Seems like Norton Firewall is blocking "SymSecondaryLaunch". Is this a real Process or should i keep blocking it?
This is a NIS process, but we're not sure why it would be accessing the network. Do you have any scheduled scans (or updates)? If so, what is being scanned, etc.? Is there anything unusual about your configuration that you think might be relevant?
Also, are we correct in assuming you have Application Blocking enabled in the firewall?
I would like to thank you Lee up front for replying back, a lot of times at other AV companies nobody replies back weather they don't have the manpower or don't want to reply back one can only guess.
Yes I do have scheduled scans and updates throughout the day, there is nothing unusual, and yes I do have Application Blocking enabled.
Are you scanning any network drives with your scheduled scans? This could include a Time Machine volume if it's not one directly attached to your Mac.
Yes im scaning my USB drive with scheduled scan and i dont have a Time Machine.
One more thing i keep getting MS SQL Stack BO at alerts every 45 mins or so, i rather not have these alerts is there a way to stop them??
Unless the USB drive is being shared from another machine, this doesn't really explain the network access. Our only concern here is whether the process is really the SymSecondaryLaunch from NAV. You should be able to verify this the next time you see the blocking alert by doing the following, before dismissing the alert:
1. Launch /Applications/Utilities/Terminal
2. type this command, followed by return:
ps -axww | grep Sym
Then copy and paste the output to this thread (make sure the "S" on "Sym" is upper case).
Regarding the MS SQL Stack BO alert, I need to research a little to find out how to best deal with this. Here is our online description of the threat:
You can disable the notifications for the MS SQL Stack BO alerts, but you shouldn't disable the detection of that signature—your computer is obviously being targeted for some reason, and it'd be unadvisable to disable detection of the signature.
To disable the alerts, launch the Norton AntiVirus application and go to "Automatic Protection". Then select "Configure" for Vulnerability Protection". Select the "MS SQL Stack BO" signature in the list, and check the "Disable alerts for this signature" button to disable the alerts. Or you can disable alerts for all Vulnerability Protection detections by de-selecting the "Notify me when an attack is automatically blocked" button.
I also have a similar issue. Whenever I open TextEdit a Norton firewall message pops up saying cupsd (incoming) is attempting to use the internet. That's followed by a Norton Notification window.
I have Application Blocking enabled but when I click on the 'Allow' button and search for cupsd in the Application Blocking section of the firewall I am unable to find it because it's a hidden file: usr/sbin/cupsd. Clicking on 'Block' or 'Always allow this application' in the options section of the notification window doesn't change anything either. Nor does unchecking the box 'Don't ask again for this application'.
I'd prefer to keep Application Blocking turned on but am not sure how to stop cupsd from being activated in the Firewall every time I open TextEdit. Any suggestions or reasons why it might be doing this?
On a previous installation I also had the "SymSecondaryLaunch" message appear (as with the above poster). The Finder also attempted to connect to the net after I enabled Application Blocking. Not sure what's normal and what's not.
ok i pasted it
s010600254bab37cc:~mmmm$ ps -axww | grep Sym 56 ?? 0:00.02 /Library/Application Support/Symantec/Scheduler/SymSecondaryLaunch.app/Contents/SymSchedulerDaemon 57 ?? 3:49.26 /Library/Application Support/Symantec/Daemon/SymDaemon.bundle/Contents/MacOS/SymDaemon 58 ?? 12:24.18 /Library/Application Support/Symantec/AntiVirus/NortonAutoProtect.bundle/Contents/MacOS/NortonAutoProtect 60 ?? 0:01.01 /Library/Application Support/Symantec/AntiVirus/DiskMountNotify.app/Contents/MacOS/DiskMountNotify 61 ?? 0:13.57 /Library/Application Support/Symantec/DeepSight/symdeepsight-extractor -F -t /Library/Application Support/Symantec/DeepSight/Timestamp -a /Library/Application Support/Symantec/DeepSight/ConfigFile.ini -w /var/run/extractor.pid 68 ?? 0:00.56 /Library/PrivateFrameworks/SymSharedSettings.framework/Tools/SymSharedSettingsd 139 ?? 4:31.32 /Library/Application Support/Symantec/SymUIAgent/SymUIAgent.app/Contents/MacOS/SymUIAgent 152 ?? 0:01.19 /Library/Application Support/Norton Solutions Support/Scheduler/SymSecondaryLaunch.app/Contents/MacOS/SymSecondaryLaunch -psn_0_57358 677 ?? 83:15.60 /Library/PrivateFrameworks/SymAVScan.framework/Versions/A/Resources/SymAVScanDaemon.bundle/Contents/MacOS/SymAVScanDaemon68699 ttys000 0:00.00 grep Syms010600254bab37cc:~ jmmmm$
This looks like the correct SymSecondaryLaunch. I'm still not sure what causes the alert, but it should be safe to Allow.
also what command do i type to see wat other process are and to wat programs they belong too
You can list all processes by typing:
This doesn't really tell you which program they belong to, but by looking at the path to the executable (the last part of each line), you may be able to surmise that for some. Note that the system runs many processes, so there are several that are not associated with third-party programs.
For more info on this command, type:
(spacebar will scroll through the man page, q will return to the shell).
Note also that /Applications/Utilities/Activity Monitor shows information about current processes within a graphical interface.
If you are experiencing an issue that needs urgent assistance please visit our customer support area:
There are currently 3 users online.