Not what you were looking for? Ask our experts!
Reply
Regular Contributor
Calls
Posts: 2,237
Registered: ‎10-07-2009
Accepted Solution

Unauthorized access blocked question

NIS2012
Vista Home Premium 32 bit desktop PC
Vista SP2

Hoping someone can help me understand what this all means.
I do not look at the NIS history as much as I did in the past. But just renewed my 2012 NIS subscription last night, so wanted to make sure all is working well.
So I find this entry in the history log, like 42 entries
Example
Unauthorized Access Blocked (open file)
Actor DFRGNTFS.EXE
Target C:\ProgramFiles\NortonInternetSecurity\Engine\
19.8.1.4\symevnt.sys

The actor in all 42 of these events is DFRGNTFS.EXE
The targets are all Norton related(engine, MUI, program data involving Norton)

I know it's blocked so good
I did google the DFRGNTFS and it seems its a windows disk defragmenter?
In my full NIS history I do not ever see this entry and I have had NIS 2012 for a year
Also read something about it runs when new software is installed.
But u did not install new software, that makes it concerning.

Last night I did update my NIS 2012 subscription and I also installed a Microsoft Vista update that came out 8/27/13 (KB280382)
But neither if those should have installed new software

Super Spam Squasher
Bombastus
Posts: 1,796
Registered: ‎11-16-2009

Re: Unauthorized access blocked question

Hi, Yes, that's the Windows defragmenter. That it comes into contact with Norton files when doing its job is not strange at all. It would be strange if it didn't. And everything that does come into contact with Norton files and processes are blocked, and this log entry is written. Probably a Norton update that has to do with logging that suddenly makes it appear now when it hasn't before. Because it 100% certainly has come into contact with your NIS before, and been blocked.
Regular Contributor
Calls
Posts: 2,237
Registered: ‎10-07-2009

Re: Unauthorized access blocked question

Would anyone know if there were any NIS2012 updates yesterday that would spark this activity?
Regular Contributor
Calls
Posts: 2,237
Registered: ‎10-07-2009

Re: Unauthorized access blocked question

I'm a little concerned since I looked at my full NIS history and never see this warning.
I scanned the DFRGNTFS.EXE and it shows clean
Super Phishing Phryer
Apostolos
Posts: 1,899
Registered: ‎01-06-2011

Re: Unauthorized access blocked question

Hi Calls,

 

No need to be concerned.

All is normal.

Did you launch a manual Windows defragmentation?

Keep in mind that if you let your pc idle for 20 or more minutes, the OS is performing some scheduled tasks and one of those is to defragment your HDD(S).

Go to Control Panel - Scheduled tasks and see how the OS is set to run the Defragmenter.

Hope this helps,

Regular Contributor
Calls
Posts: 2,237
Registered: ‎10-07-2009

Re: Unauthorized access blocked question

That's the thing I did NOT manually launch defragmentation. And my computer is on nearly 24/7 so there would be many times it is idle. Yet only this morning I see these entries. So if it runs even every 3 months when idle, it would be showing in the history log over the last year
Super Phishing Phryer
Apostolos
Posts: 1,899
Registered: ‎01-06-2011

Re: Unauthorized access blocked question

Calls,

 

When u say 24/7, you mean working all day or there are times that it sleeps/hibernate??

If so, the defragmenter doesn't work when the pc is on standby/sleep or hibernation mode.

Again, do not pay much attention, as NIS blocked this process from accessing it's files.

 

Regards,

lmacri
Posts: 1,734
Kudos: 753
Registered: ‎05-05-2009

Re: Unauthorized access blocked question

[ Edited ]

Hi Calls:

 

I believe Bombastus and Apostolos are correct - There's no need for concern.  I have Vista Home Premium 32-bit SP2 on my laptop and frequently see Windows Disk Defragmenter (dfrgntfs.exe) blocked in the Norton Product Tamper Protection section of my Norton History when WDD tries to defrag a Norton file.  I upgraded to NIS 20.x (NIS 2013) and still see these blocks.

 

NIS 2013 dfrgntfs Block.jpg

 

Please note that I have prevented Vista's WWD from running on a schedule (Start | All Programs | Accessories | System Tools | Disk Defragmenter | Run on a Schedule) and WDD will still occasionally run during system idles to defrag critical system boot files - see here for more information.

 

dfrgntfs.jpg

 

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 23.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Regular Contributor
Calls
Posts: 2,237
Registered: ‎10-07-2009

Re: Unauthorized access blocked question

Ok I know it's ok but some reason I'm just stuck on this issue.
I came home today and saw that @9:30am today more of these entries are in the log. but that could be due to me maybe interrupting the process earlier this am.
I see on another post that sometimes NIS uses the DFRGNTFS.EXE????
I looked in my Norton tamper logs and NEVER show these entries.
I checked when the windows defrag last ran and it was 9/7/13 not today
So just perplexed why now.
Thought it might be due to me renewing my subscription, but that's not it I don't think
lmacri
Posts: 1,734
Kudos: 753
Registered: ‎05-05-2009

Re: Unauthorized access blocked question


Calls wrote:

I see on another post that sometimes NIS uses the DFRGNTFS.EXE????


Hi Calls:

 

Two possibilities that I can think of off the top of my head:

 

Do you have Insight Optimizer enabled at Settings | General | Norton Tasks | Idle TIme Optimizer?  I understand that Norton's idletime Insight Optimizer does indeed use WDD's dfrgntfs.exe for defragging - see AllenM's post here.  So if you have Insight Optimizer enabled, this would cause dfrgntfs.exe to run frequently during idles.  If I recall correctly, Norton schedules Insight Optimizer to start a new scan every time you install or update software.

 

Secondly, do you have Windows Disk Defragmenter set to run on a regular schedule (Start | All Programs | Accessories | System Tools | Disk Defragmenter | Run on a Schedule)?  If so, the WDD in Vista uses low CPU priority and can continue to defrag using reduced resources (less CPU and disk read/write activity) even when your computer comes out of idle (see the Wiki article here for more info).  A manual full WDD defrag on my Vista machine takes almost 2 hours of uninterupted time if I leave my system in idle so I imagine that one of these automatic WDD backgound defrags scheduled with the Task Scheduler could take ages to complete.

 

I personally have both Insight Optimizer and regularly scheduled Windows Disk Defragmenter defrags disabled because I don't feel there's any benefit to having defrags running this frequently on my system.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 23.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS