I had some problems with NIS 2011 - it wouldn't let me get to settings. So I uninstalled and reinstalled. Liveupdate, run scan, etc.
In program control I noticed the program "System" - without an icon, or executable path, etc. It just looked funny. I've uploaded a screenshot for view. Notice the other programs have executables and paths? This "system" has full access to the network - in out, etc.
I blocked it and I can still access everything - so far (i.e. internet, email,etc.)
Does anyone/has anyone had any experience with this? NIS is not picking up any virus/spyware activity and I have all my settings set to aggressive - boot and heuristic.
Any help would be appreciated.
Okay, no attachment I guess since we can't post screenshots.
Hi thepregnantgod,
"System" encompasses processes associated with the operating system and allows outbound communications as dbrisendine explains in this thread:
http://community.norton.com/t5/Norton-Internet-Security-Norton/NIS-2010-Program-Control/m-p/214065/message-uid/214065/highlight/true#U214065
From:
http://community.norton.com/t5/Norton-Internet-Security-Norton/NIS-2010-Program-Control/m-p/214065/...
In looking at the System Program rules (Smart Firewall > Program Rules > modify) you can see the details of the rules Norton has made for the System to follow. On my system, there are three. Selecting each one individually and then clicking on modify will let one view the details of the rule's settings.
The first rule allows my system to send a packet to any computer BUT only on the port used for establishing a remote domain connection (port 53). A computer uses this to request a network connection / joining a network that has a domain control server. The Firewall allows this to any computer because it does not know what network domain it will be connected to, at first.
The second rule allows my system to send a packet to any computer BUT only on a port used for MS remote-ds (port 445). Again, this is used to establish / join a remote network.
The third rule allows my system to send a packet to any computer BUT only on the ports used for Net-Bios services (ports 137 and 138). Again, this is part of the process of allowing a computer to join in a established network, be it online or in a office or home network.
Leaving port 445 open is a major security risk: http://www.speedguide.net/port.php?port=445. There are other safer ways to connect remotely if that is needed. For the average home PC user it is not. I would block that rule if present under the NIS generated System rule.
I have also seen outbound leakage on ports 137 and 138 from the NIS default System generated rule and have noted such in this forum.