Norton 360 firewall incorrect functionality

Operating system: Windows 11 22H2
Norton version: 22.23.9.9

I’ve confirmed that the windows sharing settings are correct, but norton firewall block connection from other device to tcp port 445, my ethernet already set to private network:

PS C:\Users\ankino> Get-NetConnectionProfile

Name : Unidentified network
InterfaceAlias : vEthernet (vEthernet Internal)
InterfaceIndex : 7
NetworkCategory : Public
DomainAuthenticationKind : None
IPv4Connectivity : NoTraffic
IPv6Connectivity : NoTraffic

Name : Network
InterfaceAlias : Ethernet
InterfaceIndex : 12
NetworkCategory : Private
DomainAuthenticationKind : None
IPv4Connectivity : Internet
IPv6Connectivity : NoTraffic

this is the log of norton block tcp port 445:

Category: Firewall - Activities
Date & Time,Risk,Activity,Status,Recommended Action,Category
11/5/2023 10:49:51 PM,Info," Rule "Default Block Microsoft Windows 2000 SMB " rejected TCP(6) traffic with (192.168.0.112 Port (43312) )",Detected,No Action Required,Firewall - Activities
Firewall rule was matched:
Rule Name: "Default Block Microsoft Windows 2000 SMB "
Rule Action: rejected
Rule Severity: normal

Traffic Details:
Protocol:  TCP(6) 
Direction: inbound
Local Host: 
Local IP: 192.168.0.121
Local Service:  Port (445) 
Remote Host: 
Remote IP: 192.168.0.112
Remote Service:  Port (43312)
Remote MAC:  -- 
Adapter Index: 12

Process Information:
Process ID: 4
Process Path: System

i found that firewall traffic rules settings already have one rule called “Default Allow Microsoft Windows 2000 SMB (Private Networks)”, this uneditable rule shoule allow my traffic, but it doesn’t work, and match the “Default Block Microsoft Windows 2000 SMB”.

I agree this kind of full cover rules complies with security regulations, but private networks should directly hit the first rule, maybe its a bug, hope it can be fixed ASAP

The Norton firewall IS handling TCP port 445 correctly because of the SMB vulnerability. As you posted before the two settings present aren't editable.

So!! You'll need to create a new rule, specific for your needs, OR, turn Stealth Blocked Ports settings to off. BOTH will have their inherent associated risks accordingly. Disabling stealth ports shouldn't ever be an option in my opinion, just putting it out there for the sake of presenting different options.

Below is a screenshot of a new Norton Firewall rule as I created one for posting here. Please take note that the new entry if applied WILL override all application rules. Note: that in the rule settings where its stated "Computer" you can add more than one IP address for specific devices to the rule. 

 

Edited: Make sure you restart the machine for the Norton Firewall to apply the rule.

https://support.norton.com/sp/en/us/home/current/solutions/v15457117

SA

Thanks for this information, i know about SMBv1, and it has security risk, actually this is an issue with the firewall not handling the rules correctly on TCP port 445.

I've tried reset firewall, still blocked after reboot computer.

If resetting the Norton firewall doesn't change anything. You may also want to check the following:

https://learn.microsoft.com/en-us/answers/questions/957194/windows-11-smb-client-cannot-connect-to-smb-share

image_2023-11-05_154509311.png

SA

If you feel the firewall is not working correctly, try resetting the Norton Firewall and test again. 

To reset the Norton firewall, from the main Norton Security screen click on Settings - Firewall. On the General tab, click on Reset beside Firewall Reset. Restart your computer. As you use programs that access your network/internet, the firewall rules will be created again.

Fix typography:

Operating system: Windows 11 22H2 
Norton version: 22.23.9.9 
I've confirmed that the windows sharing settings are correct, 
but norton firewall block connection from other device to tcp port 445, 
my ethernet already set to private network: 


PS C:\Users\ankino> Get-NetConnectionProfile

Name                     : Network
InterfaceAlias           : Ethernet
InterfaceIndex           : 12
NetworkCategory          : Private
DomainAuthenticationKind : None
IPv4Connectivity         : Internet
IPv6Connectivity         : NoTraffic


this is the log of norton block tcp port 445: 
Category: Firewall - Activities
Date & Time,Risk,Activity,Status,Recommended Action,Category
11/5/2023 11:30:16 PM,Info," Rule \"Default Block Microsoft Windows 2000 SMB \" rejected  TCP(6)  traffic with  (192.168.0.112  Port (53006) )",Detected,No Action Required,Firewall - Activities
    Firewall rule was matched:
    Rule Name: "Default Block Microsoft Windows 2000 SMB "
    Rule Action: rejected
    Rule Severity: normal
    Traffic Details:
    Protocol:  TCP(6) 
    Direction: inbound
    Local Host: 
    Local IP: 192.168.0.121
    Local Service:  Port (445) 
    Remote Host: 
    Remote IP: 192.168.0.112
    Remote Service:  Port (53006) 
    Remote MAC:  -- 
    Adapter Index: 12

i found that firewall traffic rules settings already have one rule called "Default Allow Microsoft Windows 2000 SMB (Private Networks)", 
this uneditable rule shoule allow my traffic, but it doesn't work, 
and match the "Default Block Microsoft Windows 2000 SMB". 
I agree this kind of full cover rules complies with security regulations, 
but private networks should directly hit the first rule, maybe its a bug, hope it can be fixed ASAP