Norton360 breaks windows firewall

No issues found with DISM or SFC. I think windows defender is off while norton is on. i have not changed anything this issue came out of nowhere, i have been using norton for years now on this setup and no issue apart from the bug from some update some months ago that made my C: drive usage to 100% all the time after an update that you after many complaints from people fixed.

Now it seems like an update again is causing this new problem, but I've not seen anyone else here talk about it though. I'm about to update norton again, i just installed it again. But ill leave it unpatched to see how long i can go without it breaking windows firewall service. And then update and see how long it takes for it to break. 

I was able to fix it with "Tweaking.com - Windows Repair" i choose repair firewall and reset permission in registry and permission on services. Im glad i dont need to restore windows again, i was so tired of it. BUT still remains why updating norton broke it in the first place. I hope it wont happen again. Its been 10 min and another restart and its still working, ill be back if another update that comes out later will break it again. 

I will do the scan like you said when I can. Yes I have been thinking i have LOL and been under attack under a long time now, now it's confirmed. I'm glad because I have been trying to prove it a long time in forums but nothing was found, of course because it hides behind legit files. I have nuked my windows' disk before. But I suspect either is a deep-rooted rootkit that someone put in while having physical access to my pc, or it's because it's in some of my no-OS drives that I never nuked, so I keep getting infected. 

I have disabled WMI. I know some things break when doing that, would it make me safer having it disabled? Because I had infected WMI so if I disable it they can't use that technique again?

Oh no! It's just because I installed this script! https://www.reddit.com/r/Windows10/comments/9t5be1/automatically_disable... it might be a false positive, and I'm in no danger! Can you look at the script and verify it's no danger? It supposedly only disables full-screen optimization

Thanks for the reply! But i know what caused it, it was a false positive. This is what i wrote "Oh no! It's just because I installed this script! https://www.reddit.com/r/Windows10/comments/9t5be1/automatically_disable...(link is external) it might be a false positive, and I'm in no danger! Can you look at the script and verify it's no danger? It supposedly only disables full-screen optimization"

Here is the script:
 

<# :: Note that you can skip a program if you manually set another flag for it like the Override DPI            reddit .com/9t5be1
@set v=2019.09.29 ||: run admin rights required section as scriptblock - should now work on systems it previously failed 
@title Automatically Disable Fullscreen Optimizations and DPI Override - AveYo - v%v%                
@color 1e & echo off & echo. & powershell -nop -c "iex ([System.IO.File]::ReadAllText('%~f0'));" &exit/b
#>$main = {
# CHOICE TEXT - &X IS OPTIONAL TO ACTIVATE KEYBOARD SHORTCUTS           # CHOICE VALUE                           # DEFAULT:1 #>
$t  = @()                                                            ;  $v  = @()                             ;  $d  = @()
$t += '&1  Disable Fullscreen optimizations                         ';  $v += 'DISABLEDXMAXIMIZEDWINDOWEDMODE';  $d += 1
$t += '&2  Program DPI from main display when I signed in to Windows';  $v += 'PERPROCESSSYSTEMDPIFORCEOFF'   ;  $d += 0
$t += '&3  Program DPI from main display when I open this program   ';  $v += 'PERPROCESSSYSTEMDPIFORCEON'    ;  $d += 0
$t += '&4  High DPI scaling override by Application                 ';  $v += 'HIGHDPIAWARE'                  ;  $d += 0
$t += '&5  High DPI scaling override by System                      ';  $v += 'DPIUNAWARE'                    ;  $d += 0
$t += '&6  High DPI scaling override by System [Enhanced]           ';  $v += 'GDIDPISCALING DPIUNAWARE'      ;  $d += 0
$t += '&7  CLEAR MANUAL DEFINITIONS                                 ';  $v += ''                              ;  $d += 0
$t += '&8  UNINSTALL                                                ';  $v += ''                              ;  $d += 0

# SHOW CHOICES DIALOG FROM EXTENDED TEXT $t (INSTEAD OF VALUES $v) WITH DEFAULTS $d SELECTED - OUTPUTS INDEXES LIKE '1,3,4'
$all = $t -join ','; $def = (($d -split "`n") | Select-String 1).LineNumber -join ','; $selected = @($false) * $t.length
$result = Choices $all $def 'GlobalAppCompatFlags'; if($result){ $result -split ',' | % { $selected[[int]$_ - 1] = $true } }

# QUIT IF NO CHOICE MADE
if(!$result){ write-host -fore Red "`n No choice selected, exiting.. "; timeout /t 3 >$null; exit }

