• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

SkyDrive.exe, Spoolsv.exe, dasHost.exe, wsqmcons.exe blocked cannot unblock n360 Vers 22.5.0.124 update

In the process of dealing with all the firewall issues caused by the n360 Vers 22.5.0.124 update, I have come across some more issues.

The following programs cannot be given access: SkyDrive.exe, Spoolsv.exe, dasHost.exe, and wsqmcons.exe

Norton's browser as in "Firewall->Program Control->Add" does not display them at all, even though they are not protected from access see the attached pdfs.

All four of these programs are in the "C:\Windows\System32" folder and not protected from read access and are not hidden systems files.

For example:
##
C:\WINDOWS\system32>cacls SkyDrive.exe
C:\WINDOWS\system32\SkyDrive.exe
 NT SERVICE\TrustedInstaller:F
 BUILTIN\Administrators:R
 NT AUTHORITY\SYSTEM:R
 BUILTIN\Users:R
 APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:R

C:\WINDOWS\system32>attrib SkyDrive.exe
A            C:\WINDOWS\system32\SkyDrive.exe
##

As suggested in my first post "livecom.exe blocked cannot unblock n360 Vers 22.5.0.124 update": 'An Action needs to be added to the "Security History" panel to provide a simple way to unblock an entry, so when this happens on the next update there is a simple work around.'

Alert entries: Category Firewall - Activities
##
Activity: Info, You blocked OneDrive Sync Engine from accessing your network resources
Program Path: C:\Windows\System32\SkyDrive.exe
Local Computer: 192.168.1.153, 56612
Traffic Description: Outbound TCP, https
##
Activity: Info, You blocked Spooler SubSystem App from accessing your network resources
Program Path: C:\Windows\System32\Spoolsv.exe
Traffic Description: Outbound TCP, Port 3911
##
Activity: Info You blocked Device Association Framework Provider Host from accessing your network resources
Program Path: C:\Windows\System32\dasHost.exe
Local Computer: 192.168.1.153, 57279
Traffic Description: Outbound TCP, Port 3910
##
Activity: Info, You blocked Windows SQM Consolidator from accessing your network resources
Program Path: C:\Windows\System32\wsqmcons.exe
Local Computer: 192.168.1.153, 57205
Traffic Description: Outbound TCP, https
##

This is on a Windows 8 system.

None of these programs should have been blocked, they are all standard systems programs from Microsoft. If there are issues fine, but explain why they are blocked.

I have given up contacting support for each one of these, since I donot have the time wait in the queues for 20 minutes or more at a time.

File Attachment: 

Replies

Kudos0

Re: SkyDrive.exe, Spoolsv.exe, dasHost.exe, wsqmcons.exe blocked cannot unblock n360 Vers 22.5.0.124 update

Please reset Smart Firewall and confirm Automatic Program Control is On

Kudos0

Re: SkyDrive.exe, Spoolsv.exe, dasHost.exe, wsqmcons.exe blocked cannot unblock n360 Vers 22.5.0.124 update

Resetting the firewall kills all of the entries, which puts me back at ground zero. Automatic Program Control is on and has been on.  I have two other posts that are related. The main issue is that support needs to update the signatures to clear all of these issues. Also the main code developers need to add some tools and fixes, which I have noted in the other posts.

I have been manually running the updater to get the fixes every few hours. And almost everytime I run it there are updates, but I still have a lot of outstanding programs blocked. I am just making sure that they get noted and addressed.

I had support fix one of my systems on 7/10, but after the few hours of dealing with them I join the forum.

With-in one hour of support being done, I started seeing programs not working correctly. So I looked at the history I started see all the blocked programs and started unblocking them. This has turned out to be a full time task. As I have learned resetting the firewall removes all of the entries, so you have to re-entry them. That is very time consuming task, since you have to wait for each program to trigger an event.

Resetting the firewall for these entries will not work, you cannot even manually fix them that I can figure out. Have a look at my other two posts "livecom.exe blocked cannot unblock n360 Vers 22.5.0.124 update" and "Update Services blocked why? n360 Vers 22.5.0.124 update". They should give you and idea where I am coming from. As a side note, I have read a lot of the posts related to this release and I find your responses are top-notch. Thanks for responding.(:))...

