I have 3 systems running Norton Internet Security. Each of them have 1 or 2 persistent TCP connections established to various hosts at 166.98.7.X at all times. I can see that these are Hewlett-Packard IP addresses allocated to Symantec. Examples include: 166.98.7.10, 166.98.7.11, 166.98.7.13, 166.98.7.20. These are outbound connections initiated by nis.exe to those addresses on port 80.  They do not seem to be the connections used for updating as when updating occurs, other connections are opened and used. They are there even when Norton Internet Security is not signed in.

Are these connections to be expected? If so, what are they for?

Are these connections required for Norton Internet Security to function properly?

Thank you in advance for any helpful responses.