I am using Norton Security Suite - Version: 4.2.0.12 - provided by Comcast, running on Windows XP Service Pack 3.
Has there been any recent updates or changes to the tamper protection and/or the security history which would account for the following? I am no longer receiving any messages of tamper detections in the security history. I used to receive "unauthorized access blocked" messages for Google Update regularly (once every hour), as well as other programs such as Services.exe (usually on a restart), or if I was running another scan such as Malwarebytes. For the past maybe 24 hours I have received no such messages.
Also, all such previous messages in the security history no longer appear there. I'm pretty sure I did not delete them as the only security history I have deleted has been firewall activities, which haven't deleted tamper notices in the past. Does Norton ever automatically delete history items if they become too clogged? And lastly, I have verified under administrative settings that Tamper Protection is still turned on.
second, please go to add/remove and delete all the old version of Java that you have listed there. Also go to the Java cache and delete all the temp files and cache files. You can get to the Java cache thru the Java Control Panel which is in the windows control panel. Then go to Java and get the latest java which is version 21. After you get that, then go thru the settings and set the temp files to not be stored on your computer. Your computer will download any files it needs when you use a program that uses java. I would disable the automatic update for Java and go weekly to the java site and check to see if you are running the current version. Please see this link for more information about staying clean with Java. It's a different problem, but it still has to do with keeping Java clean.
It probably doesn't matter but should I remove all the old versions of Java first or delete the cache first? Also in the Java control panel, under temporary files, there is a settings button and a view button (which says Show the Java Cache Viewer). I was checking out the Java control yesterday and clicked the view button and it froze up. I didn't wait that long for it to load, but I ended up having to end the task. Is this normal?
The tamper protection disappearing is still vexing too.
First, the "access blocked" and "send terminate message to window" are very common entries in the Norton Product Tamper Protection logs and do not indicate anything being amiss. They just tell you the reason for each log entry, i.e., what NPTP was doing and why. It sounds like your NPTP activities were nothing out of the ordinary, so I think you can rule out anything that NPTP was doing as a cause of the logging issue you are having.
Is Norton Product Tamper Protection the only area that is no longer being logged? There have been cases where a log has filled up and rather than overwriting old entries, as it should, the program has just ceased creating new entries. I am not aware of any cases where the existing entries have disappeared, however. When you go to the NPTP log does it say "There are currently no items to view in this category," or is it completely blank? I would try clearing the entire history (you can export everything beforehand if you need to keep a record) and see if logging resumes normally.
As for ctfmon.exe, it is a WIndows process that Microsoft is very insistent on running in the background whether you actually need it or not. You should not remove it, and it really doesn't use much in the way of system resources. If you really don't want it around follow the instructions in this Microsoft KB article on the proper methods to prevent the process from running:
I am using Norton Security Suite - Version: 4.2.0.12 - provided by Comcast, running on Windows XP Service Pack 3.
Has there been any recent updates or changes to the tamper protection and/or the security history which would account for the following? I am no longer receiving any messages of tamper detections in the security history. I used to receive "unauthorized access blocked" messages for Google Update regularly (once every hour), as well as other programs such as Services.exe (usually on a restart), or if I was running another scan such as Malwarebytes. For the past maybe 24 hours I have received no such messages.
Also, all such previous messages in the security history no longer appear there. I'm pretty sure I did not delete them as the only security history I have deleted has been firewall activities, which haven't deleted tamper notices in the past. Does Norton ever automatically delete history items if they become too clogged? And lastly, I have verified under administrative settings that Tamper Protection is still turned on.
I'm pretty sure the Tamper Protection is the only area no longer being logged. The log is not blank, it says "There are currently no items to view in this category". It is possible the log got filled up because I have never deleted NPTP logs and I was getting at least one every hour from Google Update, plus other sources, so it filled up pretty quick.
I also frequently get logs on firewall activities saying "unused port blocking has blocked communications", which can fill up pretty fast. I am pretty positive this is simply a result of my BitTorrent usage as the ports being blocked are the ones I keep open for BitTorrent. However the combination of the BitTorrent logs and the NPTP logs can make the history fill up fast, but the only logs I have deleted are the firewall activities, and the firewall activity logs are still coming.
I will delete the entire history and restart my computer and see if that helps. The only history I had not been sure of was the Quarantine, and whether "Clear Entries" actually permanently removed the viruses from my computer. However, after browsing the forum it seems like it does completely remove the malware.
"Clear enrtres" will clear all items from Quarantine when you are viewing that category. "Clear History" clears everything in History, including anything that might be stored in Quarantine.
I was just concerned if the items in Quarantine were not just deleted from the log but from the computer too. But when I removed them my free disc space increased a little so that's probably confirmation.
I cleared the entire history and restarted my computer. I have not received any NPTP logs yet, and I usually did when I restarted in the past. There also used to be a Tamper log at the 6th minute of every hour for Google Update. A curious thing is firewall activities recorded Google Update at the 6th minute this hour. Then two minutes later it said "firewall configuration updated", and the only log that had happened was the Google Update. Maybe the firewall rules superceded Tamper Protection in some way, I don't know what else to think.
I am beginning to wonder if Tamper Protection is turned off. Try toggling the Tamper Protection button. Turn off Tamper Protection, click OK, and exit the Norton window. Then open the program again and re-enable the feature.
I tried this yesterday so I don't think it's the problem. I even disabled it, set it to come back on upon restart, and then restarted the computer, and nothing changed. I think I used "Quick Controls" on the main settings window yesterday, so I just toggled it through the administrative settings just now, I doubt that will make a difference though. I'll run a quick scan with Microsoft Security Essentials which should trigger Tamper Protection. (I have Real-time protection turned off for MSS, I just use it for on-demand scanning.)
I toggled Tamper Protection off and on and ran a quick scan with MSS, which probably should have caused a log, but no logs have happened. I don't know, this is a really odd problem. I'm not that overly concerned it's affecting my security as none of the tamper logs in the past have seemed that suspicious. However, maybe if I uninstall and reinstall Norton it will fix the problem. I'll sleep on it for now. Thanks for any other help.
However, maybe if I uninstall and reinstall Norton it will fix the problem.
That was going to be my next suggestion. Since it is not clear if this is a Tamper Protection problem rather than just a logging problem, I would certainly try a reinstallation. If you don't have any other Norton products installed I would advise you to run the Norton Removal Tool twice before reinstalling to make sure that you clean up the stuff hiding in the crevices, such as a bad registry entry, that might be causing the issue.
I'm not using the comcast product, but I have lost most of my history before in NIS 2010.
When I say most, I mean that some of the catagories were uneffected but most of them became empty (It said there is currently no items to view).
I'm positive there were history items there, even my quarantine history was empty and I knew there was an item in quarentine before. I also lost my exclusion list and I use Radmin that needs to be excluded.
I thought that was strange because radmin was working fine and norton wasn't cpmplaining about it.
I do recall that a week or so before I noticed everything gone my system went into a chkdsk on a reboot for no apparent reason and it "fixed" some norton files.
I ended up un-installing NIS and I chose the setting to save all the log files and quarantine items.
Then I re-installed and not only did the history work again it showed everything from the original install except a couple week period ending at the time I noticed the problem and did the reinstall.
I still had to redo all my exclusions, settings and update everything, last time I checked it was still working.
I will probably end up reinstalling at some point soon, I'm just a little hesitant because everything else is working fine. I already deleted my entire history though, so I don't think I'll be getting anything back.
The only thing not seeming to log is Tamper Protection, it seems like there's a chance Norton changed the logging activities for this in an update. The same night I noticed the Tamper Protection logs no longer showing up, a virus scan detected a heuristic virus for the first time, which makes me think there is a good chance Norton updated a couple things causing all this. The heuristic virus was a .WMA file that said was a Bloodhound.Exploit.101, I'm pretty sure it was a false positive but I deleted the file anyway.
If Tamper Protection was really not working, what do you think would happen to Norton if ctfmon.exe tried to do whatever it is doing when the "send terminate message to window" log used to come up? I'm just curious what that would do.