Kudos0

Re: SkyDrive.exe, Spoolsv.exe, dasHost.exe, wsqmcons.exe blocked cannot unblock n360 Vers 22.5.0.124 update

Ah, interesting.  We'll need other voices. 
Um, when you reset firewall or toggle APC.  Program Control clears and auto populates as you know. 
Once in a great while. I'll get a Firewall dialog to make a decision.
You bring an interesting..? 
With Automatic Program Control enabled, in addition to checking the characteristics of the traffic itself, the Smart Firewall also identifies the program requesting access and either allows it or blocks it, based on the trust level that Symantec has assigned to the program through actual testing.  A hash is used to prevent a malicious program from masquerading as a legitimate one. (credit SOJ)
Maybe as you say signatures need tweak.
So, you've ruled out product corruption figuring solution is back-end..?
Any chance Network Trust is in play....

Kudos0

Re: SkyDrive.exe, Spoolsv.exe, dasHost.exe, wsqmcons.exe blocked cannot unblock n360 Vers 22.5.0.124 update

To bjm_ , Trust as Norton Network Trust or the digital signatures. So if Norton's does that and makes every program that accesses the local network or loopback network stack trusted, that would be bad since even rogue programs would be trusted as long as they only access inside of your local network. So it goes back to they have to update the signatures to make sure things are in check.

Just looking back through things, The system the first support person worked on, they set the Network Trust to my first level router. The system I am working on right now it set to its direct network controller. Both systems are set at Private. The fist system's setting concerns me a little, since it provide too much access by my local network and first level router. I will reset that setting after everything settles out. Thinking about it, they were just trying a quick fix. The good and bad thing is that the new code has extra guards looking at the access patterns.

None of the programs I have looked so far are altered that I can determine. They are the originals and have not changed. A lot the blocked programs are standard issue Microsoft or their providers (I.E. where ever they got it from, since they did not write a lot of the code they use they just add their copyright to it. A little side track, case in point Bill G did not write DOS, Bill G did write one of the first micro computer basic interpreters. So from that stand point one of the first micro OSs.) The other programs I have been looking at have been in place for a long time and have not changed, they just do not have the signatures from the old database yet (I am guessing at this point, but my guess is based on some history from my past work life and we will leave it at that.)

Norton in general runs systems in a closed testing network and monitors both the network and operation of the systems themselves. They have built up controlled models over the years for each OS and its' update releases that they provide support on. So I know they have a good idea what is missing, I am guessing that windows 10 release moving up in time just caught them off guard, so they skipped some testing. I understand their choice, since they have to cover all the possible upgrade paths to windows 10, that is why the updates to all of the versions before all the testing was done. And now they are playing catch up at the cost of the support group also at the risk of loosing some customers. It is a basic business decision, go now or miss the boat.

B.T.W. Is it a lot more complex than a simple hash, hashs can match more than one program. That was one of the oldest false positive issues. Heuristic scaning for patterns has a similar problem to the simple hash.

My point about adding some tool short cuts and fixing some tools problems are that if they have to do this again the tools will be in place to reduce the support issues. Even if they add in remote control direct setting tools the user has no access to, either works for me. All of this helps them provide me with better support and make them look better. It is a win win as long as I can trust them, which I understand I have given that choice to them aways.(:))...

There are other issues I have not added yet, like known all-in-one printers monitors being blocked. I see them in the history, but they are not effecting using the devices. I am guess they are some special case interface monitoring by each of the product vendors. In my case I have both HP and Canon multi-function printers and I am see some blocking on both. I have not set up a sniffer to see what is being blocked. It would just take too much work and time. 

If you have a work around to adding programs, like the ones above that would be helpful until they get the signatures done at which point I can just reset the the firewall. The other problem of how many steps it takes I can live with for a short time. Sorry I went a little long, but I do not do this very often.

Kudos0

Re: SkyDrive.exe, Spoolsv.exe, dasHost.exe, wsqmcons.exe blocked cannot unblock n360 Vers 22.5.0.124 update

Hi, Philip Hansen,
Yeah, guess I was thinking Network Security Map dropped with v22.x did something to your setup. 
You lost me at "first level router".
Good luck
 

Kudos0

Re: SkyDrive.exe, Spoolsv.exe, dasHost.exe, wsqmcons.exe blocked cannot unblock n360 Vers 22.5.0.124 update

To bjm_, Thanks for at least reading it. I will waiting for someone else to come a long.

This thread is closed from further comment. Please visit the forum to start a new thread.