a webpage of that nature.

 

There are many entries in the firewall log since Norton logs most of what is going on.  Much of it is just similar to "directing traffic."  The important logs are intrusion prevention, unresolved threats, and quarantine.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Super Spam Squasher
Bombastus
Posts: 1,795
Registered: ‎11-16-2009

Re: Security History Alert-Default block ssdp. Inbound TCP connection

SSDP is the Simple Service Discovery Protocol service. It looks for Universal Plug and Play devices on your network. Depending on your Windows settings, Norton blocks this, at least on Protected network level or above. As it should be.

SendOfJive
Posts: 10,754
Kudos: 4,794
Solutions: 776
Registered: ‎02-07-2009

Re: Security History Alert-Default block ssdp. Inbound TCP connection

HI Mouse_12,

 

The firewall entries for SSDP are normal and would not be related to the intrusion attacks that were blocked by Intrusion Prevention.