• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Un-used Port Blocking and Norton Product Tamper Protection

Un-used Port Blocking

"Unused Port Blocking has blocked communications"; my Recent History is filled from top to bottom with this.  In-bound  Port 38959.  This happens, on average, every two seconds to a minute.

Norton Product Tamper Protection 

Felt my computer lagging, so, I checked the Background Tasks, Phishing Protection Updates.  Just then, this box appears; just happened again:

________________________________________________________________________________

Microsoft Visual C++ Runtime Library

________________________________________________________________________________

   X             Runtime Error!

                  Program: C:\Program Fi...

                  This application has requested the Runtime to terminate it in an unusal way.

                  Please contact the application's support team for more information.

                                                                      _____________ 

                                                                               OK

                                                                      _____________

_________________________________________________________________________________

Then the Background Tasks window Closed, along with Norton Internet Security, but the icon still remained in the Task Bar, so I hang my Mouse over it and it dis-appears; however, the History stayed Open.  Next, the Norton Internet Security Auto-Fix came up (checked for connection, e.t.c.) and it lead me to a Page which had the heading, something like: "Can't open...".  I then tried to Open Norton Internet Security via Start-Up Menu twice and it never happened the first time, but, then the second time, I noticed the icon was back and Norton Internet Security had Opened.  I then checked my History.  There was eight logs in the Norton Product Tamper Protection, all of which the "Actor" was: c:\\windows\system32\svchost.exe.

Message Edited by Floating_Red on 10-30-2008 11:09 PM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]

Replies

Kudos0

Re: Un-used Port Blocking and Norton Product Tamper Protection

Left computer on overnight while doing a Full Scan; this morning Updated Malwarebytes' Anti-Malware, booted in to Safe Mode, did a Full Scan, re-started in Normal Mode and, when I did, got this pop-up: "Symantec Service Framework encountered a problem and needed to close.  Please tell Microsoft about this problem." 
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Un-used Port Blocking and Norton Product Tamper Protection

If you have a port or ports forwarded through your router, the unused port blocking will keep coming up when that port is not being used.  It's doing the same thing to me.
XP Media Center Edition SP3NIS 2009IE7 & Outlook Express
Kudos0

Re: Un-used Port Blocking and Norton Product Tamper Protection


Dch48 wrote:
If you have a port or ports forwarded through your router, the unused port blocking will keep coming up when that port is not being used.  It's doing the same thing to me.

I am well-aware of this; just thought I would bring it to symantec's Attention since NY1986 reported that same thing happening and a symantec Employee asked for more details.

If you noticed, it was the exact same Port trying to brute-force it-self past the Firewall to Access the computer.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Un-used Port Blocking and Norton Product Tamper Protection

Yes it is the same port but I'm not sure if anything is trying to come through or if NIS is just blocking it simply because it's open.
XP Media Center Edition SP3NIS 2009IE7 & Outlook Express
Kudos0

Re: Un-used Port Blocking and Norton Product Tamper Protection


Dch48 wrote:
Yes it is the same port but I'm not sure if anything is trying to come through or if NIS is just blocking it simply because it's open.

Hello,

   If you read the words in Quotation Marks in the Un-used Port Blocking, you will see it does Block Communications.  You can also check via the History and Click on "More Details" on the "unused port blocking has blocked communications".

Message Edited by Floating_Red on 10-31-2008 07:52 PM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Un-used Port Blocking and Norton Product Tamper Protection

I know it says that but is it really blocking attempts to get through? I would think a notification popup would occur if it was.
XP Media Center Edition SP3NIS 2009IE7 & Outlook Express
Kudos0

Re: Un-used Port Blocking and Norton Product Tamper Protection


Dch48 wrote:
I know it says that but is it really blocking attempts to get through? I would think a notification popup would occur if it was.

Yes.

If they had pop-ups for every time this happened, you would get them from every few seconds on sometimes, to every hour.  Imagine having pop-ups like this every few seconds...

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Un-used Port Blocking and Norton Product Tamper Protection

NY 1968 is using NAV 2008.
Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
Kudos0

Re: Un-used Port Blocking and Norton Product Tamper Protection


Dieselman743 wrote:
NY 1968 is using NAV 2008.
Doesn't matter what Norton Product and Version you are using.
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Un-used Port Blocking and Norton Product Tamper Protection

You will see the "Unused Port Blocking" message when NIS detects an inbound packet directed at a port that is not being used by any running application. NIS will automatically block such packets and there is nothing more for you to do.

I have seen this happen after I've run a P2P client for a while and then stop running it. For days after I stop running it, random machines over the internet will try to connect to that (now non-listening) port. If you remove the port-forwarding from the router for those ports, that should stop it.

Shane.

Kudos0

Re: Un-used Port Blocking and Norton Product Tamper Protection

yes. On my concerns about the unused port blocking, it is very clear that it is being blocked. I had raised the original question to see if anyone else had the same ports being targeted. I have since turned off my computer for a few hours. After I re-booted, I had none of the same constant attempts. I guess they gave up.

I have noticed that sometimes unused port blocking will show a blocked attempt of TCP at port 80, which I understand is for web browsing. Not sure why it blocks that but I'm glad because I want no unsolicited inbound contact

Dieselman, i know get NIS and a router :)   I will someday

This thread is closed from further comment. Please visit the forum to start a new thread.