Hi all,

Am rather new to Norton and Antiviruses in general, and this community has been really informative in general. I can't really seem to stop looking at my logs - while some of my queries can be resolved through other threads, I would like to check on this -

Is it normal that this item appears regularly everyday, around 3-4 times per day, and what exactly does it do?

Sometimes this appears as well - 

Also, I also get "You allowed XXXXXXX to access your network resources" when I had not specifically allowed anything. Can I check if this is normal, and that the Norton Smart Firewall is working to do their thing, and will not allow anything that is malicious?

Would appreciate any responses on this, thanks in advance for your time!

Hi peterweb, thank you! Will make sure to keep that in mind.

Hi SendofJive, I see, okay noted with thanks! I'm not running Vista, but Windows Home 10 instead. Yep, I will try and leave the logs alone for some time and see how it goes.

One last question though, just for some extra knowledge and if anyone knows why - how come when I am connected throughout to my home Wifi (set as public), somehow these logs appear - 

I'm not sure what happened as I left my laptop idle for that period of time, but seems like my network settings were suddenly changed from public to private without my intervention (while still being connected to the same Wifi network)? And the private network can't be found when I try to click on 'restrict' just to try and check. And why is the last log that my IP address has disappeared when I am still as of now connected to the internet?

And this - how come I am connected to two networks at one go? The first network with the numbers only appear occasionally, normally I only see the one with the mix of numbers and alphabets.

Would appreciate any insights on this, thanks and hope everyone is having a good weekend :)

Opening the Norton logs can take a couple of minutes.  If you are entering other commands at the same time, you may just be overloading Norton with tasks, and it hangs and then crashes.  I have had this happen on a number of occasions. Image SAFER seems to be something that is part of Windows Vista (although it could certainly be on other OS's too).  Are you running Vista?  In any case, it does not seem to be malicious, so it is safe to leave it installed and you do run the risk of possibly breaking something if you remove it (you can see that it has a widespread presence on your system from your screenshot).

Bottom line:  It doesn't sound like there is anything especially worrisome going on here.  You run the risk of doing more harm than good if you start making changes to a system that is not showing any outward signs of serious trouble.  I would recommend leaving Norton and its logs alone for a week and see if you have any performance issues with Norton or the PC.  You need to realize that if there are serious problems, Norton or Windows will generally let you know in no uncertain terms.  You do not have to go looking for them.

I've downloaded MB recently and have kept the installer in my downloads. I install it when I would like to run an ondemand scan and uninstall it when I'm done with the scan. 

No need to uninstall MB between running scans. Norton and MB work fine together, especially if you disable the full time scanning options in the initial trial of MB. After the 14 day trial of the full version, it will automatically drop down to the free, stand alone, version with no real time scanning, allowing you to just use the on demand scanning features of MB. You can also disable the full trial anytime after the install by following this MB Support article.    https://support.malwarebytes.com/hc/en-us/articles/360040972954-Deactivate-Premium-Trial-in-Malwarebytes-for-Windows

Hi JJ_ and SendofJive,

Many thanks for the responses and the steps outlined. 

To SoJ: Ah, Norton does not crash on its own from my observations (unless it crashes without me knowing LOL), it crashes when I try to click on say a log or a button (eg Settings), and it doesn't respond and hangs on me. I don't think it just er, stops on its own - I guess I notice it because I'm actually doing something with Norton. Perhaps trying to open Settings when I have a log open, or I press on a button too many times because it's not responding? Would you consider that as too many things going on haha.

On ImageSafer - I indeed have this ImageSafer thing installed on my computer - seems to have been installed in 2014 (I purchased my laptop in 2015, dk why the date modified is in 2014), honestly not sure why it started acting out of the blue yesterday, the only thing I did exceptional yesterday was to uninstall Microsoft Teams.

https://www.reddit.com/r/samsung/comments/8fs9k5/markany_content_safer_basically_same_as_virus/

I saw this link though, and although I do not have contentsafer it still feels quite disturbing seeing its from the same company. It does not appear in my apps and programs in both Microsoft and Control Panel but appears in my running services, so I'm not sure how I can remove it? I would certainly like to delete this, but I can't seem to find a way to uninstall it. Any idea how I could do it? I know some forums recommended downloading stuff like ccleaner but I'm hesitant to download such dubious software in case it introduces malware.

To JJ_ -  I've downloaded MB recently and have kept the installer in my downloads. I install it when I would like to run an ondemand scan and uninstall it when I'm done with the scan. Have been scanning with MB once per few days recently with the rootkit scan checked as well, nothing detected. I have not downloaded other software for antivirus - only TCPview to look at my running processes. 

Also, the the No user is logged in entry is more than likely related to Norton crashing.  Fixing the issue with Norton should clear-up 99% of these errors less a couple of IPS notifications you might receive due to scvhost or maybe another windows process that might from time to time try scanning Norton's program files but is nothing to be concerned about.   

Ah actually, I'm more concerned about why it doesn't register sometimes when I shut down my computer? 

I will monitor my laptop for a few more days, and if Norton still persistently crashes I will follow your tips to perform the scans. Really appreciate the advice!

jmwang,

I'm hoping I could take JJ_'s solution as last resort honestly, because it seems that many processes are involved I'm not the most confident in troubleshooting laptop issues in case anything goes wrong during the process.

If you're concerned about something going awry, after uninstalling Norton and rebooting, create a manual restore point. Skip running the chkdsk command for now but, go ahead and run DISM and then the SFC commands. If something does go awry, you can use the restore point. 

Do try and track down that "Image SAFER program" and remove it and any other tools or other virus/malware software you may have installed.  Remember, it's not advisable to have more than one active virus/malware program on your system at the same time and a lot of these so called free tools have embedded malware in them.

Also, the the No user is logged in entry is more than likely related to Norton crashing.  Fixing the issue with Norton should clear-up 99% of these errors less a couple of IPS notifications you might receive due to scvhost or maybe another windows process that might from time to time try scanning Norton's program files but is nothing to be concerned about.   

Hi jmwang,

The screen shots you posted in this link is referencing "Faulting module name: UISSSH.dll" which is related to the Norton User Interface. 

Initially, from your posts, I was under the impression you had only experienced a one off single crash of Norton. However, from your follow up posts, you indicated you're experiencing daily crashes, hence my response in this post.

The errors you noted about DistributedCOM 10010 and 10016, from my understanding are related to windows version updates and can safely be ignored. See this link for more info

In your current screen shots in reference to imgsf50start_x64.exe and imgsf50start_x86.exe, as SendOfJive noted, may have to do with a program called "Image SAFER by MarkAny".  Look in your Task Manager, ensuring you select "Show process from all users" first, for a process called ImageSAFERSvc.exe.  Also check your installed programs for it as well.  If you find it, uninstall it as its not part of your windows OS.

If you've added any other software in an attempt to repair your current issue or past issues, please uninstall them as well.

Next, as I recommended in this post, Please follow the recommendations outlined. The reason for running Check Disk, DISM, and SFC commands, as outlined, is to ensure there are no issues with your Hard Drive or OS.  After those are completed, you can then re-download your Norton Software and reinstall.    

Note, if you cant find the "Image SAFER program" and or you just want to be double sure, you might try downloading Malwarebytes first and running a full system scan ensuring Root Kit is checked in its settings. If Malwarebytes comes back clean, please uninstall it completely before reinstalling Norton.

Do you have a program called Image SAFER on your system?  It looks like you do and that it likes to continuously check the processes running on your system.  When it tries to access Norton processes it is blocked by Norton Tamper Protection.  Nothing to worry about.  If the program were malicious, Norton Auto-Protect would remove it.

I think I would try uninstalling/reinstalling Norton to see if that solves the crash issue.  Does Norton crash on its own, or does it crash only when you are doing things with it, such as looking at the logs?  When my Norton crashes, it is almost always when I am trying to get it to do too many things at one time.  Very rarely have I seen it just stop working out of the blue.

Hi all, 

Recently I've found this appearing in my logs - 

I know you guys mentioned not to be overtly worried about my logs and I'm trying my best not to, but since two hours ago this has been logged around 20 times, same targets (symerr.exe or NortonSecurity.exe) and the actor is always this IMGSF50START, either from WINDOWS\SYSTEM32 or WINDOWS\SYSWOW64. Since it's happening so frequently, I'm not sure if it's a software error? There are no logs of these in Event Viewer. I know it's normal that there are unauthorized access blocked logs, but this one occurred too many times in a short span of time so I'm slightly worried. Does anyone know what's happening?

[UPDATE: Ok, now I'm definitely feeling a bit anxious. As I was typing that out just now Norton crashed, and when I re-opened my logs I saw this -

The ones at 11.31.07 and 20 pertain to WERFAULT, and the rest continue to be from IMGSF50START. 

I wonder if it's my own laptop that is causing Norton to produce such errors, but I've been using the laptop with no problems for quite some time. Could anyone advise if this is normal, and if not, how I can deal with this? I'm hoping I could take JJ_'s solution as last resort honestly, because it seems that many processes are involved I'm not the most confident in troubleshooting laptop issues in case anything goes wrong during the process.

Many thanks in advance for any responses! Thank you for taking the time out to help, I really appreciate it.

Hi JJ_,

Bumping my reply up - are the screenshots I took helpful to pinpoint the error?

Oh, and does anyone face the non-'no user logged in' message even when they shut down as well? If it's a bug I'd like to report it, anyone knows where I can do that?

Thank you!

jmwang:

PS: Oh my, SoJ, that's indeed a lot of errors in Windows Event Viewer, seems to be mostly related to DistributedCOM 10010 and 10016. But I guess since Windows seems to be functioning as usual, I shouldn't be too concerned..?

Ignore them.  As I said previously, Windows is constantly working around errors.  This is normal.

Hi JJ_,

Nope, I do not receive a notification from Norton, the icon in my taskbar just disappears and appears again.

Attached screenshot as follows - 

Eh also, sorry if I missed out on anyone's reply, but 

I would also still like to make sure on the Norton 'No user is logged in' entry, if anyone knows, because Norton does not seem to register when I shut down my computer at times. Is there a glitch somewhere, or is this normal behaviour for Norton to miss out on some logins/logouts? If possible I would like to report it as a bug to Norton, but I see no platform available for me to do so.

Does anyone know where I can report a bug, and does this happen to the rest of you as well?

Thanks all for your responses! Really appreciate it.

PS: Oh my, SoJ, that's indeed a lot of errors in Windows Event Viewer, seems to be mostly related to DistributedCOM 10010 and 10016. But I guess since Windows seems to be functioning as usual, I shouldn't be too concerned..?

Hi peterweb, 

Many thanks for your clarification, that puts me at ease! I have also disabled remote assistance to my computer.

JJ_:

Hi jmwang,

...try looking through Windows Event Viewer and see if there's any reference to these crashes. 

And DO NOT be alarmed by all of the errors and warnings in Windows Event Viewer.  They are normal.  EVERYONE'S Event Viewer logs have them.

Hi jmwang,

Just a follow-up to my last post.  When you believe Norton has crashed, do you receive any type of error message that pops up on your screen immediately after the event?   If not, try looking through Windows Event Viewer and see if there's any reference to these crashes.  If so, please describe or if you have a screen shot, please post.

Can I please check if there is a way to confirm that he did not remote access my computer without my permission?

I have had remote sessions with Norton Support. There is no way for the agent to connect to your computer without your personal intervention. You will have to download the remote access app and manually enter a session code that the agent would have given you as part of the chat or phone call. And as the agent noted, once you have allowed the session, you have the option to end the session at any time.

Hi jmwang,

Can I please check if there is a way to confirm that he did not remote access my computer without my permission? Would there have been any pop-up that required me to have clicked on it to give him approval, or could he be accessing my computer now without my knowledge?

To be honest, I've never had a remote session with Norton Support, so I'm not familiar with the actual process.  I would think you'd have to approve the connection before they could access your PC.  Perhaps someone who's had the pleasure of a remote session could chime in?

when I try to open Norton, and it does not open and crashes (the icon disappears from my toolbar for a few seconds and appears again). I think it seems to happen once every 2 days/ daily recently actually.

If it's in fact crashing, and the event logs coincide with these crashes, that's definitely not normal. Norton should not crash daily much less every couple days. So I'd say somethings afoul. 

would you consider this as frequent and a possible cause of concern?

Based on the above, I'd say its a possible cause for concern.

Is there anything I could possibly do to resolve this?

In an attempt to resolve this issue, you could try my above recommendation to remove, conduct the Check Disk, DISM, SFC Scan and then reinstall Norton. 

Ah, yes and I realised that this WERFault seems to be triggered when I try to open Norton, and it does not open and crashes (the icon disappears from my toolbar for a few seconds and appears again). I think it seems to happen once every 2 days/ daily recently actually. 

SendofJive, would you consider this as frequent and a possible cause of concern? Is there anything I could possibly do to resolve this?

