I've just installed Norton Internet Security 4.0 for Mac, on my Mac OS X 10.5 (24" iMac). It ran fine until I tried to turn on Application Blocking --
1) First, it automatically blocked /System/Library/Filesystems/AppleShare/check_afp, without prompting me to allow it to go out, unlike several other Internet applications. I couldn't unblock it or allow it (when I tried to manually browse to the file to add it, Norton told me "Permission Denied"). Nothing seemed to be wrong, so I continued using the Mac, but after a while the Mac crashed on me. After restarting, I could not login to any of the accounts; after logging in, the Finder refused to load and the screen stayed as the default wallpaper. Only a forced shutdown followed by a Safe Mode boot, and uninstallation of Norton worked. After another reboot, the Mac OS alerted that there had been a crash in the check_afp application and asked for permission to send the logs to Apple. It seems like check_afp crashed after not being able to access the network.
2) I'm stubborn, so I tried reinstalling Norton. Again, everything worked fine initially. So I tried enabling Application Blocking again. This time, no complaints about check_afp. Went through the applications one-by-one to get them added to the whitelist. Then, I tried switching to my wife's login, and it froze; couldn't complete the login (Finder didn't load, again, and had to force shutdown, Safe Boot, uninstall (just the Firewall this time), and reboot.
I opened the SQLite database saved under the "Saved Symantec Data" (SymAppBlockingLog); these are the applications listed as "Action=2", which I assume are the "Blocked" applications:
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Support/mdworker
/System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/ATSServer
/System/Library/CoreServices/pbs
(The "direction" for all of these was "2", which appears to be for Outgoing traffic)
Am I a total idiot doing this wrongly, or is Application Blocking broken?
- J