Norton History Logs - Are these problem indications

Hi, i think i'm having problems and need help deciphering my Norton Security Logs.

I understand alot of it, but several things come up that i am not sure are problems or not.

Please help with these.

I'm running: Windows Vista 32 SP1 Home Premium on a HP Pavillion DV9700 Entertainment Laptop

i.e.:

 

Category: Firewall - Network and Connections
Date & Time,Risk,Activity,Status,Recommended Action,Category
2013-11-20 23:49:04,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::4ef:39f1:3f57:fe9b%17).",Detected,No Action Required,Firewall - Network and Connections
Protecting your connection to a newly detected network on adapter "Teredo Tunneling Pseudo-Interface" (IP address: fe80::4ef:39f1:3f57:fe9b%17).

--------------------------------------------------------------

 

Category: Firewall - Network and Connections
Date & Time,Risk,Activity,Status,Recommended Action,Category
2013-11-20 23:49:04,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::9d38:6abd:3cbf:1550:3f57:fe9b).",Detected,No Action Required,Firewall - Network and Connections
IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::9d38:6abd:3cbf:1550:3f57:fe9b).

 ---------------------------------------------------------------

Category: Norton Product Tamper Protection
Date & Time,Risk,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Target PID,Action,Reaction
2013-11-20 23:32:32,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,2013-11-20 23:32:32,C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE,5980,C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe,2060,Open Process Token,Unauthorized access blocked


 ----------------------------------------------------------------

Category: Norton Product Tamper Protection
Date & Time,Risk,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Target PID,Action,Reaction
2013-11-20 23:24:17,Medium,Unauthorized access blocked (Set Registry Security Key),Blocked,No Action Required,2013-11-20 23:24:17,C:\WINDOWS\SYSTEM32\SVCHOST.EXE,984,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHDRVX86\0000\Control\,0,Set Registry Security Key,Unauthorized access blocked


 -------------------------------------------------------------------

Category: Firewall - Activities
Date & Time,Risk,Activity,Status,Recommended Action,Program Name,Program Path,Default Action,Action Taken,Local Computer,Traffic Description
2013-11-20 23:12:10,Info,Firewall rules were automatically created for Services and Controller app.,Protected,No Action Required,Services and Controller app,C:\Windows\System32\services.exe,No Action Required,Automatically create rules,"0.0.0.0, 49158","Inbound TCP, Port 49158"
Firewall rules were automatically created for <b>Services and Controller app</b>.  These rules determine how <b>Services and Controller app</b> accesses your network resources.

 ---------------------------------------------------------------------

 

I have some of these entries coming up every few seconds.

This seems strangs to me.

i've attached for your reference

Hi, tiger_01905. These are all normal entries from Norton in your history and nothing to be concerned about. They are purely informational.

 

The Teredo Tunnelling Pseudo Interface messages may sound alarming, but it's to do with IPV6 Internet Protocol, which is not in wide usage at the moment. IPV4 is the current protocol.

 

Norton blocking Google Updater, is just Norton protecting itself from outsiders. Tamper Protection, is Norton's way of doing that.

 

Don't get too obsessed with checking History. It'll do your head in ! As long as Norton is working......:smileyhappy:

Hi, and thanks for the reply.  I've been trying to work with the Quads folks on issues i'm having and all this extra traffic in the Norton History logs and the Windows Event Security and Appllication logs is very much confusing me.

I'm very concerned about he Windows logs and their reports of constant logins with special priviledges like (impersonate, and takecontrol) given to logon linstances.  I can't tell if this is normal from some service running or from some outside attempt.

But it is happening every few seconds in the log file.

 

Anyway, i know i'm not supposed to be working with anyone else once you start with a Quads person, but i had to step aside and try and work out some issues with my office pkgs not starting (keep bombing) with no info.  This led me to working with Tweaking.com and following their instructions.  In an attempt to identify or fix any problems with the OS to help the office pkgs.  It appears this didn't go as well as i hoped, and i'm wondering if i should bother following up with my Quads person or just considor reloading my machine.

???

 

I'm just hashing out.  right not this message is only about the event and history log questions i have.

Are there any tools to help you tell what is normal and what is not?  or would i have to go instance by instance.....

Thanks a bunch.

 


tiger_01905 wrote:

I'm just hashing out.  right not this message is only about the event and history log questions i have.

Are there any tools to help you tell what is normal and what is not?  or would i have to go instance by instance.....

Thanks a bunch.