Again, I would really like to convey my gratitude to all for your patience and sharing of knowledge. Support is really so useless in answering my queries, I'm so glad I have a forum like this to get advice from, and I would like to apologise if I seem a bit too paranoid and for the many questions, sometimes repeated.

Bless,

Hi JJ_,

Wow, really a lot of thanks for the detailed description!! I really appreciate it, as well as all the advice that has been given so far. As SendofJive mentioned, I think I will just let go of the Error Reporting Submissions, as long as Norton shows a green tick and "I am Protected" I am probably safe and Norton is probably protecting my computer. I appreciate all the steps provided, but I'm such a tech noob and am worried that I might not be able to troubleshoot if there is any error along the way, as this is my only laptop and I need it most of the time and can't afford to send it for servicing.

On a side note, I did try to contact support through Phone and online support, both of which were, I am disappointed to say, utterly useless. It seemed that they could not understand me at all -

And the online support kept trying to get me to give him remote access. I told him no, but he went ahead to ask me if I would like to proceed, and that I could end the process anytime when I clearly said no already. Can I please check if there is a way to confirm that he did not remote access my computer without my permission? Would there have been any pop-up that required me to have clicked on it to give him approval, or could he be accessing my computer now without my knowledge? (Yes paranoid, I know, but I'm not good with tech so I'm not sure how far one could go when it comes to remote desktop connections, also I thought Windows 10 Home does not support remote desktop connection)

I would also still like to make sure on the Norton 'No user is logged in' entry, if anyone knows, because Norton does not seem to register when I shut down my computer. Is there a glitch somewhere, or is this normal behaviour for Norton to miss out on some logins/logouts? If possible I would like to report it as a bug to Norton, but I see no platform available for me to do so.

Does this happen to the rest of you as well?

 Many thanks in advance!

Hi jmwang,

I know these Error Reporting Submissions are somewhat confusing.   It's kind of like the firewall report stating "you allowed".  Additionally, I know you're probably not going to feel comfortable with Norton, considering those reports.  

The only alternative would be to either contact Norton Support or conduct a full reinstall of the software (which is what support will recommend).

If you elect to try reinstalling, please review the following Norton Support Document thoroughly.

Next, scroll down to "I need help removing Norton" and click to open and and continue reading.  Now download the NRnR tool from that document and save to your desktop.

Next, ensure you are logged in on your PC with an ADMIN Account!

Then double click on the NRnR tool ensuring you set the advanced option to Remove Only. If it asks if you'd like to save any previous setting select No. After your system reboots, Do Not Reinstall!

Once you have Norton removed, I'd like for you do some checks on your system.

First, ensure Windows 10 Fast Start-up is disabled. You can find the instructions on how to turn it off at this Link.  Once done, reboot.

Next, run a check disk scan as follows:

To check your hard disk, click on the Windows Start button. In the search box type CMD. Right click on cmd.exe and click on run as administrator. In the command prompt type "chkdsk c: /r"  without the quotes. A message will come up asking if you want to check the disk on the next restart. Answer 'Y'. Reboot and the check disk will run before Windows starts up. This will check the file system as well as the physical disk surface. This scan can take a long time, depending on the size of your hard drive.  (credit Peterweb)

If check disk comes back good, Reboot yet again.

Next, run the Deployment Image Servicing and Management (DISM) tool (Ref MS Support Doc):

From the Windows Start button, in the search box type CMD. Right click on cmd.exe and click on run as administrator. In the command prompt type "DISM.exe /Online /Cleanup-image /Restorehealth" without the quotes. Then press enter. It may take several minutes for the command operation to be completed. Important: When you run this command, DISM uses Windows Update to provide the files that are required to fix corruptions.

Once DISM has completed and your back at the blinking command prompt, type "sfc /scannow" without the quotes. and then press enter.

The sfc /scannow command will scan all protected system files, and replace any corrupted files.

Note Do not close this Command Prompt window until the verification is 100% complete. The scan results will be shown after this process is finished.

Take a screen shot if any errors/repairs found if any. If no problems were found or it states its repaired them, type "exit" and press enter.  reboot again.

Now, log in to your My Norton Account and select to download your Norton Software.  Once you've downloaded and reinstall, ensure you run LiveUpdate a couple more times with reboots between until it states no more updates available.  Reboot one more time for good luck.

Keep an eye on things over the next week or so.  If you continue seeing error reports related to the software and or have further concerns, I'd recommend contacting Norton Support through this Link