Anti Virus History

Norton Security | Norton Internet Security
1

Most days I get at least one and sometimes a long list of  'Medium - Unauthorized

Access Blocked (Open File), No Action Required'

 

Can someone please tell me what this signifies and how important is it?

 

Thanks

2

those are history lofgentrys of this norton component https://support.norton.com/sp/en/us/home/current/solutions/v45039218_NIS_Retail_2012_en_us

as u will see there its important cos it protects norton from beeing changed by eventual virus attack but somebody can explain better also in this forum are many posts regarding norton tamper protection mesages in history u can seach them for better understanding why u have those logs

3

Hi thingy:

 

rika is correct - these unauthorized access blocked messages are a normal function of Norton Product Tamper Protection.  A log entry will be created in your security history every time a process attempts to read/write/edit/delete a Norton file, and this includes common Windows processes like svchost.exe, dfrgntfs.exe, etc.  If you double-click on one of the entries in your security history (History | Show | Protection and Performance | Norton Product Tamper Protection) the Actor (e.g., C:\Windows\system32\svchost.exe) will tell you what process was attempting the read/write/edit/delete and the Target will tell you which Norton file or registry entry it was trying to view.

 

I've posted a request in the Product Suggestions board  here requesting that Symantec either stop logging these unauthorized access blocked messages in the security history or at least reduce the severity from Medium to Info.  If your system was actually under attack by malware you'd be notified by one of Norton's real-time Auto-Protect features like SONAR or Download Insight so you should feel safe just ignoring these unauthorized access blocked messages.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 25.0 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

4

Are you seeing this in conjunction with DFRG as the actor?

5

Thank you for your Replies - I now understand what's happening - it seems these Entries are 'normal' and that other people get them too

 

I have looked back over the last few days and there is no DFRG as Actor

 

Tthe Actor is always a number eg 5848 (many) - 4424(many) - 836(1) - 400(1) -  792(1) and so on

 

I'm not particularly bothered by them as long as they are 'normal' and other people get them

6

Hi thingy:

 

You might be looking at the Actor PID (process identifier), which is the unique number Windows assigns to every process running on your machine.  The Actor listed in each Norton Product Tamper Protection entry should show you the location (path) and filename of the process.

 

Unauthorized Access Blocked.jpg

 

 

You can view the PIDs of the processes currently running on your system by starting the Windows Task Manager (Ctrl-Alt-Del) and clicking the Show processes from all users button.  If the PID column isn't displayed, select View | Select columns from the Task Manager menu and enable the PID (Process Identifier) item.

 

Windows Task Manager PID.jpg

 

 

 

I posted a screenshot here in another thread showing my security history being flooded with hundreds (and sometimes thousands) of these unauthorized access blocked entries every time Windows Disk Defragmenter (dfrgntfs.exe / PID 2244 on my 32-bit Vista OS) runs on my computer and attempts to defrag a Norton-related file.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 25.0 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS