Cannot log in to email when VPN turned on

Note: Please do not post Personally Identifiable Information like email address, personal phone number, physical home address, product key etc.

When VPN turned on Outlook cannot log in to my isp’s e-mail account, it can log in to Gmail account.

Product & version number:24.11.9615 (build 24.11.9615.887)

OS details: Windows 10 Pro. 24.11.9615 (build 24.11.9615.887)

When the VPN is turned on Outlook cannot log into my ISP’s e-mail server. I turn the VPN off and I can log in. There is no issue with Outlook accessing Gmail’s servers. My ISP is Comcast.

If you have any supporting screenshots, please add them:

1 Like

See the information in this Norton Support article for help with email and VPN issues. https://support.norton.com/sp/en/us/home/current/solutions/v131881814

I have the same problem with Comcast email. I have gone through and setup the VPN tunnel and it still blocks the emails. Any other suggestions?

What email client are you using to access your Comcast email? When setting up the Split Tunnel feature, be sure you are adding the .exe file for your email client.

I am using outlook and have added Outlook.exe in the proper location to the tunnel. I verified this by going to the location that my shortcut is pointed to.

The only solution I have found with Outlook, with the help of Norton staff, is to have the VPN automatically turn off when I am on my home network. Away from home, I either have to turn the VPN off, or access my email with a different app on my cell phone. (the VPN doesn’t block it there)

Microsoft Outlook. I have done that. See my reply to Ralph_Medema below about the only thing that works. (Basically turning VPN off)

Yes, I have to turn off the VPN to access the comcast email on Outlook, but not Gmail. Oddly, the Comcast access is inconsistent. Sometimes it will work for awhile on the VPN and then suddenly lose the connection and ask me to login again. Once the login request pops up it won’t login and I have to shut the VPN off to reconnect.

EXACTLY!!! Having worked on that side of the customer support system I know what Comcast’s response will be. After verifying that the person can log in to their e-mail via the web portal, they will say that the issue is either with Outlook or Norton VPN. Microsoft will say that the problem is with either Comcast or Norton VPN since we can access Google Mail with the VPN on. And the support here, after we follow their steps with no success, will point the finger at Comcast or Microsoft. Meanwhile we, the consumer, have no one who can assist us.

It is frustrating and we are unlikely to get a resolution as a result. I’m thinking of trying a different VPN, but not sure if the problem is related to VPN’s in general or just the Norton VPN.

Has anyone contacted Comcast support to see if they are blocking VPN’s? Many email providers will block VPNs and/or request further verification it is you trying to access your account. This comes from the email servers seeing a login attempt from somewhere they are not expecting you to access from.

I am quite certain that is not the issue. I have accessed my Comcast e-mail using MS Outlook from Canada, Port Angeles WA, and Denver CO. I have accessed it using a non-comcast cell carrier, using WIFI from hotels, etc. all of which have different IP addresses. It is only when accessing Comcast using MS Outlook and Norton VPN turned on that there is an issue. Turning off the VPN cures the issue.

Actually that might be a good idea. There are VPNs out there that will give you two weeks to a month free service to check out their service. If you do and it works, then you have ammunition to throw at Norton’s help desk.

Norton 360 VPN Email Protection Causes Outlook IMAP Failures (Design Flaw)

Hi all — I’ve found a working solution for a design-level issue in the way Norton 360 VPN and the Email Protection feature interact, especially with IMAP accounts such as comcast. I submitted a ticket Sat 04/06/2025 and had Norton remote in to my client’s computer that I have worked on for over 50 hours to do advanced troubleshooting since he experienced this issue.

[S1] Widespread Common Issue

First, it goes without saying that this is a common issue. You can see it here, to name a few:

  • search: d5df1036-00ed-45e1-ab41-3fbcf1b316d6

  • search: imap-password/3952432

  • search: norton us v20240108183457190

  • search: norton us v131881814

[S2] What Norton Gets Wrong

Norton suggests (see this support doc at search: norton us v131881814) that if VPN-related issues persist, users should either:

  1. Changing geographic VPN regions (which often causes degraded performance due to latency and the problem can persist), or

  2. Exclude the application from VPN traffic via split tunneling.

But for #2 they never say which application to exclude. The correct exclusion for Outlook is (for example, version dependent):

C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE

That helps — but it’s not enough.

Even with Outlook.exe excluded from the VPN, IMAP sync issues (especially folder sync failures and repeated password prompts) persist if Email Protection is enabled. That’s because Norton’s Email Protection acts as a Man-In-The-Middle (MITM) TLS proxy, and this design leads to deeper problems.

[S3] What’s Actually Happening (Technical Overview)

When Email Protection is on, Norton acts as a Man-In-The-Middle proxy intercepting Outlook’s secure traffic, decrypts it locally using its own substitute certificate, then re-encrypts it before forwarding to the real server (e.g., Comcast).

Although this is not documented by Norton, in some of the A/B testing I conducted I can see the Norton certificate failures to imap[dot]comcast[dot]net for folder synchronization on Outlook.exe startup or on every Send/Receive.

Norton does mention this at a high level here:

search: norton us v20241115150241201

where it states (after expanding the FAQs) – The Email Protection feature uses an advanced scanning method for incoming and outgoing emails over SSL/TLS secured connections.

