Last night I attempted to run a quick scan, but nothing happened. I tried several times and in the end gave up and told the PC to shut down. This made windows pop up with an error:
ccsvchst.exe - Application Error
The exception unknown software exception (0xc0000005) occurred in the application at location 0x6ae863fe.
Click on OK to terminate the program.
Now, until I told the pc to shut down the sidebar box said secure and the norton panel itself also said secure, the last security history entry (no user logged in) is also at the same time as when I told the pc to shut down/the error.
So question no.1 - is this something to be concerned about? Does the fact that there is a log entry for 'no user logged in' at the time of clicking shut down mean the firewall etc was still running fine? Norton is running as normal this morning and scans fine so... I assume it's just norton/windows not quite agreeing.
Part 2:
I noticed a large number of perculiar entries in the security history since this occurred (although some also have entries for an hour prior to the incident) that I shall list here:
Rule "Default Block EPMAP blocked communication.
Local address: All local network adapters( Port dcom(135) ).
Process name is "c:\windows\system32\svchost.exe"
Rule "Default Block UPnP Discovery" stealthed (192.168.X.XXX, Post ssdp( 1900) ). Inbound UDP packet. (literally hundreds of these).
Lots of similar entries called 'Default Block SSDP' for (OTHER PC's NAME.lan and ip) port etc, inbound tcp connection.
Rule "Default Block Microsoft Windows 2000 SMB" blocked (OTHER PC'S name.lan and ip) inbound tcp connection.
Rule "Default block Microsoft Windows 2000 SMB" blocked ( IP address, port) inbound tcp connection.
Rule "Default Block Web Services Discovery" stealthed (long string of letters and numbers with colons)
Inbound UDP packet.
Process name - svchost.exe
Any advice/answers on what this all means would be welcome. I am using Vista 64, the other network pc uses Win 7 64, both have NIS 2011.