# VALIDATE SELECTION WITH RULES LIKE 'IF GDIDPISCALING SELECTED THEN HIGHDPIAWARE MUST BE UNSELECTED' ETC.
$uninstall=$false; $clear=$false
if($selected[2]){$selected[1]=$false} <# SINGLE CHOICE FOR Program DPI (2 OR 3) AND High DPI (4 OR 5 OR 6) #>
if($selected[5]){$selected[3]=$false; $selected[4]=$false}; if($selected[4]){$selected[3]=$false; $selected[5]=$false}
if($selected[6] -and $selected[7]){$clear=$true; $uninstall=$true; $selected=@($false) * $t.length} <# CLEAR, UNINSTALL #>
if($selected[6]){$clear=$true; $selected[6]=$false}; if($selected[7]){$uninstall=$true; $selected=@($false) * $t.length}

# COMPUTE THE FLAGS VARIABLE APPLIED AUTOMATICALLY TO HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
$values = @(); (($selected -split "`n") | Select-String $true).LineNumber | % { if([int]$_){$values += $v[[int]$_ - 1]} }
$flags = '~ ' + $values -join ' '
#if ($flags -eq '~ ') { $uninstall=$true } 

#  IF SELECTED, CLEAR PREVIOUS FLAGS FOR ALL PROGRAMS ONCE - FIY: AUTOMATIC HANDLER DOES NOT OVERRIDE EXISTING ENTRIES
if($clear){
  write-host -fore Red "`n Clearing existing flags in registry for all programs.. "; timeout /t 3 >$null
  Remove-Item -Path 'HKCU:\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers' -EA 'silentlycontinue' -Force
}

# INSTALLING AND UNINSTALLING THE PERSISTENT WMI HANDLER REQUIRES ADMIN RIGHTS
if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(544)) {
  write-host -fore Black -back Yellow  "`n PERMISSION DENIED! Asking for admin rights..  "; timeout /t 3 >$null
  start powershell -Verb RunAs -ArgumentList "-nop -NoExit -C & { $($RunAsAdmin -replace '"', '\"') } '$flags' '$uninstall'"; exit
} else { & $RunAsAdmin "$flags" "$uninstall" }

} # $main Done!

$RunAsAdmin = { param($Flags, $Uninstall) 
$script = {
  cmd /c color 1e; write-host -Fore Black -Back Gray "`n Flags: $flags "
  # UNINSTALL PERSISTENT WMI HANDLER IF SELECTED
  if($Uninstall -eq [bool]::TrueString){
    write-host -Fore Red "`n Uninstalling GlobalAppCompatFlags.. "
    RemoveGlobalAppCompatFlags; timeout /t -1; exit
  }
  # INSTALL PERSISTENT, NON-PULLING, HIGH PERFORMANCE FILTERED WMI HANDLER TO ADD FLAGS FOR USER PROGRAMS ON SECOND LAUNCH
  write-host -Fore Red "`n Installing GlobalAppCompatFlags.. " #timeout /t 3 >$null
  AddGlobalAppCompatFlags $Flags
  write-host "`n DONE! All programs - old and new - will have above flags applied after being run once "
  write-host "`n INFO: To prevent this for a program, manually adjust another flag like Override DPI for it "
  write-host "`n INFO: If only CLEAR MANUAL DEFINITIONS is selected then flags are cleared automatically instead "
  timeout /t -1; exit
}
function RemoveGlobalAppCompatFlags(){
  $ns = 'root\subscription'
  gwmi __eventFilter -Namespace $ns -filter "name='GlobalAppCompatFlags'"| Remove-WmiObject
  gwmi activeScriptEventConsumer -Namespace $ns -filter "name='GlobalAppCompatFlags'" | Remove-WmiObject
  gwmi __filtertoconsumerbinding -Namespace $ns -filter "Filter = ""__eventfilter.name='GlobalAppCompatFlags'"""| Remove-WmiObject
}
function AddGlobalAppCompatFlags($newflags){
  $GlobalAppCompatFlags_script_embedded_in_WMI_database = @"
' Add GlobalAppCompatFlags automatically after launching user processes - applies on the second launch of the same program
' Yes it does it via the "infamous" WMI persistence - but are we really not gonna use legit super light methods out of fear now?
' Why vbs, though? For no other reason than shitty lazy AVs going indiscriminately ham on any js because it can run on the web..
Dim oldflags : newflags = "$newflags"
Const HKU = 2147483651 : Const SEMISYNCHRONOUS = 48
layerskey = "Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers"
querytext = "SELECT ExecutablePath FROM Win32_Process WHERE ProcessID=" & TargetEvent.ProcessID
Set mExec = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\CIMv2").ExecQuery(querytext,,SEMISYNCHRONOUS)
Set rProv = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
Set regEx = New RegExp : regEx.Global = False : regEx.IgnoreCase = True
filterprg = "^.:\\Program Files(?:\\| \(x86\)\\)(Common |dotnet|Microsoft |Windows |WindowsApps|MSBuild)"
regEx.Pattern = "^.:\\Windows\\|^.\\ProgramData\\Package |\\AppData\\Local\\Temp\\|\\AppData\\Local\\Microsoft\\|" & filterprg
For Each process in mExec
  If Not IsNull(process.ExecutablePath) And Not regEx.Test(process.ExecutablePath) Then
    process.GetOwnerSid sid : compatkey = sid & "\\" & layerskey
    ret = rProv.GetStringValue(HKU, compatkey, process.ExecutablePath, oldflags)
    If (ret <> 0) Then
      rProv.CreateKey HKU, compatkey : rProv.SetStringValue HKU, compatkey, process.ExecutablePath, newflags
    ElseIf (newflags = "~ ") Then
      rProv.DeleteValue HKU, compatkey, process.ExecutablePath
    End If
  End If
Next
"@
  $EvtQuery = "SELECT * from Win32_ProcessStartTrace WHERE SessionID!=0"
  $nospam = @('cvtres','csc','svchost','DllHost','RuntimeBroker','backgroundTaskHost','rundll32','find','findstr','reg',
'PING','timeout','taskkill','Conhost','cmd','cscript','wscript','powershell','explorer','OpenWith','SearchProtocolHost',
'SpeechRuntime','browser_broker','MicrosoftEdgeCP','firefox','chrome','steamwebhelper')
  foreach ($n in $nospam){ $EvtQuery += " AND ProcessName!='"+$n+".exe'" }
  RemoveGlobalAppCompatFlags # Clear previous before new event subscription
  $EvtFilter = Set-WmiInstance -Class __EventFilter -NameSpace 'root\subscription' -Arguments @{
Name='GlobalAppCompatFlags';EventNameSpace='root\cimv2';QueryLanguage='WQL';Query=$EvtQuery } -ErrorAction Stop
  $EvtCon = Set-WmiInstance -Class ActiveScriptEventConsumer -Namespace 'root\subscription' -Arguments @{
Name='GlobalAppCompatFlags';ScriptingEngine='VBScript';ScriptText=$GlobalAppCompatFlags_script_embedded_in_WMI_database }
  Set-WmiInstance -Class __FilterToConsumerBinding -Namespace 'root\subscription' -Arguments @{Filter=$EvtFilter;Consumer=$EvtCon}
}
& $script } # $RunAsAdmin Done! 

