• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Huge pc and norton problem

Greetings

I have norton 3 years already. And after one year I decided to format my pc

Installed all drivers,norton and apps like steam

Then I noticed norton just installed program "Norton Security Scan". I didn't click anything to accept it

So I wanted to see what is it and just click. But only got error about missing file and "/ROLLOUT" or something like that then something reboot my pc. After reboot NSS disappeared and back after a few minutes with the same error and reboot. Today in the morning got some red msgs about disabled SONAR and auto-protect.

I panic and format my pc again. Now I have norton premium and I for now I can't see any new programs

But now I have 4 msgs in my norto history:

""Default block EPMAP "" rejected TCP(6) (0.0.0.0 port (0) )

""Default block EPMAP "" rejected TCP(6) (;;0 Port (0) )

""Default block Windows File Sharing rejected TCP(6) (0.0.0.0 port (0) )

""Default block Microsoft Windows 2000 SMB rejected TCP(6) (;;0 Port (0) )

"Default block Web Services on Devices rejected TCP(6) (;;0 Port (0) )

I don't feel safe anymore and I'm worried about my accounts

Replies

Kudos2 Stats

Re: Huge pc and norton problem

Default block EPMAP : https://community.norton.com/en/comment/2450193#comment-2450193

Default block Windows File Sharing rejected TCP(6) (0.0.0.0 port (0) ) - This is a Default Block Rule in the Symantec Firewall, so there's no need to be worried.

Default block Windows File Sharing rejected - https://community.norton.com/en/comment/3320753#comment-3320753

Default block Web Services on Devices rejected - https://community.norton.com/en/comment/4472903#comment-4472903

Theses are NORMAL and shouldn't be of great concern unless of course you see logged these same services with rolling port changes that would indicate an outside attack. Best practices are NOT running multiple antiviral software installs on a device as they cause conflicts. If your Norton history doesn't show a threat as being detected, having NOT been resolved there is a problem which requires further attention. Please download and run Malwarebytes, it is free and runs great alongside Norton products. It finds things Norton is not designed to detect and will allow you to remove them. Post back here if you need further assistance. https://www.malwarebytes.com/

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.437 / NCSP 22.17.0.183 / Norton Core v.282 on Android 1.93
Kudos0

Re: Huge pc and norton problem

I'm worried about EPMAP, because I think norton blocks EPMAP when other devices trying to access your pc. My firewall is private and now pc is the only one thing connected so other thing trying to access my pc?

And how can I identify outside attack?

Also, malwarebytes scan is done and 0 detections

Kudos0

Re: Huge pc and norton problem

EPMAP is a Windows service for remotely managed services. IF you do not use a VPN, or connect to a remote server disable these settings listed below in the system services. Find the "RUN" command area and type in services.msc press enter. Find these services and highlight one at a time. Right mouse click and select properties. In startup type select disable, save. When done close services and reboot. Recheck for your issue persisting.

Remote Desktop Configuration

Remote Desktop Services

Remote Registry

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.437 / NCSP 22.17.0.183 / Norton Core v.282 on Android 1.93
Kudos0

Re: Huge pc and norton problem

By "these services" you mean 

Remote Desktop Configuration

Remote Desktop Services

Remote Registry

Right?

I'm sorry but I never touch services so I don't want to mess it :)

Kudos0

Re: Huge pc and norton problem

Very well. If you have an outside attack against your network it will show up as multiple entries in your firewall settings in Norton. If your software such as FlashPlayer,JAVA and others are update to date as well as Windows you should be protected against outside interference.

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.437 / NCSP 22.17.0.183 / Norton Core v.282 on Android 1.93
Kudos0

Re: Huge pc and norton problem

So just to make sure, I don't need to worry about all the "default block rule" cause it's not attack.

And I just formatted my pc so I don't have flashplayer and java I think

But like in previous link post about EPMAP "something on your own network tried to communicate with your PC and was prevented from doing so by this Norton default rule." so something trying to connect with me all the time?

