Note: Please do not post Personally Identifiable Information like email address, personal phone number, physical home address, product key etc.

When VPN turned on Outlook cannot log in to my isp’s e-mail account, it can log in to Gmail account.

Product & version number:24.11.9615 (build 24.11.9615.887)

OS details: Windows 10 Pro. 24.11.9615 (build 24.11.9615.887)

When the VPN is turned on Outlook cannot log into my ISP’s e-mail server. I turn the VPN off and I can log in. There is no issue with Outlook accessing Gmail’s servers. My ISP is Comcast.

If you have any supporting screenshots, please add them:

See the information in this Norton Support article for help with email and VPN issues. https://support.norton.com/sp/en/us/home/current/solutions/v131881814

I have the same problem with Comcast email. I have gone through and setup the VPN tunnel and it still blocks the emails. Any other suggestions?

What email client are you using to access your Comcast email? When setting up the Split Tunnel feature, be sure you are adding the .exe file for your email client.

I am using outlook and have added Outlook.exe in the proper location to the tunnel. I verified this by going to the location that my shortcut is pointed to.

The only solution I have found with Outlook, with the help of Norton staff, is to have the VPN automatically turn off when I am on my home network. Away from home, I either have to turn the VPN off, or access my email with a different app on my cell phone. (the VPN doesn’t block it there)

Microsoft Outlook. I have done that. See my reply to Ralph_Medema below about the only thing that works. (Basically turning VPN off)

Yes, I have to turn off the VPN to access the comcast email on Outlook, but not Gmail. Oddly, the Comcast access is inconsistent. Sometimes it will work for awhile on the VPN and then suddenly lose the connection and ask me to login again. Once the login request pops up it won’t login and I have to shut the VPN off to reconnect.

EXACTLY!!! Having worked on that side of the customer support system I know what Comcast’s response will be. After verifying that the person can log in to their e-mail via the web portal, they will say that the issue is either with Outlook or Norton VPN. Microsoft will say that the problem is with either Comcast or Norton VPN since we can access Google Mail with the VPN on. And the support here, after we follow their steps with no success, will point the finger at Comcast or Microsoft. Meanwhile we, the consumer, have no one who can assist us.

It is frustrating and we are unlikely to get a resolution as a result. I’m thinking of trying a different VPN, but not sure if the problem is related to VPN’s in general or just the Norton VPN.

Has anyone contacted Comcast support to see if they are blocking VPN’s? Many email providers will block VPNs and/or request further verification it is you trying to access your account. This comes from the email servers seeing a login attempt from somewhere they are not expecting you to access from.

I am quite certain that is not the issue. I have accessed my Comcast e-mail using MS Outlook from Canada, Port Angeles WA, and Denver CO. I have accessed it using a non-comcast cell carrier, using WIFI from hotels, etc. all of which have different IP addresses. It is only when accessing Comcast using MS Outlook and Norton VPN turned on that there is an issue. Turning off the VPN cures the issue.

Actually that might be a good idea. There are VPNs out there that will give you two weeks to a month free service to check out their service. If you do and it works, then you have ammunition to throw at Norton’s help desk.

Norton 360 VPN Email Protection Causes Outlook IMAP Failures (Design Flaw)

Hi all — I’ve found a working solution for a design-level issue in the way Norton 360 VPN and the Email Protection feature interact, especially with IMAP accounts such as comcast. I submitted a ticket Sat 04/06/2025 and had Norton remote in to my client’s computer that I have worked on for over 50 hours to do advanced troubleshooting since he experienced this issue.

[S1] Widespread Common Issue

First, it goes without saying that this is a common issue. You can see it here, to name a few:

• search: d5df1036-00ed-45e1-ab41-3fbcf1b316d6

• search: imap-password/3952432

• search: norton us v20240108183457190

• search: norton us v131881814

[S2] What Norton Gets Wrong

Norton suggests (see this support doc at search: norton us v131881814) that if VPN-related issues persist, users should either:

1. Changing geographic VPN regions (which often causes degraded performance due to latency and the problem can persist), or

2. Exclude the application from VPN traffic via split tunneling.

But for #2 they never say which application to exclude. The correct exclusion for Outlook is (for example, version dependent):

C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE

That helps — but it’s not enough.

Even with Outlook.exe excluded from the VPN, IMAP sync issues (especially folder sync failures and repeated password prompts) persist if Email Protection is enabled. That’s because Norton’s Email Protection acts as a Man-In-The-Middle (MITM) TLS proxy, and this design leads to deeper problems.

[S3] What’s Actually Happening (Technical Overview)

When Email Protection is on, Norton acts as a Man-In-The-Middle proxy intercepting Outlook’s secure traffic, decrypts it locally using its own substitute certificate, then re-encrypts it before forwarding to the real server (e.g., Comcast).

Although this is not documented by Norton, in some of the A/B testing I conducted I can see the Norton certificate failures to imap[dot]comcast[dot]net for folder synchronization on Outlook.exe startup or on every Send/Receive.

