• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Windows 10 1803 Norton firewall broken on "private" network

With the Windows 10 upgrade from 1709 to 1803, suddenly the Norton Security firewall started blocking file sharing and ICMP echo (ping) requests.  The network is set up as a windows "private" network, with a static IP V4 address set.  Further investigation (adding monitor and allow rules in the firewall), showed that the traffic was no longer being processed by the private network (local subnet) rules.  It is as if the firewall is simply not recognizing traffic as coming from the local subnet.  Just for the heck of it, I changed the IP address to DHCP acquired, and traffic was now being processed correctly by the private rules. Unfortunately, I prefer to set static addresses because of some native sockets apps I use.  

Has anyone seen anything similar? 

Strangely enough, this problem only exists on one 1803 machine of several I have.  Windows 10 Pro, Intel 8700, Asus Z370 mobo, latest drivers and BIOS. Problem exists on a 1709->1803 upgrade, as well as a clean 1803 install.  IP addresses and netmasks double checked. 

Any enlightenment would be appreciated. 

Replies

Kudos0

Re: Windows 10 1803 Norton firewall broken on "private" network

The major Windows updates can cause all kinds of havoc with installed apps. Sometimes you have not issues at all. Sometimes you may end up reinstalling some apps, or even Windows itself.

Have you temporarily disabled the Norton Firewall to test if you are still getting blocked?

Maybe a firewall reset might fix things for you. To reset the Norton firewall, from the main Norton Security screen click on Settings - Firewall. On the General tab, click on Reset beside Firewall Reset. Restart your computer. As you use programs that access your network/internet, the firewall rules will be created again.

Things happen. Export/Backup your Identity Safe data.
Kudos0

Re: Windows 10 1803 Norton firewall broken on "private" network

Peter(?),

Thank you for taking time to respond.  I tried to keep my post clear and succinct, but here is some more detail. Hope this answers your questions.

I did all of the usual stuff to determine whether the NIS (Norton) firewall was the problem.  Among the steps I took were the following:

  • Turning off the firewall. (problem disappeared).  So the firewall appeared to be the culprit/victim.
  • De-installing and reinstalling the firewall. Problem still.
  • Resetting the firewall.  Problem still.
  • Installing Windows 1803 from scratch, with the only addition being NIS.  Trying to determine whether something was bolluxed up in the update process.  Problem persisted.
  • Started looking at firewall log entries.  Could see the default "blocks" for file sharing traffic on ports 137, 138, 139, and 445, depending on the system I was coming from.  (The file sharing is name/password, not the old workgroup stuff, btw.) Added monitoring to the default block for ICMP port 8 traffic, and it was hit as well.  Made no sense that the default blocks were hit, since there were private network "allows" earlier in the rules.  It appeared that the firewall was not processing the traffic as if it came from the private subnet.
  • Added "allows" for "any computer" with "monitoring" for ports 8, 137, 138, 139, and 445 at the top of the rules list.  Rules executed, and everything now worked for file sharing and ping traffic from other windows and Linux (Samba) machines.
  • Disabled my custom rules, and everything failed again.
  • On a hunch, changed the IP address to DHCP, and everything worked.  
  • Added monitor rules watching traffic from "local subnet" to top of rules list.  They were executed.  Interpretation: firewall was now recognizing traffic as coming from the local private subnet
  • Changed back to static IP...broken again.  

So I guess the fundamental questions I have are:

  • How does the NIS firewall pick up the network information to determine whether traffic is truly local or not
  • What has changed in 1803, when it worked fine in 1709
  • Why does it work with V4 DHCP, and not with static
  • Is there something unique about the ethernet adapter/driver on the Asus Z370 mobo causing this to happen

Certainly I could bypass this problem a number of ways such as putting machines in the full trust list (too open),  leaving custom rules in place, or trying to manage the address randomness of a DHCP environment.  I could even hang back on 1709, but that might only delay the ultimate. None of these options are optimal. 

I've also opened up a problem with Norton, but I'm sure this isn't their highest priority, unless it's been reported by a number of people.  One of the reasons I opened this forum entry.  I've been poking around other forums and have not found anything I could recognize as similar. 

Sorry for burying you in detail, but perhaps this will help. A strange problem. 

Thanks again...Walt

Kudos0

Re: Windows 10 1803 Norton firewall broken on "private" network

Most of what you are posting is over my head. I never really got into the intricacies of networking.

The other computers you have on 1803, are they all configured the same as far as Norton's firewall is concerned?  

Is this problem computer being used as a file server or some other shared resource for the other computers?

Are all the computers that you are allowing to connect to the problem computer all belonging to you? ie Can you trust the users of those machines on your network? If so, setting all computers to trusted should not be a problem. Those computers will be trusted, but any other computers outside the trusted ones would have the stricter access controls you would expect.

