Hi, my company has just released some software which, as part of its normal operation, needs to act as a server. It binds itself to a specific port on 127.0.0.1, and a separate client executable (and/or a web-browser based interface) then communicates with that port.
Obviously our helpdesk is geared to helping users whose firewalls are detecting and alerting/blocking this behaviour. We've had some reports of this in Norton 2008 and earlier, but I've been unable to recreate them in NIS 2009.
Even going into the Smart Firewall settings and explicitly blocking both the client and server executables, communication is still allowed through.
Now (personally) I agree this is the Right Thing, unlike certain other products (Mc*COUGH*fee 2009 for example) which seem to equate 127.0.0.1 with "The Internet"... but in order to help out our customers, I do actually need to recreate Norton's behaviour our product is being blocked... (As part of our testing phase we purchased the latest versions of various security suites but I'm trying to work out if we need to purchase some legacy versions here...)
How does Norton 2008 handle this behaviour by default? Is it more likely that it might be configured to alert/block? If it's the same as 2009, how far back do I need to go?
Sounds like one for our friends the Symantec Staffers -- names in red .... <s>
One thing you might to is read the milelong thread here on network freezes which seems linked to when a server is on NAV 2009 and does not happen when it is using NAV2008 even if the clients are using NAV 2009. It would seem advisable to check out that this does not happen also when pretending to be a server! At least until Norton fix it.
In our case the client and server are running on the same PC; and it seems to be only the older versions of Norton that are blocking them (our test install of Norton 2009 on XP SP3 allows them to communicate without any problems) so I don’t think this is related.
I’m more trying to find out which versions of Norton do block this behaviour, so I can buy one, recreate it, and then provide a script to our helpdesk that describes how to diagnose that this is what’s happening and help the customer create the exception rule. (On the other hand, if I can’t recreate it, it may be an as yet undiscovered bug in the software, or some other configuration issue… joy…)
(We have a generic script telling you which executables and ports to allow, but for the popular products we’d like to have a technophobe-proof step by step guide telling you exactly what to click and what not to click And I could write a script for Norton 2009, but given it’s not actually blocking our product, it seems a bit pointless…)
Hope that clarifies the question I’m trying to ask here
Paul, since Norton Internet Security was first introduced there has always been a general policy of not allowing ‘server’ communication by default. Users always have to create rules to allow the communication. There have been and continue to be some exceptions to this behavior, such as allowing connections from Trusted machines. What you are describing, though, isn’t what most people think of as a server (although you are technically correct.) With early versions of the product, it came with pre-installed rules to allow all localhost communication. With latter versions those rules have been removed and replaced with similar, built-in, logic that allows for a few, more esoteric cases as well (such as connections from NIC interface to localhost interface and vice-versa.) Hopefully this gives you some additional guidance.
Message Edited by reese_anschultz on 02-26-2009 07:43 AM
Glad to see you have some information from Reese – he’s your man for guidance on this I’m sure althlugh there may be aspects Symantec would rather not discuss in public? <s>