Re: Unauthorized access blocked (Set Regietry Security Key).

Calls · ‎10-07-2009

reese_anschultz wrote:
Further tamper protection was added either in or at the same time as the 18.6 release. These new log events are the result of that addition and, as with most other log events of this type, generally don't indicate a problem unto themselves.

Thanks for helping us understand this Reese

One further question. I have NIS 2010 v 17.8.0.5

There has not been a recent version update of NIS 17.8.0.5

So how would your explanation (tamper protection was added either in or at the same time as the 18.6 release)

account for what I'm seeing ( the same instances as the original poster) but not having a version update?

I'm sure there is an answer that I'm just not understanding.

Your help, as always, is very much appreciated

SendOfJive · ‎02-07-2009

Calls wrote:
So how would your explanation (tamper protection was added either in or at the same time as the 18.6 release)
account for what I'm seeing ( the same instances as the original poster) but not having a version update?
I'm sure there is an answer that I'm just not understanding.

The key words are "at the same time." Obviously the update that is causing the new entry was pushed to everyone and was something other than the program update for NIS 2011.

HF1 · ‎05-15-2011

Okay--I am still getting the message in nis history whenever I boot up--How do we get rid of this annoying entry or do we have to live with it forever?--Thanks for the help.

SendOfJive · ‎02-07-2009

Hi HF1,

Things that show up in Norton Product Tamper Protection logs tend to show up repeatedly (Google Updater gets about a dozen entries per day on my system). These are just entries in a log that record events that Norton monitors. If you ignore them they may not go away, but they will be less annoying.

Calls · ‎10-07-2009

Just for my own clarity, the fact that around May 1st 2011, I had this intrusion attempt

Risk Name: Web Attack: Blackhole Tool Kit

Destination Address: (my PC)

Traffic Description: TCP, www-http

Risk: High Status: Blocked

Recommended Action: No Action Required

Since it was blocked and no action needed by me, this is totally seperate from the aformention

Norton Tamper Protection notice that happened on May 9th 2011?

SendOfJive · ‎02-07-2009

Calls wrote:
Just for my own clarity, the fact that around May 1st 2011, I had this intrusion attempt
Risk Name: Web Attack: Blackhole Tool Kit
Destination Address: (my PC)
Traffic Description: TCP, www-http
Risk: High Status: Blocked
Recommended Action: No Action Required
Since it was blocked and no action needed by me, this is totally seperate from the aformention
Norton Tamper Protection notice that happened on May 9th 2011?

Yes, unrelated. Two totally separate events.

Calls · ‎10-07-2009

Thanks SoJ

Calls · ‎10-07-2009

Reese-

Just for a little more clarity.

Are you saying that this has always been blocked and just now Norton is logging the blocking?

Or has there been some update from Microsoft that NOW triggers the blocking?

Is this only happening with Vista OS?

reese_anschultz · ‎04-08-2008

Calls wrote:

Reese-

Just for a little more clarity.

Are you saying that this has always been blocked and just now Norton is logging the blocking?

Or has there been some update from Microsoft that NOW triggers the blocking?

Is this only happening with Vista OS?

In a definitions update we added detection of changes and blocking access to certain operating system owned registry keys that we weren't protecting before. It applies to all operating systems and because it's distributed through definition updates applies to many versions of the Norton products.

Reese Anschultz
Senior Software Quality Assurance Manager, Symantec Corporation