As of today out of the blue it keeps blocking the ip address that happens to be the same as my DSL box.

Why? is it trying to say it thinks I am attacking my own computer? or is it saying some other source might be trying to attack me? I keep saying "unblock"  but it keeps happening.

Not sure exactly what this all means or is there a way to let Norton know that address is me?

Sorry new to Norton product and this is the first time this happening to me since I installed the product back in December.

I have windows 7 x64 home addition .... 17.5.0.127

Any suggestions and help in the direction I need to take would be greatly appreciated.

Thank you!

Dawn

drive by download? what is that?

I don't see anything different listed in my history. after it blocked my internet access.

I had 1 windows update as of today but it was for IE8 compatibility thing. I restarted my computer. ran full system scan it only found 2 cookies.

It states no new windows update found.

What do I need to do from here?

Thanks

Can you post the details from the History log entries about the Blocking in Intrusion Prevention?

As of today out of the blue it keeps blocking the ip address that happens to be the same as my DSL box.

Why? is it trying to say it thinks I am attacking my own computer? or is it saying some other source might be trying to attack me? I keep saying "unblock"  but it keeps happening.

Not sure exactly what this all means or is there a way to let Norton know that address is me?

Sorry new to Norton product and this is the first time this happening to me since I installed the product back in December.

I have windows 7 x64 home addition .... 17.5.0.127

Any suggestions and help in the direction I need to take would be greatly appreciated.

Thank you!

Dawn

I've never created a screen shot before. I tried to export the file but that doesn't work

if someone could please give me direction. Sorry ....Thanks

Sure:  here is a link that will help you out:

http://community.norton.com/t5/Forum-Feedback/How-to-upload-images-to-the-forums/m-p/68376

sorry I should have been more clearer.

I need to start from scratch. How do I begin getting my history to a file so I can provide in an attatchment?

this is all knew to me. I tried to export it as a text file but it states that Norton/windows is having a problem and must close.

I can say after the blockage all it states is this

ips address has disappeared from adapter fe80 8fc 1ead b97 cda 9812 or 2001 41379e764c9 2698 b97

this is the only 2 things that appears after it blocked my ip ...otherwise no other history appears in the log.

hope that helps at least.

Here is a Web Link with what a Drive-By Download is: http://safeweb.norton.com/safety.

You need to Create a Screen Shot.  Once you create a Screen Shot, click on the wee Tree symbol, then follow the instructions that was posted about Uploading Screen Shots.

----------------------------------------------------------------------

It looks as though you're looking at the "Recent History"; please make sure it is "Intrusion Prevention you're looking at from the Drop-Down Menu.

dawnk, it might be simpler to first provide the text associated with the IPS notification. No need to attach images, just transcribe the text into a post.

When the autoblock occurs, do you lose network connectivity?

What browser are you using when you get these notifications?

Lastly, if the remote port/service listed in the IPS notification is 53, this is probably a false positive detection and can safely be ignored (but I'd still like to know that you're seeing it so that I can work on getting it resolved.)

---

reese_anschultz wrote:

dawnk, it might be simpler to first provide the text associated with the IPS notification. No need to attach images, just transcribe the text into a post.

 

When the autoblock occurs, do you lose network connectivity?

Yes, I did for a brief moment. {maybe 5mins or so} that is how I noticed the problem.

 

What browser are you using when you get these notifications?

IE8 -64bytes

 

Lastly, if the remote port/service listed in the IPS notification is 53, this is probably a false positive detection and can safely be ignored (but I'd still like to know that you're seeing it so that I can work on getting it resolved.)

 

I've tried to click on the ips log in the drop down box like suggested in a previous post, but I keep getting this response - Symantec security history has stopped and windows is searching for a solution ..will close program now. Tried several times last night and tonight and still got the same response. I know I had it in the past when trying to access "recent history" but after a while I was able to get it to work.

 

---

Should I still be concerned? I haven't had another hit since I posted on the board and I restarted my computer after installing my windows update yesterday evening.

 

I read the article about Drive -by download ...not sure what I need to look for ..the computer seems to be running smoothly ..no slow response time.. I ran a full norton scan and it only found 2 tracking cookies.

I hate to assume this was just a fluke and go about my business .... since it did block my IP address can I feel secure that nothing really attacked my computer and won't try to do harm at a later point?

 

Thanks for all your help!

 

Dawn

 

 

 

 

Since the attack is from your router, I suspect that this was a false positive detection. The fact that a full system scan only found cookies helps to confirm that. I am concerned that you can't inspect your security history though.

---

reese_anschultz wrote:

Since the attack is from your router, I suspect that this was a false positive detection. The fact that a full system scan only found cookies helps to confirm that. I am concerned that you can't inspect your security history though.

---

 

Thanks.

 

I believe from the very beginning I was never able to open IPS intrustion.

I am able to open all the others. Which was puzzling but I never really questioned it because I never had to open since then. I can tell you in recent history log ....I'm always getting this - Medium alert - An intrusion attempt by

"my dsl box ip address" was blocked... everytime I  log on to IE8 or Firefox. When I click on it I can never open it. I was always curious why that happens everytime I log on. Is there a reason?

