I am running Norton Security Suite for Comcast users and Windows XP Home.
I am getting repeated notifications that an intrusion attempt has been blocked from the same attacking computers. I'd like to restrict those computers so that they are permanently blocked. The problem is that when I go to configure autoblock there is nothing listed under computers currently blocked. This is despite the fact that I have autoblock set to block attacking computers for 48 hours. Why is this?
The type of attack is https tidserv request 2, and a quick Google search of the attacking computers reveals that they are known malware domains, servers for TDSS rootkit v 3.273, so I'm pretty sure it's not a false positive.
Also, is there a way for me to simply manually ad other domains to the restricted list? Just type them in myself? I seem to remember this was really easy to do in previous versions of Symantec Firewall, but I can't seem to figure out how to do it with the current product.
I am running Norton Security Suite for Comcast users and Windows XP Home.
I am getting repeated notifications that an intrusion attempt has been blocked from the same attacking computers. I'd like to restrict those computers so that they are permanently blocked. The problem is that when I go to configure autoblock there is nothing listed under computers currently blocked. This is despite the fact that I have autoblock set to block attacking computers for 48 hours. Why is this?
The type of attack is https tidserv request 2, and a quick Google search of the attacking computers reveals that they are known malware domains, servers for TDSS rootkit v 3.273, so I'm pretty sure it's not a false positive.
Also, is there a way for me to simply manually ad other domains to the restricted list? Just type them in myself? I seem to remember this was really easy to do in previous versions of Symantec Firewall, but I can't seem to figure out how to do it with the current product.
What you are seeing in intrusion prevention is a rootkit on your machine attempting to access the internet. It is not a case of something on the outside trying to get in. If you click on the item and go to more details, you will see that it will be coming from HARDDISKVOLUME1, which is your machine.
You will need to visit one of the following free malware removal sites to have it removed. Bleeping is one of the best, but they are also very busy.
Intrusion Prevention is already blocking the address(es) as "https tidserv request 2" no need to add the address as Norton already has it and others belonging to Tidserv. Otherwise why would you get the Warning that Intrusion Prevention has Blocked "https tidserv request 2" with an address etc.
