Tidserv Request Intrusion Attempts

At present if the user has a TDL rootkit on their system that Norton does not detect Intrusion Protection prevents it from accessing the internet and says blocked-no further action required. This is misleading since much further action is required and it leaves the average user completely unaware that they have a rootkit.

My suggestion is that Intrusion Protection be improved so that it will alert the user to the presence of a TDL rootkit based on the data collected from the connection attempt alone, the connection would still be blocked, but instead of saying no action required, it would alert the user to the presence of a rootkit.  

Check this thread for screenshots and more info, especially Quads post:  Link



Re: Tidserv Request Intrusion Attempts

It seems to me that this is not necessarily a new feature but mostly a request to add detection of this rootkit. I think the best way to go for this is to submit the sample for analysis by our response team. http://www.symantec.com/business/security_response/submitsamples.jsp