Hello All!

I'm a first time poster here, but have had N360 on my laptop since August this year.

I have some questions that relates to Norton Monthly Report. I hope that they can be answered so I can understand what is going on and how N360 is protecting my laptop.

Last night, I was using my laptop and the Monthly Report flashed up on screen (as I had set it to do) but under the PC security' section of the monthly report, it said:

7 threats detected

4 network threats blocked

I decided to click on both these links so I could identify what N360 had detected and blocked.

When I clicked on the option for '7 threats detected', it took me to the 'Resolved Security Risks' section of 'Security History', where I could see a number of 'events' (7 events in total that related to the last 30 days), all of them where the 'Virus Scanner' had removed tracking cookies. In total, for all 7 events, 51 tracking cookies were removed (no events existed where viruses or trojans were detected / removed).

Presumably then, the '7 threats detected' relates to the '7 events' listed in the 'Resolved Security Risks' section of Security History', rather than the 51 individual threats that were removed. Am I right in thinking this? Or has it resolved something else that has not been listed?

After this, I then clicked on the option for '4 Network threats blocked', it took me to the 'Recent History' section of 'Security History. My questions about this are:

1. What is a 'Network threat'?
2. Am I able to see exactly what network threats were blocked and if I can, where do I need to look exactly / how can I go about seeing what network threat was blocked?

I will say one thing about the wireless network I am connected to (which could be a factor). I am currently using a wireless connection that is unprotected (to my knowledge the router is not 'secured' with any password / key and I have verified this using the 'Network Security Map' where it says  the Network is not secure). However, I have no control over the router as the router belongs to the people whom I am working with (and have been for the last month - I have not connected to any other wireless network during this time).

Apologies for the length and detail of the post. I hope someone can help answer my questions and can help me understand what is going on.

Many thanks for your time and help!

Daniel

Welcome DanEd

The 7 threats are as you suspected, a report of the number of times threats were scanned and found during the month. They will include the 51 Tracking cookies.

The Network threats are probably attempts by bots on the internet to scan your computer for open ports. Norton stops these and you do not have to worry.

Because you are behind an unsecure router, you may see more network related threats dectected. If the owners have not secured it, they probably have not changed any other settings to ensure maximum protection.

To look for what the threats are, when you click on the network threats in the Monthly Report. Then at the top of the history window choose 'Firewall-Network and Connections. Look under the Severity column for something other than the info notice. See if you can find anything listed there. I do not have any threats in my history so I could not show you for sure.

Hi peterweb,

Thanks for your response to my questions. I've read through what you wrote and have looked at the 'Firewall-Network and connections' section of 'Security History and ordered them in order of 'Severity'.

From what I can see, apart from plenty of 'Info' events, there were a few 'High' severity events, all with the message 'You are connected to a wireless network that is not secure (Router's Gateway Physical Address)'. All of them occured whenever the laptop was turned on / restarted, but, according to the 'Firewall-Network and connections' log all occured over a 4 day period, starting on 26th November (up to and including 30th November when the Monthly Report was generated and popped up on-screen). They are still occuring now (whenever I turn on / restart the laptop), but by going through N360 home screen - Account - Check Monthly Report' today, I can see that there has been no change in the 'PC Security' statistics. So, my question here is: Does Norton Monthly Report collate and update itself with any relevant security information daily, or does it collate the information every 30 days? I'm just interested!

A thought did cross my mind earlier today and it's a shot in the dark - Could this be the 'Network Threat' that was blocked and Norton is protecting me against, i.e. the fact that the wireless network is unprotected is being classified as a 'Network Threat', even though I am not actually 'blocked' from the network itself as I can still use Internet/check emails succesfully, etc. and the Monthly hasn't updated itself yet? As I say, a shot in the dark, and it's probably incorrect, but it is just a thought!

