Firewall question

Does Norton have firewall protection? when I go to the windows firewall it will not let me turn on the firewall protection, why?

This will have been from when you are changing Settings and will have been Logged in your History when you done this; you probably didn't re-fresh the History. 

 

The reason it says Firefox is that Intrusion Prevention supports Firefox Browser, so, if you were to Install and use Firefox, you will be Protected.

 

If the program has changed, the old rules may not apply correctly.  It will just change that one program, without changing any other rules.  You should allow the change.  there is no setting that will turn off the the advisory.

Hi gler,

 

Automatic Program Control is the main operating mode for the Norton Smart Firewall.  Advanced Events Monitoring is designed more for testing and troubleshooting than for everyday use, and therefore convenience is not one of its attributes.  You will get many alerts, as most of the choices given will only apply to a single instance and will popup again in the future.

gler, when you configure your rules for an application you configure them for that exact version of the application. Any other version of that application will not match the rules. More importantly, some other program such as malware using the same name will also not match the rules. You are alerted because the rules don't match and you should only permanently Allow the connection if you are certain that the program actually changed and that some malware isn't trying to masquerade as your program. There are many malware programs out that call themselves, say, iexplore.exe and actually replace Internet Explorer on the victim's machine. In short, from Norton Internet Security's perspective, the changed program really is a brand new application that it has never seen before but the messaging is letting you know that you already had rules for an application in this folder with the same name before.

 


delphinium wrote:

If the program has changed, the old rules may not apply correctly.  It will just change that one program, without changing any other rules.  You should allow the change.  there is no setting that will turn off the the advisory.


 

If I allow it then ALL the rules I made manually before that, will be gone

And I'm using couple of programs which executable file is updating often, so ..

 

Doesn't matter that much, thank You guys for quick answers.

 

Best method (solution) I found and I'm using, is to select "Manually create firewall rule ..." on that alert , and then just click next-next-next until Finish , then go inside rules for that app. and delete that last rule that was created just so that I can move-on with starting this program. I just wish there would be one more option in that alert to choose from, something like "Okay, use the previously created rules, I'm fine with that" :)

Hello gler

 

When you make rules, I think you should move them up to the top also.

 

Hello floplot,

 

Yes, I know my way around firewalls and Norton's the best I've seen so far.

That alert when program has changed, I've seen only in HIPS programs, not firewalls.

For example, in picture below are mine rules manually created by me for uTorrent.

Let's say new version comes out, NIS is alerting me that program has been changed.

If I answer "Allow", those rules below would be deleted and there would be only two rules which allows everything for inbound/outbound.

If I answer "Allow this instance only" then it would ask me the same thing every time I start app.

BUT, if I opt for "Manually create rules.."  then it would add that rule at the bottom of the list and I can just delete that rule later if I want to.

 

 

9082i6910B4FB18E2079C

Hi Calls

 

In history there is a section in titled "liveupdate" which shows all of your liveupdate sessions. The windows update session is shown in Windows Update History.


mdturner wrote:

Hi Calls

 

In history there is a section in titled "liveupdate" which shows all of your liveupdate sessions. The windows update session is shown in Windows Update History.


I'm using NIS2010 and do not see that history category


Calls wrote:
I'm using NIS2010 and do not see that history category

HiI Calls

 

Have you scrolled to the bottom of the drop-down box. The update entries should show in "FullHistory", "Recent History" and "Liveupdate"

Yes there is no such section as the live update history

 

I do see in recent history for phising  and intrusion updates

But I guess what I'm wondering about is why the program used, doesn't show on the firewall log?

Like if I go and click to check for windows updates, there is no entry in the firewall log showing what program is calling out

You are not going to see a specific call out in the logs for Windows updates.  It will be under something else like one of the services or system.  Not everything is noted in the firewall by the specific application.

 

You would have more access to information if you updated.  We are already having problems with the differences in the software.  Insisting on information about an older version is often unsatisfying.

I was just curios, so I'll marked this solved. Thanks all

 

 

Hi there, I was browsing my NIS 2012 logs and came across a rash of "info" notices about my firewall...they all pretty much said the same as below and it seemed to be happening every 3 secs or so...can someon decipher it for me and tell me what it means and if I should be worried?

 

Category: Firewall - Activities Date & Time,Risk,Activity,Status,Recommended Action,Category

2012-06-10 19:44:09,Info,"Rule \"Default Block UPnP Discovery\" stealthed (10.0.1.4, Port ssdp(1900) ).

Inbound UDP packet. ",Detected,No Action Required,

Firewall - Activities

Rule "Default Block UPnP Discovery" stealthed (10.0.1.4, Port ssdp(1900) ).<br>   

Inbound UDP packet. <br>  

Local address, service is (239.255.255.250, Port ssdp(1900) ).<br>   

Remote address, service is (10.0.1.4, Port (58540) ).<br>  

Process name is "C:\Windows\System32\svchost.exe".

 

another varient:

 

Category: Firewall - Activities Date & Time,Risk,Activity,Status,Recommended Action,Category

2012-06-10 19:44:10,Info,"Rule \"Default Block UPnP Discovery\" stealthed (fe80::4cf:3f3:a4e7:b5ad, Port ssdp(1900) ).

Inbound UDP packet. ",Detected,No Action Required,

Firewall - Activities

Rule "Default Block UPnP Discovery" stealthed (fe80::4cf:3f3:a4e7:b5ad, Port ssdp(1900) ).<br>   

Inbound UDP packet. <br>  

Local address, service is (ff02::c, Port ssdp(1900) ).<br>   

Remote address, service is (fe80::4cf:3f3:a4e7:b5ad, Port (52813) ).<br>   

Process name is "C:\Windows\System32\svchost.exe".

 

NIS 2012 and Malwarebytes don't show anything unsual...

 

Thanks alot

I use to see that until I got a new router. Now I no longer show that.
Should I be seeing that?

Hi Calls,

 

You probably have UPnP turned off in the router (there is actually a slight security benefit to keeping the router's UPnP setting disabled).

Thanks SoJ
you think that may be set like that by defaullt? I don’t remember making any changes like that

I would think most routers would have UPnP enabled by default, as that would be the most convenient setting for most users and would result in the fewest support calls.  But I couldn't hazard a guess about a specific router.  It is a minor thing, so just go into the router settings and select whether you want UPnP enabled or not, and don't worry too much about it - UPnP is not some horribly dangerous thing and is actually allowed by the Norton firewall on shared networks.  In fact, if you have sharing enabled, now that I think about it, that would also explain why you wouldn't get any firewall alerts about this.

Turning off the Windows SSDP Discovery and UPnP services also makes these messages stop.