Kudos1 Stats

Re: Huge pc and norton problem

The Norton Firewall blocks specific protocols, depending on whether you are on a public or a private network (protocols necessary for a local network of devices to communicate with each other are allowed on a private network, but blocked on a public one).  What you are seeing are just log entries of Norton invoking a rule when traffic matches a protocol that is not allowed.  It really isn't an attack, per se.  Actual attacks are generally intercepted by IPS, and you generally will see an alert on your screen at the time the attack occurs, unless you have disabled these notifications in your Norton settings.  The whole idea of a firewall is to block specific types of traffic that may pose a risk.  What you are seeing in the logs is just a record of the firewall performing the job it is there to do.  Nothing to be concerned about.

Kudos0

Re: Huge pc and norton problem

I remember a few months ago I had EPMAP detection ONLY when I wanted to share files between 2 PCs, but now I have one only.

That's why I'm kinda curious and worried. It's feeling like someone "hacked" my router and trying to get access to my pc

Kudos0

Re: Huge pc and norton problem

Kellykun:

...Then I noticed norton just installed program "Norton Security Scan". I didn't click anything to accept it... I panic and format my pc again. Now I have norton premium and I for now I can't see any new programs

Hi Kellykun:

See the thread Norton Security Scanner 2007 for some information on this free (and in my opinion, completely useless ) utility from Symantec.  It's not a required component of your Norton Security software and I believe you should be able to uninstall it from Control Panel | Programs | Programs and Features if it still appears in your list of installed program after your second re-format. 

I've been a Norton user for several years and never had this Norton Security Scan utility installed on my computer, but bjm_'s image <here> in that same thread shows that this utility can be easily installed without the user's knowledge when running other Norton utilities like the Norton Remove and Reinstall (NRnR) tool.
---------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.4.0 * NS Premium v22.11.0.41 * MB Premium v3.3.1

Kudos0

Re: Huge pc and norton problem

It really scared me when I got something new installed and appeared on my deskop without my permission and knowledge... but I don't think any malware download things like Norton Security Scan :D

I have a last question

If my router/modem is infected by malware or something like that, things like norton full scan, NPE, or malwarebytes will detect it?

Kudos0

Re: Huge pc and norton problem

Kellykun:
... I remember a few months ago I had EPMAP detection ONLY when I wanted to share files between 2 PCs, but now I have one only....If my router/modem is infected by malware or something like that, things like norton full scan, NPE, or malwarebytes will detect it?

Hi Kellykun:

I agree with SendOfJive's comments <here>.  Every Norton user will see these Default Block messages with a severity of "Info" logged in the Firewall Activities section of their security history and it's nothing to be concerned about.  Here's a screenshot from my own security history showing a small sample of the recent firewall activity logged, including a few of these Rule "Default Block EPMAP" rejected notices:


Your Norton Smart Firewall is a two-way firewall that should automatically block and alert you to any suspicious inbound or outbound activity with a pop-up notification - see the support article Norton Smart Firewall.  Your real-time protection (Auto-Protect) also has multiple layers of protection that can catch malware as it is being downloaded, installed or when it tries to execute. No one security program is 100% effective in stopping all threats, but if you suspect you're infected I normally suggest running a Norton Full System scan to look for higher risk malware, followed by a second-opinion on-demand scan with the free Malwarebytes v3.x recommended <here> by SoulAsylum to look for lower-risk PUPs (potentially unwanted programs like an unwanted browser toolbar or adware).  If neither scan detects any threats then you can be reasonably confident your system is clean.

I've posted a few hints in Help Me Ronda's thread Detected Outbound Traffic on how run a Threat Scan using the free Malwarebytes.  That same post has a warning about using the Norton Power Eraser (NPE), which is a rescue tool that should only be run in emergency situations when your operating system becomes unstable or you have a persistent problem that cannot be fixed by standard antivirus / anti-malware scans.
---------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.4.0 * NS Premium v22.11.0.41 * MB Premium v3.3.1

Kudos0

Re: Huge pc and norton problem

Thanks for the screenshot :) I used NIS before format and I had only "Default block Web Services on Devices rejected TCP(6) (;;0 Port (0) ) in my firewall activities. Now I have the premium one so maybe that's why I see more things in activities. But don't know why everytime I open my browser I have cmd.exe and conhost.exe running in my processes.