One other question, which might sound a bit strange to ask:

1. Regarding the issue of bots attempting to scan my PC for open ports, it is agreed that Norton stops them - PERFECT! - but (without getting in too deep) do these bots target all or some PC's / laptops attached to the Internet and does N360 log these attempts? I can't find any evidence in the Security History that my laptop has been 'targeted', so I'm not sure if indeed bots have even tried to scan my laptop! Or, they have been and I've not looked hard enough in the Security History to see an entry!! Again, I'm just asking as I'm interested in issues relating to computer security!

Many thanks for your time and help! Much appreciated!

Daniel

---

DanEd wrote:

Hi peterweb,

 

Thanks for your response to my questions. I've read through what you wrote and have looked at the 'Firewall-Network and connections' section of 'Security History and ordered them in order of 'Severity'.

 

From what I can see, apart from plenty of 'Info' events, there were a few 'High' severity events, all with the message 'You are connected to a wireless network that is not secure (Router's Gateway Physical Address)'. All of them occured whenever the laptop was turned on / restarted, but, according to the 'Firewall-Network and connections' log all occured over a 4 day period, starting on 26th November (up to and including 30th November when the Monthly Report was generated and popped up on-screen). They are still occuring now (whenever I turn on / restart the laptop), but by going through N360 home screen - Account - Check Monthly Report' today, I can see that there has been no change in the 'PC Security' statistics. So, my question here is: Does Norton Monthly Report collate and update itself with any relevant security information daily, or does it collate the information every 30 days? I'm just interested!

 

A thought did cross my mind earlier today and it's a shot in the dark - Could this be the 'Network Threat' that was blocked and Norton is protecting me against, i.e. the fact that the wireless network is unprotected is being classified as a 'Network Threat', even though I am not actually 'blocked' from the network itself as I can still use Internet/check emails succesfully, etc. and the Monthly hasn't updated itself yet? As I say, a shot in the dark, and it's probably incorrect, but it is just a thought!

 

One other question, which might sound a bit strange to ask:

 

1. Regarding the issue of bots attempting to scan my PC for open ports, it is agreed that Norton stops them - PERFECT! - but (without getting in too deep) do these bots target all or some PC's / laptops attached to the Internet and does N360 log these attempts? I can't find any evidence in the Security History that my laptop has been 'targeted', so I'm not sure if indeed bots have even tried to scan my laptop! Or, they have been and I've not looked hard enough in the Security History to see an entry!! Again, I'm just asking as I'm interested in issues relating to computer security!

 

Many thanks for your time and help! Much appreciated!

 

Daniel

---

The monthly report does not update daily. As the name implies, it is generated once a month.

Those notices of the connection to the unsecure network are the Network Threats you got in the report.

As to your questions on the bots, they do scan the whole internet. They do not target a specific machine until they find a vulnerability. Norton does 'Stealth' the ports that these bots look for. Check the Gibson Research site to have a port scan done on your computer. This will show you what is 'visible' about your computer.  See   https://www.grc.com/x/ne.dll?bh0bkyd2   Do this while connected to the unsecure router to see that you are still protected.

peterweb wrote:

Check the Gibson Research site to have a port scan done on your computer. This will show you what is 'visible' about your computer.  See   https://www.grc.com/x/ne.dll?bh0bkyd2   Do this while connected to the unsecure router to see that you are still protected.

Actually, if you do this through a router, it will show the port configuration of the router, not the Norton Firewall, and it won't tell you anything about what is visible about the computer (because the computer itself is not visible to the internet or GRC).  The cause of the Monthly report entries is that when Norton detects an insecure wireless network, it automatically configures the Network Trust Level in the Network Security Map to "Protected" which causes all local traffic on the network coming into the PC to be subjected to the same firewall rules as internet traffic.  Norton is locking down the computer to prevent LAN traffic on an open network from being trusted.

Thanks SOJ

That was the point I was trying to make to the OP.

Being behind even an unsecured router will still have you protected.

Hi peterweb & SOJ,

Once again, many thanks for your help in answering my queries!

I have marked this thread as 'Solved' as all your replies have done the job in helping me understand how N360 & Monthly report works and how N360 is protecting my PC. 

Once again, many thanks and all th best!

Daniel

Now you just have to try to convince your employer to secure the router properly.