I am getting a lot of the following information messages in the Norton Log file under the Smart Firewall - Activities section.

“Rule Windows Networking In Allowed TCP(6) traffic with (fe80::6144:813a:f0e4:1cd1:49,783)”

Details as given are:

Rule name Windows Networking In
Rule action Allowed
Protocol TCP(6)
Direction IN
Local IP Address fe80::181e:d18d:3489:63c6
Local Service/Port 445
Remote IP address fe80::6144:813a:f0e4:1cd1
Remote Service/Port 49783
Process ID 4
Process Image Path System

This is happening on 2 Windows 10 PC and 1 Windows 11 Laptop when ever I map a network drive between them or When I access the network printer that is hooked up to one of the Windows 10 PCs.

Norton 360 Version:

Program version (AV module): 25.3.9983 (build 25.3.9983.926)
Virus definitions version: 250419-6
UI Version: 1.0.92

OS - Windows 10
Edition Windows 10 Pro
Version 22H2
OS build 19045.5487
Experience Windows Feature Experience Pack 1000.19061.1000.0|

OS - Windows 11
Edition Windows 11 Pro
Version 24H2
Installed on ‎4/‎14/‎2025
OS build 26100.3775
Experience Windows Feature Experience Pack 1000.26100.66.0

Anyone with any Ideas of what is happening?

Info messages, as you know, are simply information.
Are your network devices working, okay?

Are your network devices working, okay?

Have you tried resetting Norton Firewall?
Have you tried disabling NetBIOS over TCP/IP here

=========================================================

Configure Smart Firewall settings here

Configure Intrusion Prevention settings here

656930×628 62.7 KB

AI Overview
Samba protection refers to the measures taken to secure Samba, a free software implementation of the SMB protocol, that allows Linux/Unix systems to share files and printers with Windows clients. This protection is crucial for preventing unauthorized access to shared resources and safeguarding network integrity.

Here’s a breakdown of Samba protection:

1. Security Modes:

• User-level security:

The client authenticates with a username and password, which is then used to access resources.

• Share-level security:

Each share (folder) requires a separate password, allowing users to access specific resources without needing a username.

• Domain security:

Centralized authentication for a network of computers.

• ADS security:

Samba can join an Active Directory domain, leveraging its authentication and security features.

2. Firewall and Network Policies:

• Firewall configuration: Restrict Samba traffic to trusted sources or networks.
• Network security policies: Further limit unnecessary or potentially harmful traffic.

3. Regular Updates and Patches:

• Keep Samba software up-to-date to address vulnerabilities.

4. Host-based Protection:

• Hosts allow/deny: Control access to the Samba server from specific IP addresses or networks using the hosts allow and hosts deny options in the smb.conf file.

5. Interface-based Exclusion:

• Bind Samba to specific network interfaces to prevent connections from unwanted sources.

6. Share-based Exclusion:

• Restrict access to certain shares (like the [IPC$] share used for browsing).

7. Access Control Lists (ACLs):

• Set specific permissions for users or groups on individual files and directories.

8. Encryption:

• While SMB is not inherently encrypted, SMB 3.0 supports encryption, enhancing security for sensitive data.

9. Security Audits and Monitoring:

• Regularly review Samba logs and security policies to identify and address potential vulnerabilities.

10. Remote Access Shield:

• Some security software, like AVG’s Remote Access Shield, can monitor Samba connections and block threats.

===============================================================

AI Overview
Port 445 is primarily associated with the Server Message Block (SMB) protocol, used for file and printer sharing on Windows networks. It is often used in conjunction with port 139 for NetBIOS name resolution, which is a legacy protocol used for older Windows versions. While SMB 1.0 relied on NetBIOS, newer versions of SMB use direct SMB over TCP/IP, typically utilizing port 445 for communication.

Elaboration:

• SMB and Port 445:

SMB is a network file sharing protocol that enables computers to share files, printers, and other resources across a network. Port 445 is the primary port used for SMB communication, particularly for direct SMB over TCP/IP.

• NetBIOS and Port 139:

NetBIOS is a protocol used for name resolution on networks. Port 139 is associated with NetBIOS name resolution and SMB communication, especially in older versions of Windows.