Norton does mention this at a high level here:

search: norton us v20241115150241201

where it states (after expanding the FAQs) – The Email Protection feature uses an advanced scanning method for incoming and outgoing emails over SSL/TLS secured connections.

Sidenote: ignore the documentation in

• search: norton us v96137879

which is out of date and incorrect when it claims Norton does not scan email messages sent or received using email services that use Secure (SSL) connections. I asked Norton to correct this in the ticket submitted.

Here’s the catch: when Outlook.exe’s core traffic is excluded from the VPN, Norton’s helper services and background processes are not. So you end up with split network paths:

Outlook.exe → LAN

Norton/Email Protection helpers → VPN

I proved this with a procmon trace.

This breaks the atomic trust chain required for seamless IMAP folder sync and authentication, especially on servers like Comcast that rate-limit or flag unexpected connection behaviors. The proxying effectively shatters the end-to-end flow Outlook expects.

What’s worse, many of the helper components are:

• Hidden (services like svchost.exe)

• Brief (sub-second lifetime processes difficult to troubleshoot except with advanced tools like procmon, sysmon) - example was seeing the jhi_service used by Intel’s ME platform when seeing Norton use it’s fake MITM certificate (through the VPN – this was proven by a procmon trace).

• Difficult to target as additional split tunneling exceptions (you lose a lot if you put svchost.exe as an exception)

Affected components can include (to name a few):

Processes:

• OfficeClickToRun.exe

• MSExchangeHMWorker.exe

• Teams.exe (since integrated with Outlook)

• OneDrive.exe (since integrated with Outlook)

Concepts / Services:

• Authentication & token refresh (sometimes tokens are shared between processes)

• Autodiscover

• SMTP relay

• EWS/MAPI setup

• Intel ME

These components may attempt to validate certificates, renew session tokens, or touch Microsoft’s licensing servers — but their network path goes through the VPN, while Outlook goes outside it, leading to inconsistent identity contexts and broken sessions.

[S4] What You Lose by Turning Off Email Protection

To be fair, disabling Email Protection comes with trade-offs:

1. Slight reduction in phishing/malware detection I am assuming Comcast already provides robust server-side filtering.- they put things in Spam even – perhaps Norton will pick up some things Comcast would have missed. But the end-user must be aware of new phishing attempts regardless. As well, there a few excellent third party Outlook spam addons.

2. Rare loss of zero-day detection Norton might catch something the ISP missed — but only if you open something risky.

3. Negligible outbound scanning Very unlikely to affect home users unless your system is already compromised.

[S5] Recommendation

If you rely on Outlook with IMAP over VPN and need stability:

• Exclude Outlook.exe from Norton’s VPN.

• Turn off Norton Email Protection.

• Let your mail provider (e.g., Comcast) handle filtering, which they already do quite well.

This avoids the VPN routing conflict and restores Outlook’s ability to sync folders and authenticate predictably.

[S6] Summary

With VPN split tunneling enabled for Outlook.exe and Email Protection turned ON, Outlook’s IMAP authentication fails intermittently, especially during folder sync. Disabling Email Protection fully resolves the issue. This suggests that Norton’s Email Protection component is not respecting split tunneling boundaries and is interfering with the authentication flow.

Norton should investigate this further.

[S7] Final Note

This post is the result of 50+ hours of hands-on research:

• Custom PowerShell scripts

• Real-time monitoring using Procmon

• Controlled A/B testing with different VPN + Email Protection states, POP3 vs IMAP

Frankly, Norton support could have solved this faster by pairing with a power user, but I understand not all support channels are equipped for that. I do hope my ticket submittal reaches someone at Norton who understands the design internals of Email Protection and agrees with me versus being dismissive of incontrovertible proof and pointing a finger at Microsoft or Comcast — because the issue is clear once you see the pattern. Politically, they may be uncomfortable recommending turning off Email Protection - but in my opinion, you are not losing much (especially if you purchase a good addon if you are not happy with Comcast’s spam filtering)

Also, full credit to my AI assistant ChatGPT-4o — the best co-worker I’ve ever had. It didn’t solve the problem for me, but it helped me think faster, cross-check my technical hunches, and build structured theories that I could test and refine. What it learned will probably show up when Norton support staff (apparently) use ChatGPT themselves. This is far better than steering people to solutions that don’t properly address the technical design limitations.

I have left the corporate world and continue to fix the unfixable if it is important to my clients. I do not have the bosses from h**l who don’t respect advanced troubleshooting, the Phil Crosby “Quality is Free” root-cause-analysis philosophy or the legendary John Wooden’s (10 NCAA basketball championships in 12 years at UCLA including 7 in a row) famous quotes which include:

• “If you don’t have time to do it right, when will you have time to do it over?”

• “Make each day your masterpiece.”

• “Failing to prepare is preparing to fail.”

• “Do not let what you cannot do interfere with what you can do.”

• “Things turn out best for the people who make the best of the way things turn out.”

• “It is amazing how much can be accomplished if no one cares who gets the credit.”

• “Don’t let making a living prevent you from making a life.”

• “Don’t measure yourself by what you have accomplished, but by what you should have accomplished with your ability.”

