NIS, Auto Repair and inbound UDP

Hi, 

I have had a problem making me somewhat confused. Among other things I don't have any sniffer available as I seldom use such tools as being a former network and security specialist.

My environment consists of a hardware firewall (WatchGuard) and the Norton Internet Suite inside computer as complement.

I ran into a problem concerning inbound UDP data stream to an application in computer. Firstly, the problem was localised to a configuration and maintenance issue with my hardware firewall (controlling UDP port number to be used and NAT from external to internal IP address). This was fixed and I could note that the desired inbound UDP traffic was acknowledged and passed through. 

But the application sdid still not got any inbound UDP traffic. I didn't understood why, but after a straightened checkout I could almost certain localise it to the NIS. This package is somewhat a blackbox to me, when I look through it I see only items expressed as "program" and similar regarding end user applications. 

I don't see anything able to report and manage network logical interface, IP proto level and application protocol. I am not well experienced with the current NIS and its firewalling properties, but overall I have used the Norton products since the 1980's and found them very capable and competent tools for many things.

So I was going to ask the Norton for support, never done this earlier. I went to the Support menu item and went to the support pages and someone to talk to in this matter to get advises.

What happened? The very first thing the support pages did was to run the Norton Autofix and present the following result to me: 

Norton Internet Security
20.4.0.40
Windows 7 Ultimate
7601.18113.amd64fre.win7sp1_gdr.130318-1533
Norton Autofix Results: 1 item(s)
Installation :: Success

No more information, nothing about what was fixed, no explanation at all. I got confused - what has happened?

But I checked my problem again, the inbound UDP throughput - and, indeed, this was really fixed!!! Very imposing, it was the only one problem I knew about - and the Norton Autofix didn't even asked me about what my problem was, it simply said that it fixed only one problem - and it was that problem! How come? I don't know, it didn't even told me what problem it had found and fixed. Very short explanation.

I am interested in information about the problem, what was fixed and how could it arise? Indeed, back trace. And a way to have throughput reporting from the NIS regarding network traffic for diagnostic purposes etc.

But this result from my very first try to use the Norton support pages - only one short line: indicating "We have successfully fixed 1 item(s)". Really, I want to know more ........ It is impossible to conclude from this statement that it really implies that iit concerns my problem ...... I had to test to see what problem was fixed - and it was - surprisingly enough - exactly my problem!   

I have never seen a software earlier capable to do something like this without any need about asking the end user about what the complaint concerns nor telling the user what was done......

I would like comments on this and also details how this problem could have arised. Something misconfigured? And how can a customer use the NIS to inspect and configure packet filters in the firewalling function? 

Kind regards,

Axel40 



 

Welcome Axel49

 

There is currently no way to find out what Autofix has done. I guess Norton feels that home users just care that it works and are not interested in how it worked.

 

You can add your vote and comments to a thread I started  some time ago in the Product Suggestions board of this forum.

 

http://community.norton.com/t5/Product-Suggestions/Autofix-logging/m-p/676677/highlight/true#M2470

 

 

 

Sorry for my delay to respond. 

Many thanks for your kind invitation, I'll try tocare about it as in is a good principle to express opinions and intentions where one has the possibility. We have communities to simplify and coordinate such things a little bit more effectively. 

But there are so many communities as well as end users and others, considering themselves to be experts. However, we are all end users in some way as the fundametal principle must be met, that an advantage must exists, otherwise yje engagement would be meaningless.

To me, my advantage is to know what really happens, why and to have a control and understanding which brings me to make a reproducktion everywhere and with any tool regardless of the vendor. This is the general, system and vendor independence and the fundaments on which the IETF and the IANA resides. Things should be well defined, described and open, available to everyone. I strategical and mabe political and non-proprietay principle if one so wants.  The ideal Utopia dream, applicable in many areas. 

So let's see what contributions, if any, could be made. It's exciting. 

And many thanks again for inviting me, I feel honoured! 

Axel49

It must be required that a log trace is being produced! .. 

I am now back again to the original UDP inbound problem but this time I haven't been able to "Autofix" the problem in the same way. I added a firewall rule showing that inbound/outbound traffic should be allowed on this particular port (both TCP and UDP, but there's no trouble with the TCP at all here, only inbound UDP).

Is there any traffic log associated with the NIS? I can see that the actual traffic really is allowed and passed thorough my hardware firewall and believed that the Norton "Autofix" did it for me but now confused as I lack the Autofix report and don't know what it really did.... It's frustrating and also shows the need to have action reports available to be serious. This absence is terribly annoying and frustrating when the current situation now has appeared.   And not detected by the "Autofix" anymore..... 

Something to add is that this failing inbound UDP now works again after reboot.... What I did was to run the WinZip deep scan system utility, which among other things (registry optimisation and fixes and some cleanups) also deftragmented system volume....  Hard to track down such things and there are lots of such software in the market.

But reboot fixed the matter. And I still don't know anything. What did the Norton "Autofix" found and repaired? It's very annoying due to the remarkable effect it had on my very first run as said earlier.


Axel49 wrote:

Something to add is that this failing inbound UDP now works again after reboot.... What I did was to run the WinZip deep scan system utility, which among other things (registry optimisation and fixes and some cleanups) also deftragmented system volume....  Hard to track down such things and there are lots of such software in the market.

But reboot fixed the matter. And I still don't know anything. What did the Norton "Autofix" found and repaired? It's very annoying due to the remarkable effect it had on my very first run as said earlier.


Sorry I cannot be more help with the Autofix logging. As I noted, I too wanted to know what was being fixed and when I posted my question last year, I got the same answer I am giving you.

 

Your use of the WinZip tools may have bumped some Windows setting that took affect after you restarted. The Norton Autofix last time may have been a coincidence.