I used to RDP from my work machine to my home machine directly over the internet. After I installed NIS, I could no longer do that (which is totally normal, because firewalls should explicitly block all unknown connections by default).
After installing NIS on my home machine, I created custom traffic rules within the firewall to allow only the IP of my work machine - that worked.
In the meantime, I've decided to tunnel my RDP connection through a VPN. Because of that, I wanted to block access to RDP from the internet (as NIS intially did) and only allow it via the VPN.
In doing so, I deleted the custom rule I created, but that didn't work - I could still access my home machine from my work machine directly via the internet (I haven't yet tried connecting from other machines). After that, i thought that resetting the firewall settings might do the trick, but it didn't.
I then contacted Norton support who said that the firewall uses adaptive rules (which, afaik are actually app definitions for a whitelist, not for the traffic rules as well) and that the only option to fix the issue would be to either:
a) create a firewall rule that will explictly block the IP of my work machine
b) reinstall NIS altogether so that the firewall would return to the initial state
This means that deleting custom traffic rules does absolutely nothing (it should return to the default behaviour, which is block stuff from the IPs that were in the rules), and that raises some interesting security concerns.
Is this a bug or intended behaviour? Also, is there a way to fix this without having to reinstall NIS or explicitly block the IPs?
Is the computer listed in the trust control in the smart firewall you can check this by clicking the Norton icon, click settings, click network, click smart firewall, click trust control, click ok for the window on top then on the left hand side there is a plus and minus sign to add and remove devices.
Another access point is, click the Norton icon, click advanced, underneath Network protection, click network security map, click ok for the window on top then on the left hand side there is a plus and minus sign to add and remove devices.
See if you can find the original Remote Desktop Connection rule from Norton and delete it. Restart your computer and the default Remote Desktop Connection rule will be created next time your use RDP.
I can't find no application rule for mstsc.exe. Anyway, shouldn't resetting the firewall do just that - delete all application rules amongst other things?
I can't find no application rule for mstsc.exe. Anyway, shouldn't resetting the firewall do just that - delete all application rules amongst other things?
Thanks for the help.
Yes, resetting the firewall will work. I was just trying to use a light handed approach before clearing everything.
BTW, I found the setting under Remote Desktop Connection.
Did you try deleting the rule for Remote Desktop Connection?
It is possible that as you have allowed the connection through the VPN to that computer, that it is allowed outside the VPN also. I only know of VPNs, I do not know the details of how a firewall might handle them.
Are you able to access your system from any other computer outside your home, or just your work computer? This could test whether my last thought has anything to do with this.
I used to RDP from my work machine to my home machine directly over the internet. After I installed NIS, I could no longer do that (which is totally normal, because firewalls should explicitly block all unknown connections by default).
After installing NIS on my home machine, I created custom traffic rules within the firewall to allow only the IP of my work machine - that worked.
In the meantime, I've decided to tunnel my RDP connection through a VPN. Because of that, I wanted to block access to RDP from the internet (as NIS intially did) and only allow it via the VPN.
In doing so, I deleted the custom rule I created, but that didn't work - I could still access my home machine from my work machine directly via the internet (I haven't yet tried connecting from other machines). After that, i thought that resetting the firewall settings might do the trick, but it didn't.
I then contacted Norton support who said that the firewall uses adaptive rules (which, afaik are actually app definitions for a whitelist, not for the traffic rules as well) and that the only option to fix the issue would be to either:
a) create a firewall rule that will explictly block the IP of my work machine
b) reinstall NIS altogether so that the firewall would return to the initial state
This means that deleting custom traffic rules does absolutely nothing (it should return to the default behaviour, which is block stuff from the IPs that were in the rules), and that raises some interesting security concerns.
Is this a bug or intended behaviour? Also, is there a way to fix this without having to reinstall NIS or explicitly block the IPs?
I've tried connecting from another machine and I get the RDP username and password prompt.
This means that the firewall isn't working AT ALL.
When I first created the rule for my work machine, I set it to log all activity when the rule is applied. I then started to get all sort of strange log entries - rule was applied when i was using firefox, for example or when lsass.exe wanted to connect to the internet.
peter, what do you mean by Norton Remote Desktop rule?
I'll try deleting that rule (if I find it). Otherwise, I will reinstall.
Any idea on how can I report bugs?
EDIT2: I am using a No-IP DUC client because I have a dynamic IP - may that be the cause (the firewall doesn't know how to resolve the requests coming from No-IP) ?
EDIT3: It's not because of No-IP - I've tried connection on my real IP address from another machine and I can still connect.
The firewall is working, it is just that by default Remote Desktop Protocol is allowed. When you find the rule I noted, Remote Desktop Connection is what it is called on my Win 7 system with NIS 3013, you can change the rule to Block.
On my Win 7 Ultimate system with NIS v20 (2013) it is under Settings - Network - Smart Firewall. Click on Configure beside Program rules. Scroll down until you see Remote Desktop Connection.
I don't have that rule - I'm guessing mstsc.exe is called only on the machine you connect FROM, not TO.
There's another binary that starts on the machine you're connecting to (I forgot the name), and AFAIK, there's also a svchost.exe instance through which the terminal services are started.
Anyway, I'll reinstall to see if that solves the problem because I don't see any other option.
Hope this gets recognized as a bug and gets solved in some future version, because it's pretty serious - I'll keep pushing their support until it gets solved.
Using the Norton removal tool is the best way to completely remove the Norton product. I don’t know if this will have any effect or if you have used the NRT. You have mentioned that the Norton firewall worked correctly until the VPN was used, can I suggest that you uninstall the VPN client, and then restart the computer. Then follow the process below and then check to see if the firewall works correctly, if it does then a different VPN client may be an option.
To uninstall any security software use the windows add/remove programme first.
Then restart the computer.
Then run the removal tool.
Then restart the computer.
Reinstall Norton, run live updates as many times as it takes to get, no more live updates, restarting as required.
You might like to backup the personal data and you’ll need to backup or export in both formats your identity safe and any other users identity safe if it is used, before doing the above.