I'm using Norton Antivirus 11.2.2 on a Macbook Pro 2011. I've been experiencing frequent Norton crashes with the error message: Norton Antivirus quit unexpectedly.
Also, I'm wondering if this is related, but my recent activities show nonstop vulnerability blocks of ARP Cache Poison, on the order of 3-5 per minute and totaling in the tens of thousands each day. I've also experienced micro-freezes on my mac, with a ~1 second pause every few seconds. The micro-freezes appeared first, so I switched from my Symantec Endpoint Protection to Norton Antivirus, which later started the ARP Cache Poison notices. Finally, the crashes began occurring and have now been occurring with greater frequency (several times per day). Do I have some kind of virus?
I am also expeiencing the exact same attack and behavior with Norton Crashing for several days. Using EasyFinder, the culprit file is located in the //private/temp folder. It appears every minute or so. I tried deleting the entire tmp folder but this did not work. The attack continued after a while.
I am not able to. On Saturday the program stopped crashing and the ARP Cache Poison attacks ceased also. I am not sure that this is the end of it, so when and if the program crashes I will send you the log event message. Thanks for following up
Thanks. Unfortunately I can't tell much from the crash log, but I'm going to guess it's related to the ARP Cache poisoning (perhaps overloading the History window). I will try to find out more about what would cause that symptom.
Thanks. From reading the other topics on this I was woindering if the ARP Cache Poisoning was caused by an actual MITM attack or if the software or network equipment associated with my home Lan was to blame. Any thoughts on that?
About the only suggestion so far is to disable this signature in the Vulnerability Protection settings. If you are running inside a local network at home (I see both users have the Comcast version of NAV), it should be safe. But if you have a laptop that you use outside the network (e.g. public WiFi) then you'd probably want it re-enabled for that environment.
As Lee suggested, the Norton AntiVirus application is having trouble reading the log file, most likely from the number of attacks recorded in it.
We identified an issue in Vulnerability Protection's ARP Cache Poison Detection. It was fixed for Norton Internet Security 5, but right now there are no plans to fix it for Norton Internet Security 4. If you are running Norton AntiVirus 12/Norton Internet Security 5 and are still experiencing this issue please let me know so we can look into it.
A collegue(owner of the guilty HTC) and I tracked this thread down after my 10.6.8 Server running NAV11.1.2 logged 1,477 ARP Cache Poison attempts over the span of 7 hours. I haven't found any literature stating the error was fixed so I'll attach a screenshot of my log. I just created an account so if I can't send the results of the GatherSymantech script directly to you is there somewhere you have customers post them?
We haven't updated Norton Vulnerability Protection for Norton AntiVirus 11. As far as I know, there are no plans to do so, unfortunately so the only option at this point is to leave the singature disabled. It's hard to tell from your log file if the issue is the same one that we fixed in NIS 5, but there is a good possibility it is since it has the same symptoms.
