Firewall Question (EPMAP and Windows File Sharing)

Norton Security | Norton Internet Security
1

Hi guys, thanks so much for awesome (and patient!) answers to previous questions. I have one more...

 

I've been getting these two entries in my history logs over the past few weeks:

 

Rule "Default Block EPMAP" blocked communication.
Local address: All local network adapters( Port dcom (135) ).
Process name is "C:\\Windows\System32\svchost.exe" .

 

Rule "Default Blok Windows File Sharing" blocked communication.
Local address: PC (my address)( Port (139) ).
Process name is "System".

 

Thanks to these threads http://community.norton.com/t5/Norton-Internet-Security-Norton/Rule-quot-Block-Windows-File-Sharing-quot-blocked-comunnication/m-p/509248/highlight/true#M167170 and http://community.norton.com/t5/Norton-Internet-Security-Norton/what-is-meaning-of-EPMAP-blocked-port-135/m-p/333693/highlight/true#M136597 I know that these entries are fairly typical and not necessarily anything to worry about.

 

My concern/question is that these entries seem to have started showing up in my logs around the same time I stated getting hit with inbound TCP connections (which Norton was thankfully blocking).  

 

Is the fact that the two things started showing up around the same time a concern or is that just how the firewall works?

 

(Running NIS 20.4.0.40 on Wndows 8 with malarebytes free vesion for ondemand scans. Full scans with both have been coming up clean.)

2

Hi,

 

There is nothing to be worried, these are normal Firewall entries, NIS blocks these connections by default.

You can safely ignore those events, NIS does all the work!!

It is how NIS Smart Firewall works by design.

Hope this helps,

 

Regards,

3

Hi Apostolos,

Yhanks so much for the reply!

So the fact that these only started showing up around the same time NIS was blocking inbound TCP connections like

Rule “Default Block Microsoft Windows 2000 SMB” blocked (114.46.36.233, Port (445) )Inbound TCP connectionLocal address, service is (PC (my ISP), Port (445) ).Remote address, service is (114.46.36.233, Port (60633) ).Process name is “System”.

or other inbound TCP connections triggering the “Default Block EPMAP” rule with process name svchost.exe isn’t something to be concerned about? I wasn’t sure if the combination was the Firewall just being extra vigilant or if it might be a sign that something had gotten through at some point.


4

Hi roane,

 

There is nothing to be concerned about, this is NIS Default behavior.

You can mark this case as solved as everything looks normal.

Let me know if you need extra help.

 

Best regards,

5

Thanks, Apostolos! Much appreciated!

6

Hi roane,

 

Glad that I've been able to help!!

Thank you.

 

Regards,