The Norton History logs are simply a record of Norton's activities.  Everything you see there has already been handled by Norton.  If anything needed attention from you, Norton would have alerted you at the time it happened.  If you are scouring the logs for clues to something seriously amiss on your system, you are almost certainly wasting your time.

 

Likewise, the Windows Event Viewer is primarily intended to allow you to research some specific event that occurred on your system that needs to be investigated.  The numerous errors reported there are normal, and are almost always inconsequential.  In general, if any of those errors had been serious enough to affect the system, something obviously bad would have occurred that you would likely not have been able to avoid noticing.  Combing through all of the errors and warnings in the Event Viewer trying to find one that needs to be examined in detail is, again, not really something that will be fruitful unless you are looking for a known specific event.

 


tiger_01905 wrote:

Are there any tools to help you tell what is normal and what is not?  or would i have to go instance by instance.....


Hi tiger_01905:

 

I'm not aware of any tool that would scan your Norton secuirty history logs and identify a "non-normal" entry.

 

The Event Viewer in your Vista OS can sometimes provide additional information for system errors if you click the Event Log Online Help link.  Fair warning, though - the screenchot below shows an Vista error message for a harmless Adobe Flash Player crash in my Firefox browser from a few days ago, and as F4E mentioned, you can drive yourself crazy constantly monitoring these event logs if you don't have the technical expertise to interpret their severity.

 

Application Hang Event Viewer .jpg

 

 

Like F4E, I don't see anything out of the ordinary in your recent Norton history log.  Delphinium posted a link here to a handy diagnostic tool at http://test-ipv6.com/ for another Teredo Tunneling Adapter user asking about these same firewall events, and Norton Product Tamper Protection also floods my security history with those harmless unauthorized access blocks by dfrgntfs.exe every time Windows Disk Defragmenter attempts a read/write/edit/delete of a Norton file on my 32-bit Vista machine (see my screenshot here).

 

Based on your post here it sounds like Quads is helping (or already helped) you remove a Backdoor.Pihar infection off your system on his own malware removal board.  I understand your anxiety but if you follow his instructions I'm sure that Quads will give you the all clear once he's sure this infection has been remove from your system.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 25.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Thank you all for your insightful expertise and patience.

I'm sure i just need to step back a bit on these issues.

I will accept your thoughts on these log issues and leave them be.

I will continue to look at them periodically, just to see whats going on.

Since, i would have never started to look into are we having problems in the first place, if i didn't check out the log files and find Norton reporting lots of Trojans, and other strange stuff on the first computer (Backdoor.Pihar, issues).

I'm sure i'm just spooked, since on my machine all of the sudden i cannot use any of the original Microsoft programs that i normally use on a daily basis.  (word, excell, access)

I will continue with my Quads person now, and follow this conversation through with him as well.

 

Thank you for your patience.


tiger_01905 wrote:

Since, i would have never started to look into are we having problems in the first place, if i didn't check out the log files and find Norton reporting lots of Trojans, and other strange stuff on the first computer (Backdoor.Pihar, issues).

I'm sure i'm just spooked, since on my machine all of the sudden i cannot use any of the original Microsoft programs that i normally use on a daily basis.  (word, excell, access)

 

I will continue with my Quads person now, and follow this conversation through with him as well.


Hi tiger_01905:

 

I just found another thread  here that you started last week, and it appears that:

     a) Quads has successfully removed Backdoor.Pihar from your wife's computer
     b) Your own computer is now exhibiting mutilple problems with MS Office, Java and HP Wireless Assistant

 

You've posted very little information about the software versions you're using for Java, MS Office, NIS, etc. (your NIS version can be found at Support | About - the latest version is currently v. 21.1.0.18).  I noticed that you are running Service Pack 1 (SP1) of 32-bit Vista Home Premium.  Service Pack 2 (SP2) for Vista was released in April 2009, and if Quads can't find any malware on your system to explain these problems you might find that a few software updates could improve your system performance.

 

A scan with the FileHippo Update Checker could give you a quick idea of how out of date some of your third-party (non-Windows) software is.  I would normally recommend a scan with Secunia PSI (Personal Software Inspector) with automatic software updating disabled to look for unpatched security holes in your software as well but I'm not sure that your HP Pavillion dv9700 has enough free RAM / disk space to run a PSI scan.

 

This information is for future reference only - please don't make any changes to your current system if you plan on asking for help with malware remediation.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 25.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40 * Secunia PSI 2.0.0.3003
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

I have closed the other thread as the user has started this thread (another forum doing whatever).  at the same time.

 

 

Quads