And I used NPE many times but I know it's very "aggressive" and I shouldn't remove anything so fast. Also scanning my pc everyday with full scan and now with malwarebytes and for now I can't see any infected files. 

So I hope I'm safe already :)

Kudos1 Stats

Re: Huge pc and norton problem

Kellykun:

I have norton 3 years already. And after one year I decided to format my pc...Installed all drivers,norton and apps like steam

Hi Kellykun:

If you're a Steam user you might also find some helpful hints in Jimmy1204's thread I Need Help With a Game.

...And I used NPE many times but I know it's very "aggressive" and I shouldn't remove anything so fast. Also scanning my pc everyday with full scan and now with malwarebytes and for now I can't see any infected files.

Everyone has their own preference for how frequently they scan for malware, but the background Norton Quick Scans that run during system idles are automatically scheduled every time an updated virus (SDS) definition set is delivered by an Automatic LiveUpdate, which is typically once or twice a day.  These Quick Scans are designed to scan areas of your computer that viruses and other security threats usually target (e.g., system memory, programs and objects loaded into memory after your computer is started, boot sectors, network and browser items, program files and directories, etc.).

A few years ago Symantec increased the number of locations that Quick Scans look for malware.  That means that Quick Scans are more thorough and take longer to run to completion, but that's why monthly Norton Full System Scans are now disabled by default in Norton v22.x.  I still schedule a Full System Scan to run once a month during system idles (see the support article Schedule a Full System Scan) just to check all the files on my hard drive for higher-risk malware that might have slipped past Norton's Download Insight and other real-time protection layers, and add a Malwarebytes Threat Scan (which is similar to a Norton Quick Scan) once or twice a week to look for lower-risk PUPs (potentially unwanted programs) and PUMs (potentially unwanted modifications of the registry) like browser toolbars and adware that are occasionally missed by Norton.

Just a further word of caution about the Norton Power Eraser (NPE).  There have been many users in this forum who damaged their system files running the NPE - see Larry_A's thread Ran NPE and Now Computer Won't Boot to Windows for one example.  In Larry_A's case he could not re-boot his computer to restart NPE and use the "Undo Previous Fix" option to restore the system files deleted by NPE and ended up bricking his computer.

If you ever have a malware infection that can't be removed by Norton and/or Malwarebytes I'd recommend posting in one of the free malware removal sites listed in delphinium's thread Malware Removal Forum Recommendations (my personal favourites are bleepingcomputer and What the Tech) and work one-on-one with a trained malware removal specialist to safely clean your system.
---------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.4.0 * NS Premium v22.11.0.41 * MB Premium v3.3.1

Kudos0

Re: Huge pc and norton problem

Kellykun:

If my router/modem is infected by malware or something like that, things like norton full scan, NPE, or malwarebytes will detect it?

Hi Kellykun:

SendOfJive has more expertise in this area, but there's a good post <here> by malware removal expert quietman7 in the bleepingcomputer forum which states in part:

"Routers can be compromised if they have a weak or default password which attackers can easily guess or break using a dictionary attack or brute force attack. Some routers have known vulnerabilities which can be exploited to open them up to attacks without needing to know the proper password. Malware which can modify routers are rare and may require the router to be a specific make, model and firmware revision..."

There is firmware running on the memory chips embedded in hardware devices like modems but this software has very limited functionality. My understanding is that infections like DNS Changer trojans are dropped on the local computer (i.e., not on the modem) and can be detected an antivirus scan, although the router's DNS table will likely have to be flushed/reset once the trojan is removed - see the TrendMicro article How DNS Changer Trojans Direct Users to Threats.

If I'm wrong about that I'm sure someone else following this thread will jump in and correct me.
---------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.5.0 * NS Premium v22.11.2.7 * MB Premium v3.3.1

This thread is closed from further comment. Please visit the forum to start a new thread.