• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!

This forum thread needs a solution.

Suspicious activities

Hi everyone,
in last 4 days Norton Tamper Protection show me 4 log entries in NIS Event History:

c:\program files\winzip\winzip32.exe

try to "create a file" in 


the action was blocked.

NIS doesn't detect any of suspicious. 

Is it possible that a virus is in the PC?

My system: Vista Premium 32 bit Italian with NIS + AOP 3.7

Thanks in advance for replies.



Re: Suspicious activities

Hi Axios

It sounds like what is happening in this thread


Cheers Mo Windows 7 64 bit, NIS2013

Re: Suspicious activities

Hello Axios,

These entries appear to be normal and are quite common. Sometimes legitimate programs or services will attempt to access the Norton Files, and if deemed appropriate, Norton will block the access to protect itself. There may also be occasions were you see this action marked as "logged".

You can read more detail about these types of entries in these threads:  Link 1  / Link 2.

I have a number of similar entries, some involving different "actors".

Unless you are noticing some unusual activity on your computer, I would not be concerned.

"Anyone who isn't confused really doesn't understand the situation."   Edward R. Murrow

Re: Suspicious activities

Yes, it sounds like your link. But I havan't any suspicious file detected during scans. Full system scan report no virus...

Solved: following yor link, I find another link:


Message Edited by Axios on 08-30-2009 01:11 PM

Re: Suspicious activities

I was getting those entries also (create file) they started last week

but have not gotten any in the last 3 days

recently I uninstalled NIS 2009 with the 16.7 and reinstalled NIS 2009 with 16.5

 I think I started getting them after the download of 16.7 which was giving me problems with the missing icon in the task bar but no symantec service framework error.

I never had those entries before the download of 16.7

Kudos1 Stats

Re: Suspicious activities


Re: Suspicious activities

JohnM wrote:

This Web Link provides excellent information.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]

This thread is closed from further comment. Please visit the forum to start a new thread.