• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Can N360 pop up and recommend the use of Norton Power Eraser?

I was uploading a video to YouTube when suddenly a Norton 'Security Request' appeared. It said something along the lines of 'detecting suspicious amount of outbound traffic and recommends running NPE' I pressed ok. The usual "allow this program to make changes to your pc" prompt came up and I allowed it. Power Eraser run (without restarting the computer...) and said no threats were found. I thought it was just the YouTube video. Much later Norton blocked an intrusion from 'curlmyip.com' and when looking through my security history it turned out that this site had apparently been trying to access files on my computer such as dllhost, svchost and many others, INCLUDING NPE. I think this intrusion was also named "System Infected: Outbound Command/Control traffic" although it may be something slightly different. Is this ok? Can Norton do this? I did a full system scan and another NPE scan and it says there were no threats found. Please don't send me to any websites or tell me to download programs unless it is extremely necessary. My OS is Windows 10, the newest updates were installed when I did the manual NPE scan and my browser is Google Chrome. I use Java but haven't updated yet, and I suspect this may be part of the issue. Thank You :)

Replies

Kudos0

Re: Can N360 pop up and recommend the use of Norton Power Eraser?

System Infected: Outbound Command/Control Traffic
https://www.symantec.com/security_response/attacksignatures/detail

sounds like IPS <info here> is on-the-job.  I'll see NPE prompt on IPS Alerts also. 
an occasional IPS Alert is Norton protection at work.....repeated Alerts and/or repeated Alerts with same Signature is worth investigating.  
To find IPS history.  Look in Security History > Intrusion Protection. 
Sounds like you're looking at Recent History which logs, lots of unrelated events.

Kudos0

Re: Can N360 pop up and recommend the use of Norton Power Eraser?

Thanks for the response! I haven't tried visiting a malicious site, all this was happening while I was unaware so I am unsure of the source of the intrusions. I don't know if the NPE Prompt was suspicious or not, I accepted it the first time it appeared. The IPS has confused me a little though.. It was named "System Infected" etc - Is my system infected and do I need to take any additional action? Thanks!
Kudos0

Re: Can N360 pop up and recommend the use of Norton Power Eraser?

Thanks for the response! I haven't tried visiting a malicious site,

Okay, what were you doing when NPE prompt appeared....any site is potentially malicious.
Have you received an occasional IPS Alert or repeated IPS Alerts.  
Your NPE scan and Norton Full Scan report clean.   Correct ..?   

To find IPS history.  Look in Security History > Intrusion Protection > highlight related orange Medium Severity or red High Severity event > More Options > Alert Summary

System Infected: Outbound Command/Control Traffic
Severity: Medium
This attack could pose a moderate security threat. It does not require immediate action.
Response
No additional steps are needed. Symantec's Network Threat Protection solution has prevented any potential infection attempts from occurring.

https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=28641

Kudos0

Re: Can N360 pop up and recommend the use of Norton Power Eraser?

Today is the first time I've turned on my computer since the incident, and so far everything seems fine. When the NPE Alert appeared, I was uploading a YouTube video. When the Intrusion was blocked, I was running a game (.exe file) which I have been using for quite a while. Now I have been looking through my security history... The files have been tried to opened by C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE Lots of the targets were Norton files, along with other important files. What should I do next, it appears I have some bad stuff on my system!

Edit: The SVCHOST has tried to (open file) while the WBEM thing has tried to (access process data)
Kudos0

Re: Can N360 pop up and recommend the use of Norton Power Eraser?

Um, again....sounds like you're looking at Full History or Recent History. 
Sounds like you're seeing Norton Product Tamper Protection events. 
For IPS look under Intrusion Protection from drop down menu.
NPE pop-up was likely invoked by IPS event. 
Most of History may be ignored.  Most events are logged and reported via Norton telemetry.
You-Tube may be related....to an IPS event.   Any online activity may be related. 
Again, did you receive an occasional IPS Alert or do you receive frequent IPS events. 
Does IPS History show repeated IPS Alerts (events) with same Signature....during limited time period.
As IPS Alert sounds like one time....sounds like IPS <info here> is on-the-job.  Sounds like suspicious traffic was blocked.  No worries.

Kudos0

Re: Can N360 pop up and recommend the use of Norton Power Eraser?

In the Intrusion Prevention section, there are 5 pages. All are just info, except for two medium intrusion attempts - one at 23:48:41 and the other at 23:55:36 on the same date. They both come from the same IP. It may be worth noting that when the pop up appeared I stopped the YouTube upload and after that the scan said there were no threats. I was also logged into Skype during all of this.

The NPE pop up was the first one I have ever got and so far I haven't gotten another one, but the medium-risk file access blocks are concerning me now too.

Kudos0

Re: Can N360 pop up and recommend the use of Norton Power Eraser?

Info is normal.  Med would be block.  YouTube and Skype and etc. present opportunity for suspicious traffic.  
I have 7 pages of Info with some Med and High Severity events Blocked.   Blocked = protection. 

Intrusion Prevention protects you from attacks when you are online. It scans network traffic for attack signatures, such as social threats and outbound attacks that identify attempts to exploit vulnerabilities in your operating system or in a program that you use. To keep you secure, Intrusion Prevention discards packets from computers that try to send data with known attack signatures. It blocks connections to those computers.

https://support.norton.com/sp/en/us/norton-security-with-backup/22.5.5.15/solutions/v15471442

Kudos0

Re: Can N360 pop up and recommend the use of Norton Power Eraser?

Ok, thanks for the help :)

Just one last question - what should I do about the unauthorized access? I understand that they were blocked, but I don't want anything harmful on my system. I've deleted this program I'm suspicious of but it alarms me that Norton says the source is located in \SYSTEM32. Edit: Minutes ago I downloaded Java to update, and these files are trying access things again. I'm quite worried now...

Accepted Solution
Kudos1 Stats

Re: Can N360 pop up and recommend the use of Norton Power Eraser?

Again, sounds like you're looking at Norton Product Tamper Protection events.
"Unauthorized access blocked" under Norton Product Tamper Protection are not reports of malware.
Please review  > About Norton Product Tamper Protection
Norton Product Tamper Protection prevents outside programs from making changes to the Norton product.  Norton Product Tamper Protection protects your Norton product from an attack or modification by any virus or other unknown threat. Norton Product Tamper Protection view in the Security History window displays details about unauthorized attempts to modify Norton processes aka "Unauthorized Access Blocked"
NPTP events are not threats.   NPTP events are not reports of malware. 
NPTP is simply logging Actor too close to Norton.
Security History offers a lot of information.  Info value takes a little experience.  
https://support.norton.com/sp/en/us/norton-security-with-backup/22.5.5.15/solutions/v5458686

Kudos0

Re: Can N360 pop up and recommend the use of Norton Power Eraser?

Ok, thank you for all your help :)
Kudos0

Re: Can N360 pop up and recommend the use of Norton Power Eraser?

Linda C:  Ok, thank you for all your help :)

Java is recommended not to run unless you must. 
If you must, leave JRE disabled when not in use. 
If Java is not needed, best to remove....IMO

This thread is closed from further comment. Please visit the forum to start a new thread.