Re: Need help (getting unusually high number of alerts) in security history

Carlos_Linares · ‎09-09-2008

Are you using NIS/NAV/N360 2010 or 2011? We've addressed extraneous logging with our latest SONAR update (Feb 28, 2011)

Carlos Linares
SQA Analyst
Symantec Corporation

10Q · ‎02-16-2011

Using whatever Comcast provides. But I think this recent update (Feb 28) took care of the problem as I don't see anymore logs.

Thanks .

I had a life once… now I have a computer and a modem.

Carlos_Linares · ‎09-09-2008

Can the OP (BUZ) mark the problem solved, please? :)

Carlos Linares
SQA Analyst
Symantec Corporation

SlowGuy · ‎06-09-2010

In spite of the recent Norton update my second computer is still loggin Unauthorized Access Blocked Alerts. So it appears that the problem has not been resolved, unless I have a separate issue with that computer.

SendOfJive · ‎02-07-2009

Hi SlowGuy,

The problem is not that there are access blocked entries - there should normally be some. The issue was that Norton was suddenly logging a huge number of "Set file attributes" events, which should not have been logged. If you are still seeing some miscellaneous entries in the Norton Product Tamper Protection every day, that is normal. You should not see hundreds of "Set file attributes" events.

SlowGuy · ‎06-09-2010

Thanks SendOfJive,

It is approximately 10:30 PM and today there were 22 events as follows:

Actor: c:\program files\google\update\googleupdate.exe

Target: C:\Program Files\Norton Security Suite\Engine3.8.0.41\ccSvcHst.exe

Action: Open Process Token

This is less than before, but it is disconcerting to have 22 "red dots" indicatining High Risk events. Looking back through the Recent History, there have been at least that many each day.

Should this be considered normal?

Thanks again...

SendOfJive · ‎02-07-2009

Hi SlowGuy,

I had 16 instances of Google Update, today. This is very normal for Google Update, which launches once or twice an hour it seems. It is nothing to worry about. If you have any Google application on your PC you are going to get a lot of these, and they are harmless. It is a well documented situation that has been going on for years.

SlowGuy · ‎06-09-2010

Thanks, SendOfJive.

If it is normal, then I won't worry about it. It would seem that Norton should not classify these as High Risk though. It is very confusing to a "slow guy" like me. And it causes a lot of unnecessary concern. I hope they work on a fix to this issue as well since it appears to be a false alert.

Thanks again for your reply and help.