Sidenote: ignore the documentation in

  • search: norton us v96137879

which is out of date and incorrect when it claims Norton does not scan email messages sent or received using email services that use Secure (SSL) connections. I asked Norton to correct this in the ticket submitted.

Here’s the catch: when Outlook.exe’s core traffic is excluded from the VPN, Norton’s helper services and background processes are not. So you end up with split network paths:

Outlook.exe → LAN

Norton/Email Protection helpers → VPN

I proved this with a procmon trace.

This breaks the atomic trust chain required for seamless IMAP folder sync and authentication, especially on servers like Comcast that rate-limit or flag unexpected connection behaviors. The proxying effectively shatters the end-to-end flow Outlook expects.

What’s worse, many of the helper components are:

  • Hidden (services like svchost.exe)

  • Brief (sub-second lifetime processes difficult to troubleshoot except with advanced tools like procmon, sysmon) - example was seeing the jhi_service used by Intel’s ME platform when seeing Norton use it’s fake MITM certificate (through the VPN – this was proven by a procmon trace).

  • Difficult to target as additional split tunneling exceptions (you lose a lot if you put svchost.exe as an exception)

Affected components can include (to name a few):

Processes:

  • OfficeClickToRun.exe

  • MSExchangeHMWorker.exe

  • Teams.exe (since integrated with Outlook)

  • OneDrive.exe (since integrated with Outlook)

Concepts / Services:

  • Authentication & token refresh (sometimes tokens are shared between processes)

  • Autodiscover

  • SMTP relay

  • EWS/MAPI setup

  • Intel ME

These components may attempt to validate certificates, renew session tokens, or touch Microsoft’s licensing servers — but their network path goes through the VPN, while Outlook goes outside it, leading to inconsistent identity contexts and broken sessions.

[S4] What You Lose by Turning Off Email Protection

To be fair, disabling Email Protection comes with trade-offs:

  1. Slight reduction in phishing/malware detection I am assuming Comcast already provides robust server-side filtering.- they put things in Spam even – perhaps Norton will pick up some things Comcast would have missed. But the end-user must be aware of new phishing attempts regardless. As well, there a few excellent third party Outlook spam addons.

  2. Rare loss of zero-day detection Norton might catch something the ISP missed — but only if you open something risky.

  3. Negligible outbound scanning Very unlikely to affect home users unless your system is already compromised.

[S5] Recommendation

If you rely on Outlook with IMAP over VPN and need stability:

  • Exclude Outlook.exe from Norton’s VPN.

  • Turn off Norton Email Protection.

  • Let your mail provider (e.g., Comcast) handle filtering, which they already do quite well.

This avoids the VPN routing conflict and restores Outlook’s ability to sync folders and authenticate predictably.

[S6] Summary

With VPN split tunneling enabled for Outlook.exe and Email Protection turned ON, Outlook’s IMAP authentication fails intermittently, especially during folder sync. Disabling Email Protection fully resolves the issue. This suggests that Norton’s Email Protection component is not respecting split tunneling boundaries and is interfering with the authentication flow.

Norton should investigate this further.

[S7] Final Note

This post is the result of 50+ hours of hands-on research:

  • Custom PowerShell scripts

  • Real-time monitoring using Procmon

  • Controlled A/B testing with different VPN + Email Protection states, POP3 vs IMAP

Frankly, Norton support could have solved this faster by pairing with a power user, but I understand not all support channels are equipped for that. I do hope my ticket submittal reaches someone at Norton who understands the design internals of Email Protection and agrees with me versus being dismissive of incontrovertible proof and pointing a finger at Microsoft or Comcast — because the issue is clear once you see the pattern. Politically, they may be uncomfortable recommending turning off Email Protection - but in my opinion, you are not losing much (especially if you purchase a good addon if you are not happy with Comcast’s spam filtering)

Also, full credit to my AI assistant ChatGPT-4o — the best co-worker I’ve ever had. It didn’t solve the problem for me, but it helped me think faster, cross-check my technical hunches, and build structured theories that I could test and refine. What it learned will probably show up when Norton support staff (apparently) use ChatGPT themselves. This is far better than steering people to solutions that don’t properly address the technical design limitations.

I have left the corporate world and continue to fix the unfixable if it is important to my clients. I do not have the bosses from h**l who don’t respect advanced troubleshooting, the Phil Crosby “Quality is Free” root-cause-analysis philosophy or the legendary John Wooden’s (10 NCAA basketball championships in 12 years at UCLA including 7 in a row) famous quotes which include:

  • “If you don’t have time to do it right, when will you have time to do it over?”

  • “Make each day your masterpiece.”

  • “Failing to prepare is preparing to fail.”

  • “Do not let what you cannot do interfere with what you can do.”

  • “Things turn out best for the people who make the best of the way things turn out.”

  • “It is amazing how much can be accomplished if no one cares who gets the credit.”

  • “Don’t let making a living prevent you from making a life.”

  • “Don’t measure yourself by what you have accomplished, but by what you should have accomplished with your ability.”

Thanks for reading — I hope this helps others facing the same invisible wall. Best wishes, Harry Stein