Norton Security is checking for a router vulnerability which is causing false alerts on my Router security. I would like to configure Norton to exclude this check.
Detailed description:
Each day, when Norton does it’s security scans, it checks for the linksys TheMoon vulnerability on my router.
I know that my router is not vulnerable to this. This check in fact triggers an alert on my router from each PC running Norton, to say the malware has been detected because it has received the http GET used by the malware. The unnecessary alerts are cluttering up the logs.
Can I configure Norton to remove this check from the daily scans, and if so how?
Product & version number:
Norton Security (as included with BT Internet), 25.5.10141
I think you can disable it but i dont now how you do it maybe call norton support they can help you over chat but normal it only do password check not more i also now i dont has a problem there i just say skip to it but maybe there is a better way
@PK1966 If the vulnerability is being detected, I have to ask whether you are using an older Linksys router and whether your router has its firmware updated. Here is some AI information for you to review.
AI Overview
The “TheMoon” vulnerability affecting older Linksys routers has been addressed by Linksys with firmware updates and other recommended actions
.
Fixes and Recommended Actions:
Firmware Updates: Linksys has released firmware updates for the affected router models to address the vulnerability. It is important to download and install the latest firmware for your specific router model to patch the vulnerability. You can find instructions on how to download and install firmware updates on the Linksys support website.
Disable Remote Management Access: The vulnerability exploited by “TheMoon” worm works by bypassing administrator authentication when the Remote Management Access feature is enabled. If you don’t need this feature, disable it in your router’s administration settings.
Reboot Router: Rebooting your router can help remove the malware, as “TheMoon” worm is not persistent across reboots.
Restrict Remote Administration Access (if necessary): If you require remote administration, restrict access to the administrative interface by IP address, so the worm cannot access the router.
Enable Filter Anonymous Internet Requests: This setting can help prevent the worm from finding and exploiting your router.
Change Administrator Interface Port: Changing the port for the administrator interface from the default (port 80 and 8080) can make it harder for the worm to find your router. The moon has been around since 2014 so its not a new thing.
Affected Router Models:
Several older Linksys E-series and Wireless-N access points and routers were affected by the “TheMoon” vulnerability. While a definitive list of vulnerable models might not have been available at the time of the initial outbreak, some potentially vulnerable models depending on the firmware version included:
E4200
E3200
E3000
E2500
E2100L
E2000
E1550
E1500
E1200
E1000
E900
Reports also indicated that other models, such as the E300, WAG320N, WAP300N, WES610N, WAP610N, WRT610N, WRT400N, WRT600N, WRT320N, WRT160N, and WRT150N, might have been vulnerable depending on the firmware version.
Important Note: The “TheMoon” vulnerability is from 2014, and some affected router models may no longer be supported by Linksys. If you are using one of these older, unsupported routers, it is recommended to upgrade to a newer model with the latest security features to protect your network.
No, I don’t use a Linksys router - and it’s NOT Norton that’s flagging the alert
It’s being triggered by Suricata running on my router hardware because Norton is making a similar http GET call that the actual malware does seeking the vulnerability.. My router is blocking it and raising an alert.
I know it’s harmless because it’s a legitimate thing for Norton to do given the proliferation of affected routers, but I know mine isn’t one of them and I want to avoid the ‘noise’ of false positive alerts triggered by the network monitoring.
Thanks for the post back and allowing us to offer a secondary approach. I like working things from the obvious to the not so obvious trying to get an answer. Using Suricata on your router is the most likely issue that needs resolving. It and Norton are working against one another trying to perform similar functions. Norton will inspect your Network as does Suricata, one or the other will conflict with IDS detections and that is what you are seeing. Is it mandatory that you use Suricata with your router?
There is some AI generated information about what is suggested nevertheless, AI isn’t 100% correct all the time.
AI Overview
To disable network scanning in Norton 360 version 25.xx, you need to disable Auto-Protect and Smart Firewall, then adjust the duration for which they are disabled. You can find these options by right-clicking the Norton icon in the system tray and selecting the appropriate options to disable them temporarily.
Here’s a step-by-step guide:
1.Disable Auto-Protect:
Right-click the Norton 360 icon in the Windows system tray.
Select “Disable Auto-Protect”.
Choose the desired duration for the disablement (e.g., “Until system restart”).
2.Disable Smart Firewall:
Right-click the Norton 360 icon in the system tray.
Select “Disable Smart Firewall”.
Choose the desired duration.
Personally I would NOT disable Norton auto-protect nor firewall for the sake of running an IDS scanner on your router. I would not use the Suricata software or tame down its settings so its not conflicting with Norton protection of the OS. I suggest looking at the settings on your router shown in #8 of this article if you want to use both Norton and Suricata. Having both is a matter of overkill from my perspective.
I know I can suppress the warning in Suricata - I was hoping not to just in case a device does get affected. I agree that I don’t want to turn off the whole smart firewall protection either - I just wanted to be able to remove that one check.
I guess I have to trust that Norton would pick up the malware and suppress the Suricata warnings from devices that are protected by Norton.