• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Norton Firewall Issues

Hello all,

After the recent Snow Leopard update (10.6.3), upon restarting my computer, a window came up apparently from a Norton product (I think it was the Firewall, though I am not sure), asking whether to allow Finder to have connection to something called "vapornet" that purported to be from princeton.edu (where I attend school). Upon ignoring the window (neither canceling nor okaying it), another (I think, identical) one popped up, which I then allowed. I later emailed the school's tech people who said that "vapornet" is a "subnet of the Princeton network." (I don't know what that means)

I would not give this a second thought if it weren't the case that:

(1) I don't remember ever having seen a window like this from the Firewall before. Is this normal? Should Finder be going around looking to hook up like this, and why haven't I ever been asked this before?

(2) More importantly, for the last several months, I have not been able to open the actual Firewall to look at anything because everytime I do, the program hangs and does not respond (the rainbow swirly thing keeps spinning) unless I force quit (this is a problem that preceded the window pop up thing). I hadn't really cared about this all that much before, since I saw no reason to go into the Firewall interface, but now I'd like to check the history to see what I allowed. Is there some way to fix Firewall? Should I reinstall? How should I do that? And will doing so erase the previous history log?

Thanks,

J

Replies

Kudos0

Re: Norton Firewall Issues

Hello all,

After the recent Snow Leopard update (10.6.3), upon restarting my computer, a window came up apparently from a Norton product (I think it was the Firewall, though I am not sure), asking whether to allow Finder to have connection to something called "vapornet" that purported to be from princeton.edu (where I attend school). Upon ignoring the window (neither canceling nor okaying it), another (I think, identical) one popped up, which I then allowed. I later emailed the school's tech people who said that "vapornet" is a "subnet of the Princeton network." (I don't know what that means)

I would not give this a second thought if it weren't the case that:

(1) I don't remember ever having seen a window like this from the Firewall before. Is this normal? Should Finder be going around looking to hook up like this, and why haven't I ever been asked this before?

(2) More importantly, for the last several months, I have not been able to open the actual Firewall to look at anything because everytime I do, the program hangs and does not respond (the rainbow swirly thing keeps spinning) unless I force quit (this is a problem that preceded the window pop up thing). I hadn't really cared about this all that much before, since I saw no reason to go into the Firewall interface, but now I'd like to check the history to see what I allowed. Is there some way to fix Firewall? Should I reinstall? How should I do that? And will doing so erase the previous history log?

Thanks,

J

Kudos0

Re: Norton Firewall Issues

It sounds like somebody tried to access your Mac. A subnet (which "vapornet" is) basically means that the Princeton network has multiple "zones" or "areas". This is very common, especially at a large institution. Instead of having everybody be on the same "zone" or "subnet", the Princeton network administrators divided it up so that they can more easily manage things. Somebody on another part of your network (another subnet) tried to access your Mac.

This isn't necessarily bad or anything; some programs try to connect to other computers. Sometimes it's for a specific feature (like sharing a file) and sometimes they just do it randomly. Nothing to be alarmed about. If you don't know the person, and weren't expecting somebody to connect to your Mac, you can just click Deny, If you get a lot o alerts, you can setup the firewall to deny all connections to that applicaiton, but you shouldn't be getting a lot of them.

As for problem #2: You shouldn't uninstall, as that won't fix anything. Next time the issue happens, use the Activity Monitor application to "Sample" the Norton Firewall application:

1) After launching Norton Firewall (and it gets "stuck) open the Activity Monitor application, which is in Applications -> Utlities.

2) Find the Norton Firewall application in the Activity Monitor list, and double cilck on it.

3) Click on the "Sample" button in the window that should appear.

Post the output of the Sample button here on the forums. That will tell us why the application is hanging, and that will give a clue what we can do to fix it.

Sorry for the problems.

Ryan

Ryan McGann Technical Director Norton Business Unit, Symantec
Kudos0

Re: Norton Firewall Issues

Thanks for the quick response.

You said that, if the connection prompt is unexpected or random, I should just deny it. Was there any kind of security risk involved in my accepting it at the time? (I believe the relevant application was Finder.) Is there, for example, any possibility that this allowed someone to remotely install some program onto my Mac, or gain the ability to intercept confidential information I send through the internet (passwords and such), or steal/modify any of the files on my computer? That someone tried to get into my Mac sounds pretty ominous (though you said it might be just something random).

The sample of the Firewall is attached.

Thanks again for the fast and professional help.

J

Kudos0

Re: Norton Firewall Issues

The hanging problem seems to be related to one of your log file for the firewall. Unfortunately it's not possible to tell which one from the backtrace. The easiest fix would be to rename the entire Logs folder and restart your Mac, which will cause the log files to be re-created. To do this:

1) Launch the Terminal application (Applications -> Utilities)

2) In the Terminal window, type (or copy & paste) without the quotes

sudo mv /Library/Application\ Support/Symantec/SymUIAgent/Logs/ ~/Desktop

3) When prompted for your password, enter it.

This will move your Logs folder to the Desktop. Then restart your Mac. This should fix the hanging problem. Unfortunately, you will lose your history, but at least the application won't hang when you launch it. If you want us to look into it further, we can try and take a look at your log files, as long as you feel ok with that (the log files do contain personal information like your IP address and your computer name). If that's something you want to pursue, contact me via private message and I will give you my e-mail address.

As for the alerts you saw: while it's possible that you did give somebody access to your Mac, it's unlikely. Most of the attempts to access your Mac are benign. Without knowing what application they were using (the alert contained that information), I'll guess it was a Windows computer that was searching for other Windows computers to talk to. It also might have been a program like iChat on another Mac, and somebody was just trying to say hello. I wouldn't be too concerned about it, especially since it just happened once. We have other features in the product, like Vulnerability Protection, that monitor people once they are connected to your Mac, so even if you granted them access, that doesn't give them free reign over your computer. However, to be safe you should make sure your Mac has a good strong password on it. If people do manage to connect to your shared files (via File Sharing), your Mac's password is the only defense. 

Ryan McGann Technical Director Norton Business Unit, Symantec
Kudos0

Re: Norton Firewall Issues

"We have other features in the product, like Vulnerability Protection, that monitor people once they are connected to your Mac, so even if you granted them access, that doesn't give them free reign over your computer. However, to be safe you should make sure your Mac has a good strong password on it. If people do manage to connect to your shared files (via File Sharing), your Mac's password is the only defense."

I'm assuming from this, that it would not be possible, via my merely allowing access, for the third-party to install some kind of keylogger, or spoof Mac prompts asking for passwords. That is, they would need to know the password antecedently or be able to guess it?

If you think there is no need to specifically track down the offending log entry in Firewall, I'd be fine with just following the instructions you gave.

Thanks again,

J

This thread is closed from further comment. Please visit the forum to start a new thread.