The screen print below shows the default firewall rules for SMB in my Norton installation. There are no other rules related to these ports configured in my Norton installation.

To me it is obvious that inbound SMB ports are being blocked for the Public profile by the first rule below.

However I do not understand how the second rule below (that is disabled by default and cannot be changed) blocks outbound traffic to these same SMB ports.

Can someone please explain this and tell me if outbound traffic to the SMB ports are actually being blocked or not for the Public profile.

image1007×370 29.2 KB

Hello @carjimz
In your Norton Smart Firewall, outbound traffic to SMB ports is typically NOT being blocked for the Public profile by default, despite the appearance of that second rule.

Understanding the Rules
The behavior you are seeing is due to how Norton handles its default traffic rules:

• Rule 1 (Active): Explicitly blocks Inbound SMB traffic when your network is set to the Public profile. This prevents other computers on a public network (like a coffee shop) from seeing or accessing your shared files and printers.
• Rule 2 (Disabled): This “SMB Windows 2000” rule is a legacy placeholder that is disabled by default. Because it is Disabled, it performs no action—it does not block or allow traffic.

Why is Outbound SMB Allowed?
Norton 360 Smart Firewall is designed to allow standard outbound communication by default so that you can still browse the web or connect to remote resources.

• Implicit Allow: If there is no active rule explicitly blocking “Outbound” traffic on ports 445 or 137-139, the firewall generally allows those requests to pass.
• Purpose: This allows you to connect to a remote server or NAS from your computer, even if you don’t want that same server to initiate a connection back to you.

Summary of Status for Public Profile

If you specifically want to block your computer from sending SMB traffic out while on a Public network, you would need to manually create a new Traffic Rule set to “Block,” “Outbound,” and the “Public” profile.

=========================================

While the user interface has received updates in Norton 360 v24+ version, the underlying logic of the Smart Firewall remains consistent regarding default traffic rules.

In Norton 360 v26, the firewall still uses Automatic Program Control as its primary mechanism:

• Rule Logic Still Holds: The “SMB Windows 2000” rule remains a legacy component. If it is Disabled in your Norton 360 v26 settings, it continues to have no effect on your traffic.
• Outbound remains “Allow by Default”: Norton 360 v26 continues to prioritize outbound connectivity to ensure your applications can reach the internet and local resources. Unless a specific active rule blocks “Outbound” traffic for a profile, it is permitted.
• Public Profile Protection: The active rule blocking Inbound SMB on the Public profile is a core security feature that has not been changed in the latest versions to ensure devices remain “stealthed” on untrusted networks.

------------------------------------
Note: AI sourced content may include mistakes

========================================

All: Simplified, Norton has these rules set for SMB in a Public Network environment because SMB is vulnerable for the following reasons: Note: Isolation of the network, its resources, and the OS is the #1 reason listed.

AI Overview
No, you should not trust or expose Server Message Block (SMB) on a public network or the internet. SMB is designed for trusted, internal networks; using it publicly exposes you to severe security risks like ransomware (e.g., EternalBlue), credential theft, and unauthorized access, as it is a major target for hackers.

Key Security Risks of Public SMB:
> Vulnerabilities: Older versions of SMB (v1) and even some newer ones have known, high-profile exploits.
> Data Theft/Exposure: Without a secure, encrypted tunnel, data transmitted over public networks can be intercepted.
> Unauthorized Access: Attackers can use brute-force attacks to guess credentials and gain full control of file shares.

How to Securely Access Files Remotely:
Use a VPN: Always use a Virtual Private Network (VPN) to create an encrypted tunnel for your traffic before connecting to an SMB share.
Firewall Rules: Block port 445 (the main SMB port) on your firewall to prevent direct access from the internet.
Use Alternatives: Utilize secure file transfer methods like SSH/SFTP, HTTPS, or cloud-based storage services instead of SMB for remote access.

> Conclusion: Only use SMB within a trusted, firewall-protected, and preferably segmented network environment.

Private Network usage:

AI Overview

Yes, you can generally trust Server Message Block (SMB) on a trusted, private, and isolated network, provided it is configured correctly,

SMB v3.x is used, and older versions (SMBv1) are disabled. However, it should never be exposed directly to the public internet and requires a VPN for remote access.

Key Considerations for Trusting SMB on a Private Network:

• Security Version: Always use SMBv2 or higher (preferably SMBv3) as they offer better encryption and security.
• Network Trust: Only trust it if you control the network, such as a secure home or enterprise, and it is not accessible by unauthorized users.
• Segmented Networks: Even on internal networks, restrict SMB traffic to specific, secure segments.
• Authentication: Use strong authentication (like Kerberos) and avoid password-less file sharing.

When NOT to Trust SMB:

*** Exposed directly on the internet (port 445).**
*** When using outdated, insecure versions like SMBv1.**
*** On unsecure or public Wi-Fi networks without a VPN**

SA

Hello @carjimz