• Legacy vs. Modern:

While SMB 1.0 relied on NetBIOS over TCP/IP using port 139, newer versions of SMB, including SMB 2.0 and later, utilize direct SMB over TCP/IP, commonly using port 445 for communication, according to Learn Microsoft.

• Security Implications:

Port 445 has been a target for security vulnerabilities, particularly in older versions of SMB. For example, the WannaCry ransomware attack exploited a vulnerability in SMBv1, which used NetBIOS and port 139, according to ManageEngine.

• Disabling SMB 1.0:

Older versions of Windows may still have SMB 1.0 enabled, which can be a security risk. It’s recommended to disable SMB 1.0 and use newer versions of SMB, especially for network security.

• Blocking Outbound SMB:

In some cases, it may be necessary to block outbound SMB traffic to prevent unauthorized access to the internet. This is especially relevant for public cloud services like Azure Files, where outbound traffic should be restricted using a VPN.

We’re all hoping Norton publishes an updated, comprehensive, and easily accessible user guide, particularly for Norton 360. This guide would ideally be online, indexed, searchable, and include illustrations or videos to aid users. The desire is for an informative and user-friendly resource that can help individuals understand and utilize Norton’s software effectively.

We’re all hoping Norton publishes and maintains an online, in-depth, indexed, searchable, illustrated/videos…Norton 360 User Guide.

Hi bjm

Yes all 3 PCs are talking and able to map network drives. The two PCs are able to access and print to the printer that is installed on the 3rd PC.

Yes I have rest the filre wall several times and I disabled the NetBIOS
on all network adapters ethernet and WI-FI.

The Intrusion Prevention settings are just like the ones you have shown in your attachment.

One thing that I left out, these messages did not start until I disabled the NetBIOS over TCP which I did to alleviate a similar situation with the info message

Rule Windwos Networking In Allowed UDP(17) traffic with (192.168.0.118:137)

Disabling the NetBIOS stopped that message but seems to have started the current one.

Thank you for your response
Mark B.

That would be greatly appreciated.

Oh! okay…lets ask @SoulAsylum about those messages.

All: Being a little late to the party, no pun intended, I suggest disabling IPv6 on the router(s) and rebooting. Also disable IPv6 on all your internet adapters. Make sure that your ISP doesn’t specifically require IPv6 before doing so. After rebooting your routers and devices reset the Norton firewall and recheck. ENSURE your networks are set to “Private” as well. Here is my reasoning for that suggestion:

It is unlikely that any SMB communication originating from the internet or destined for the internet is legitimate. The primary case might be for a cloud-based server or service such as Azure Files. You should create IP address-based restrictions in your perimeter firewall to allow only those specific endpoints. Organizations can allow port 445 access to specific Azure Datacenter and O365 IP ranges to enable hybrid scenarios in which on-premises clients (behind an enterprise firewall) use the SMB port to talk to Azure file storage. You should also allow only SMB 3.x traffic and require SMB AES-128 encryption. See the “References” section for more information.

Note The use of NetBIOS for SMB transport ended in Windows Vista, Windows Server 2008, and in all later Microsoft operating systems when Microsoft introduced SMB 2.02. However, you may have software and devices other than Windows in your environment. You should disable and remove SMB1 if you have not already done so because it still uses NetBIOS. Later versions of Windows Server and Windows no longer install SMB1 by default and will automatically remove it if allowed.

SA

I will give this a shot in the morning when the wife is not working and advise on the results.
Thank you for your help.

You’re welcome!! Let us know what your status is so we can follow-up.

SA

Hello SoulAsylum,

I can’t disable the IPV6 protocol on the router because I’m using a Cox Communications Technicolor CGM4331COM combination Router/Cable Modem.

The log lists the router LAN as private.

When I disabled the IPV6 protocol on the laptop, it lost all LAN (printer and shares on other PCs). The other PCs could not mount any shares with it. The WAN was still available and responding.

As far as SMB goes, SMB 1 has been disabled on all of my PC’s for about 5 years now after I took the old XP box I was using as a print and content server off line.

As I stated above I disable NetBIOS when this started to stop the constant logging of the information message:
Rule Windwos Networking In Allowed UDP(17) traffic with (192.168.0.118:137).

And although the LAN and WAN were unaffected, Norton 360 began constantly logging
Rule Windows Networking In Allowed TCP(6) traffic with (fe80::6144:813a:f0e4:1cd1:49,783)