But then again, hopefully someone with more experience with the firewall can give some proper guidance. 

Things happen. Export/Backup your Identity Safe data.
Kudos0

Re: Windows 10 1803 Norton firewall broken on "private" network

Hello Walt. Windows 10 1803 disables SMBv1 by default, as such the Home Group for file sharing is also not available. One thing comes to mind, have you looked at MAC address filtering at your router/modem level? Is IPV6 also enabled on the router/modem? On the problem machine(s) have you set your Norton product network trust level on all devices on 1803? I believe you may have said yet but had rather ask than assume. See screenshot.

Cheers

Retired military (Navy 1980-2002) "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1803 / build 17134.228 / NSBU 22.15.0.88 / Norton Core v.260 / Norton BETA tester
Kudos0

Re: Windows 10 1803 Norton firewall broken on "private" network

Peterweb,

In answer to your good questions:

  • All of the other 1803 computers use the windows settings of "private", with the corresponding "private" defaults in Norton.  All have static IP addresses.
  • Yes, the machine in question is used as a file server, with shared files.  But one of the other machines is as well, but works fine.
  • As far as trust level, some of the machines (Linux ones in particular, including Ubuntu and Pi's) run a lot of open source, downloaded software. Although not paranoid, I do tend to be careful...including access to other machines on the same subnet.  Since I have not looked at every rule in Norton, I am leery of specifying "full trust".  Perhaps not an exposure above the private rules, but not sure.

Thanks again for for your thoughts.

Walt

Kudos0

Re: Windows 10 1803 Norton firewall broken on "private" network

SoulAsylum,

Thanks for your interest. Again, very good questions.  

  • SMBV1 has been disabled on every Windows box for quite awhile, and I've never used homegroups.  I turned SMBV1  off on all machines after the news of the security exposures first came out.  All of the other non-Windows machines are running Samba capable of SMBV2 or V3.  
  • The router is has V6 turned on.  Although none of the traffic should be crossing any router/gateway.  All of the machines in question (clients, servers) are on the same subnet, so I wouldn't think any filtering would take effect. As I mentioned above, the traffic is hitting the Norton firewall, but by default seemed to have been blocked. And everything works if the Norton firewall is turned off. 
  • And to the your most important question, the Network Trust Level in Norton reads "Private", whether I have a static or DHCP assigned address.  I also checked the Norton log, and it says it is connecting to a private network for that subnet.  Public for the 127.0.0.0 loopback adapter. The other log entries all show traffic coming from the addresses on the subnet, including the original "blocks" listed earlier.  So it is really perplexing that the "private" rules are not hit.

I keep hoping there is something I've missed, but so far still in the dark. 

Thanks much for your thoughts...Walt

Ps: I hear you....I'm IBM 360 CP/CMS to Windows 10. How time flies. 

Kudos0

Re: Windows 10 1803 Norton firewall broken on "private" network

Qualitatively, the same boat: After 1803, the two PCs on our private network could not get the long-time access they had through file sharing.

Though I had used Homegroup fleetingly when we got these two new PCs w/win10, it was based on a now discarded Win7 machine -- which might have left 'Homegroup' bits about on the Win10 PCs. I did run across Homegroup 'user' accesses as I cleaned up 'sharing' for the cross-machine folders I use. (I think) They're gone now.

I have fiddled with many settings suggested about the web/MS to no avail. (SMB v1 Client is now enabled.)

I have not done much re networking or Norton, but I probably follow the gist here.

In principle, Windows 10 1803 is still broken for me. I have untweaked-access via IP address from one PC ('A') to the other ('X'), but not from X to A.

But thanks to this thread, I now have a semblance of file sharing. I found my way to Norton's 'Device Trust' for X: And X's access has persisted through at least one restart. (The two PCs are now statically addressed.)

But am still 'in the dark': Walt, thanks for initiating this thread.

Pps: I too am from mainframe 360s days until whatever in 2005, assembler to Natural; PCs at home into Windows since about 1985.

g

Kudos0

Re: Windows 10 1803 Norton firewall broken on "private" network

g,

Thanks for your input as well. Sorry to hear you are having some odd networking problems too. 

Since I have not heard anything back from Norton support, and I'm a little weary of fighting this, I looked at and took a different path relative to this problem.  I used the DHCP MAC address reservation feature on this subnet's Netgear router to assign specific (static equivalent) addresses, and everything now works.  Seems like the cleanest way to do this without implementing and maintaining the firewall definitions. Perhaps the problem will disappear in 1809 or whatever the next Windows release is, but I'm not holding my breath.   Again, why DHCP assigned addresses work, and static ones do not, is a mystery. 