# Choices dialog snippet - parameters: 1=allchoices, 2=default; [optional] 3=title, 4=textsize, 5=backcolor, 6=textcolor
function Choices($all, $def, $n='Choices', [byte]$sz=12, $bc='MidnightBlue', $fc='Snow', $saved='HKCU:\Environment'){
  [void][System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); $f=New-Object System.Windows.Forms.Form
  $a=$all.split(','); $s=$def.split(','); $reg=(Get-ItemProperty $saved).$n; if($reg.length){ $s=$reg.split(',') };
 function rst(){ $cb | %{ $_.Checked=0; if($s -contains $_.Name){ $_.Checked=1 } } }; $f.Add_Shown({rst; $f.Activate()})
  $cb=@(); $i=1; $a | %{ $c=New-Object System.Windows.Forms.CheckBox; $cb+=$c; $c.Text=$_; $c.AutoSize=1;
 $c.Margin='8,4,8,4'; $c.Location='64,'+($sz*3*$i-$sz); $c.Font='Tahoma,'+$sz; $c.Name=$i; $f.Controls.Add($c); $i++}
  $bt=@(); $j=1; @('OK','Reset','Cancel') | %{ $b=New-Object System.Windows.Forms.Button; $bt+=$b; $b.Text=$_; $b.AutoSize=1;
 $b.Margin='0,0,72,20'; $b.Location=''+(64*$j)+','+(($sz+1)*3*$i-$sz); $b.Font='Tahoma,'+$sz; $f.Controls.Add($b); $j+=2 }
  $v=@(); $f.AcceptButton=$bt[0]; $f.CancelButton=$bt[2]; $bt[0].DialogResult=1; $bt[1].add_Click({$s=$def.split(',');rst});
 $f.Text=$n; $f.BackColor=$bc; $f.ForeColor=$fc; $f.StartPosition=4; $f.AutoSize=1; $f.AutoSizeMode=0; $f.FormBorderStyle=3;
 $f.MaximizeBox=0; $r=$f.ShowDialog(); if($r -eq 1){$cb | %{if($_.Checked){$v+=$_.Name}}; $val=$v -join ',';
 $null=New-ItemProperty -Path $saved -Name $n -Value $val -Force; return $val }
} # Let's Make Console Scripts Friendlier Initiative by AveYo - MIT License -          Choices '&one, two, th&ree' '2,3' 'Usage'
& $main
<#_#>