Thanks for reading — I hope this helps others facing the same invisible wall. Best wishes, Harry Stein

userharry, thanks for posting your findings on this. I have turned off the Email Protection and am giving it a try!

Norton community:

This is an update. After spending an immense amount of hours to document the above last April, and finally convincing Norton that my analysis was perfect, the issue was escalated to developers. Meanwhile, my customer was happy to forgo the email protection as a workaround as mentioned above.

A couple months later, I was called and asked to assist in testing and I declined - I told Norton, (1) ask one of your employees who has a comcast account to volunteer or pay for one month and cancel or (2) I would actually help test provided they would extend the customer’s 3 device package expiring this Dec for another 3 years and mine as well FREE. This probably has a value of close to nothing for them given the work I did above is considered advanced troubleshooting that most of their support probably do not understand, they should have been grateful IMO and accepted the offer. Instead they offered to extend my c customer’s renewal by 6 or 8 weeks (I can’t recall which). I calmly said no thanks and that was that.

Fast forward to Sept and a different customer with an email with wi.rr.com had a similar issue but this one involved any email which had attachments and was sent by Outlook.exe – the email showed up (WAS) in the Sent folder, but was not sent to the recipient. This had been going on for around 6 weeks said the customer. I tested this myself and confirmed the behavior on the customer machine.

I tried wi.rr.com webmail in Chrome and (WAS) able to send emails with attachments! So we had an unacceptable workaround (RR.COM webmail) but at least we knew it was either Outlook.exe, Norton or the wi.rr.com server. Note all add-ins were disabled in Outlook.exe and the VPN was never used.

Next I disabled the email protection feature in Norton but the problem with Outlook.exe client persisted.

Finally, I uninstalled Norton (but kept data) and now Outlook.exe was sending out attachments just fine.

To give Norton the evidence (here) it should be noted that the Norton logs showed the following
(1) there were multiple connectivity errors both when email protection was on and when it was turned off. These are attached.
(2) even with email protection turned off, Norton continues to act like a man-in-the-middle for all traffic to and from the email server wi.rr.com . You can see the TCP/IP connections (Tcpvcon output not shown here) and you can see errors occurring during the Send.
(3) Norton logs show the revision has been updating flawlessly over the course of time.

From Norton\log\arpot.log I see version numbers repeating in the logs and so I documented the first occurrence of each AV version (I think it started around version 25.6 or 25.7:
2024-11-05 12:13:12 AVAVER: 24.10.9535 AR2: 241023 defs: 24110400
2024-11-17 00:36:34 AVAVER: 24.11.9615 AR2: 241106 defs: 24111604
2025-01-15 02:36:08 AVAVER: 24.12.9725 AR2: 250110 defs: 25011422
2025-02-12 17:45:48 AVAVER: 25.1.9816 AR2: 250110 defs: 25021212
2025-03-20 07:14:28 AVAVER: 25.2.9898 AR2: 250313 defs: 25031912
2025-04-09 07:51:35 AVAVER: 25.3.9983 AR2: 250408 defs: 25040900
2025-05-08 07:02:33 AVAVER: 25.4.10068 AR2: 250505 defs: 25050704
2025-05-28 07:00:21 AVAVER: 25.5.10141 AR2: 250512 defs: 25052716
2025-07-02 07:18:57 AVAVER: 25.6.10221 AR2: 250625 defs: 25070104
2025-07-22 07:29:49 AVAVER: 25.7.10308 AR2: 250625 defs: 25072202
2025-09-02 05:59:25 AVAVER: 25.8.10387 AR2: 250822 defs: 25090104

(4) The problem seems to have started perhaps 6 weeks ago. Right around the time Norton probably released the fix they asked me to test. Keep in mind road runner, comcast, charter are all from the same family so it is no surprise this happened to a wi.rr.com customer who uses Outlook.exe and Norton.

If anyone is experiencing this with Outlook.exe not sending emails with attachments, your workaround is to either use webmail or if you insist on using Outlook.exe, then uninstall Norton.

If you wish to press Norton for a fix, open up a ticket and refer to this post and say “I am having the same issue Norton and please fix it!”. Good luck!

In the allmailerrors.txt I created you can see all the errors during testing. Don’t let Norton tell you your network is slow or has issues. This is TCP/IP and when Norton is not installed and all it’s filter drivers are gone, THERE ARE NO ERRORS (and in the attached capture.jpg you can see the filter drivers before (left) and after (right) Norton is uninstalled. The filter drivers work closely with the Norton settings and as man-in-the-middle agents between Windows Outlook.exe and the email servers.

Blessings,

Harry Stein

Capture1909×248 63.1 KB

allmailerrors.txt (98.1 KB)

I gave up long time ago. I have the VPN off when on my home network, and when I want to access my e-mail away from home, I use the e-mail app on my Android phone, which works with VPN on. When I was trying to get the issue solved when it first showed up, the response was consistently “it is Comcast’s problem, not ours.”

Thanks for sharing. They just dont care about customers with outlook and Comcast, rr.com (imo). Its exhausting to press the issue.