And since I have gone down this path, it would be an even better solution if the Netgear router(s) supported local DNS as well. Then the "\etc\host" file definitions could be eliminated.  Perhaps there is a brand of consumer router which does support local DNS, or a way to make it work with the Netgear routers (AC1600 in this case).  Netbios does not need it, but helpful with native IP applications. The next challenge to take on. 

Regards,

Walt

Kudos0

Re: Windows 10 1803 Norton firewall broken on "private" network

Walt. Have you opened your Norton settings under firewall, then scrolled over to "traffic rules". The top rule in my set is the default for ICMP echo. Click "view". You should be able to "view rule" with several tabs present. Have you tinkered with these settings as well at some point?

Cheers

Retired military (Navy 1980-2002) "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1803 / build 17134.228 / NSBU 22.15.0.88 / Norton Core v.260 / Norton BETA tester
Kudos0

Re: Windows 10 1803 Norton firewall broken on "private" network

The following announcement from Microsoft support is relevant to this problem.  In my case, following a Microsoft Update, a system that had the latest version of Norton Security began to fail when a "scan to network folder" request was entered from the control panel of an HP M3035 multifunction laser printer.  Oddly, scanning a single page often worked, but scanning multiple pages would usually hang.  I inspected the Windows system logs related to SMB, and found error messages of the kind stated in this announcement.

SMBv1 is not installed by default in Windows 10 Fall Creators Update and Windows Server, version 1709 and later versions

In a support document "SMB Protocol Support for HP Printing Devices", HP claims that the M3035 does support SMBv2.  I have installed their latest firmware, but the failure persists.  I need to learn how to tell the printer to use SMBv2, and not attempt to use SMBv1.

Kudos0

Re: Windows 10 1803 Norton firewall broken on "private" network

Hello Wayne. Have you enabled "SMB Direct" in programs and features within the control panel? I use that setting on all my systems without issues. Here is an HP document which lists SMB support on HP devices. This article from MS may help as you both are technically proficient, although I believe SMBv2 is automatically enabled on Windows 10. Using elevated power shell commands will enable or disable as applicable. Since SMBv2 is already enabled on W10 the printer firmware would be the most likely issue. Is this the firmware you have installed on the printer?

Cheers

Retired military (Navy 1980-2002) "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1803 / build 17134.228 / NSBU 22.15.0.88 / Norton Core v.260 / Norton BETA tester
Kudos0

Re: Windows 10 1803 Norton firewall broken on "private" network

thanks for sharing, it helps me.

Kudos0

Re: Windows 10 1803 Norton firewall broken on "private" network

Thanks for the info and the links,  From using the Event Viewer, it appears that the HP M3035 is attempting to use SMBv1:

SMB1 negotiate response received from remote device when SMB1 cannot be negotiated by the local computer. 

Dialect: The reason is not specified

 Server name: 12

 Guidance:
The client has SMB1 disabled or uninstalled. For more information: https://go.microsoft.com/fwlink/?linkid=852747.

Although HP's list says that the M3035 supports SMBv2, I haven't found any informational events saying that the printer tried to use SMBv2 or SMBv3 instead.  Still, I don't know if the printer tried to establish an SMBv2 session, was successful, and the printer then hung for another reason.  I do have the 48.430.1 firmware installed that is indicated by your link.

So, here are my answers to your questions:

  1. I have not enabled SMB Direct, because it seems to be an SMBv3 feature, and I don't think the printer will try to use it.  It does seem like something worth trying.
  2. The Windows system is configured as your Powershell session indicates:  SMBv1 is disabled, and SMBv2 is enabled.  I could experiment with enabling SMBv1 to see if it fixes the printer hang problem, but I don't want to keep SMBv1 enabled due to its vulnerability.

It appears to be Patch Tuesday; some new updates to my Windows 10 Version 1803 have just been downloaded.  I'll install those and see if they make any difference.

Kudos0

Re: Windows 10 1803 Norton firewall broken on "private" network

SoulAsylum,

Hello.  

An ICMP default inbound allow rule is the top rule in my list (I assume it is the same you are looking at).  It has an allow rule for ICMP 0 and 4 traffic, but is unchecked (no X), and is grayed out (read only and therefore unselectable). So I assume it is not in effect.  I'm not sure when that rule would be activate-able, as I tried both full trust and restricted for default network access, and the rule was always read-only.

The ICMP echo rule I had created in order to get ping responses was an "allow" for ICMP 8 from "any computer".  It was basically a clone of a private "local subnet"  allow rule further down the list. As a matter of fact, all of my "allow" rules were essentially clones of private rules further down the list, with "any computer" specified instead of "local subnet". 

Walt