 

I don't have malwarebytes downloaded ..should I? and get a 2nd opinion?

 

Also, on a side note - If you wouldn't mind answering another question - I'm going to be away on a trip for 2 weeks.

I notice there's a thing to click on to block all access until you log back on ...but the one thing I have noticed is that cuts off my dsl box/internet access and the live updates don't run. Would this cause a huge problem with Norton and updates if I check BLOCK until I get back??

 

Thanks

 

dawnk:

Please have a look at this innformation from SendofJive to see if it helps. If you are having trouble with connectivity, it might explain the "attacks."

http://community.norton.com/t5/Norton-Internet-Security-Norton/1-other-issue-w-my-new-Norton-ISP-is-attacking-me/m-p/215387/highlight/true#M106243

This address would appear to be the IPv6 IP address dropping off.  IPv6 is not commonly used as yet, so it "disappears" and is not protected.

ips address has disappeared from adapter fe80 8fc 1ead b97 cda 9812

---

dawnk wrote:

Thanks.

 

I believe from the very beginning I was never able to open IPS intrustion.

I am able to open all the others. Which was puzzling but I never really questioned it because I never had to open since then. I can tell you in recent history log ....I'm always getting this - Medium alert - An intrusion attempt by

"my dsl box ip address" was blocked... everytime I  log on to IE8 or Firefox. When I click on it I can never open it. I was always curious why that happens everytime I log on. Is there a reason?

 

I don't have malwarebytes downloaded ..should I? and get a 2nd opinion?

 

Also, on a side note - If you wouldn't mind answering another question - I'm going to be away on a trip for 2 weeks.

I notice there's a thing to click on to block all access until you log back on ...but the one thing I have noticed is that cuts off my dsl box/internet access and the live updates don't run. Would this cause a huge problem with Norton and updates if I check BLOCK until I get back??

 

Thanks

 

 

---

You may have to uninstall and reinstall to fix the IPS history issue. The gurus here are very proficient at guiding people through this process.

If the error is the one that I suspect, the problem is probably due to the home page that you've set for your browsers. It's not actually a problem with the page itself but the page probably has content from a larger number of web sites and that can trigger the problem. Example pages like this would include news sites or site that consolidate content from other sites.

If you're going to be away and are considering enabling the block all traffic option, I would suggest that you simply shut the machine off. It's the safest and most energy conservative choice. To specifically answer your question, though, it wouldn't cause a problem. The moment you re-enable Internet access your Norton product would download a bunch of updates to catch up.

I was afraid that would be the answer.

My home page - I have set at "about:blank"

I used to have it at aol.com but changed it a while back.

So there's really no better option and I don't see the alert as a threat just something I've learned to look past.

Thanks again for all your help and suggestions.

Dawn

---

dawnk wrote:

 

I was afraid that would be the answer.

 

My home page - I have set at "about:blank"

I used to have it at aol.com but changed it a while back.

So there's really no better option and I don't see the alert as a threat just something I've learned to look past.

 

Thanks again for all your help and suggestions.

 

Dawn

 

 

 

 

---

about:blank shouldn't be generating any sort of notification so I was wrong there...

---

reese_anschultz wrote:

The fact that a full system scan only found cookies helps to confirm that.

---

This is not always the case as I've had Malwarebytes' and SUPERAntiSpyware Detect Threats that Norton missed, which is why I'd highly recommend you get those programs.  Norton 2010 Products does have a very good Detection Rate as Norton has caught Threats which Malwarebytes' Anti-Malware and SUPERAntiSpyware Free Edition missed.

Thanks floating red

I took your advice and d/l the free version of malwarebytes and it found 3 things.

I removed and restarted the computer as directed - Do I now need to remove from the quarantee list??

Now what?? since they removed them can I feel like it did its job and whatever happened is completely been removed? or do I need to do something more on my part?? take my machine in to get looked at?

Sorry so many questions ...not sure what more prevented steps I need to take.

Here's the log file

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/25/2010 6:39:51 PM
mbam-log-2010-03-25 (18-39-51).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 238071
Time elapsed: 25 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

any and all help would be greatly appreciated.

Thanks

Dawn

Hi,

The Threat was Removed. The reason why it was placed in Quarantine was so you could Re-Store the File(s) should it be a F.P., or your computer starts acting up.  The product makes a back-up copy before Removing it; this is Securely stored within the product on your system, and is not a Threat to your computer as the File(s) cannot do anything.  Think of it as the Files being placed in a cage/box which is locked and you're the person with the key.

You may now want to Re-Start in Safe Mode and do Full System Scans with Norton, Malwarebytes' and SUPERAntiSpyware Free Edition just to double check nothing else is lurking on your machine.  The reason why to do this is Safe Mode - Minimal is that only the critical Processes/Files are Started, so, this may help any Threat Files on your computer from Running which will enable the products to Detect them.  Please remember to Update before Re-Starting in Safe Mode. 

If you have any more questions or concerns, please do let us know; let us know how you get on, thanks.

Thanks I took your suggestion and ran Norton in safe mode and came up empty

Did MBAM also -but the 3 still appear ...so I did some research on the board and found these 2 listings

seems like by other findings these detections are nothing to be concerned with, right?

Thanks

Dawn