Quick scans and firewall configuration updates?

Ok in still an NIS 2012 guy
Ok whenever I get new virus def updates an automatic quick scan will run.
That’s like it should , I’m glad, no problem here

But it seems like after the quick scan runs and completes, there will be another entry in the recent history that says:
Firewall configuration updated- then say how many firewall rules there are
Sometimes the number if firewall rules stays the same as previous entry
Example
11:00am it will note
Firewall configuration update- 61 rules
17:30
Firewall configuration update-61 rules

Now this happens most times that quick scans run ( once or twice it did not happen )
And it happens even if the automatic Clive updates contains only virus def set update

Is this normal? Why would quick scan cause firewall configuration update?

" Is this normal? Why would quick scan cause firewall configuration update?"

 

This always happened, at least for the 3 latest versions of NIS and it's supposed to happen.

It's not the idle quick scans triggering this activity but the installation of the latest set of Virus defs.

This entry is created 1 minute after the latest set of virus defs is installed and applied in NIS Virus defs local database.

 

Regards,

Thanks Apostolos
Glad to see this is normal
Now I have to say that once in a awhile, after the virus defs set updates, I do NOT get the firewall configuration update message.
Is that a bad sign?

" Now I have to say that once in a awhile"

 

Me too I see this behavior, but as you said: once in a awhile.

Most of the time I get the message that Firewall rules are updated.

I believe it has something to do with the latest installed set of Virus defs, maybe sometimes there is no need for updating Firewall rules but once again, most of the time you will see that Firewall rules are updated.

IMO, your product is working properly.

 

Best regards,

First, many many thanks for this information.
I checked my history this morning out of curiosity and saw a few things that raised a few more questions for me
So yesterday at about 5:52pm automatic live update ran and I received updated virus defs, intrusion prevention updates and web protection updates.
Quick scan ran and firewall configuration update was logged
Then 3:22am this morning, automatic live update ran. Received virus def update and web protection update
Quick scan ran. However no firewall configuration update noted
Then 4:48am another automatic live update contained no virus def update but web protection update
After this update a log entry if firewall configuration update is seen. Even though no virus defs we’re downloaded with the update ( no pulse update noted either)
So it confuses me why the firewall configuration update when no virus self was downloaded on this live update?

" So it confuses me why the firewall configuration update when no virus self was downloaded on this live update?"

 

Hi,

 

As I mentionned, sometimes Firewall rules are not updated and sometimes they are updated when NIS thinks it has to do so.

You may also have noticed, that many times even when the Firewall rules are updated the total amount of rules remains the same.

In NIS v.20 & v.21 the amount of rules is no longer present, just a simple notification.

Do not worry about this.

 

Regards,

Thanks again
I should also add that I have a full system scheduled scan that runs at 3:30 am and usually finishes around 4:45am
So it might have ben that the firewall configuration update that should have been associated with the 3:22 automatic live update and associated quick scan, did not get to run or log until after the full system scan

" So it might have ben that the firewall configuration update that should have been associated with the 3:22 automatic live update and associated quick scan, did not get to run or log until after the full system scan"

 

Very good point, could be this as well.

 

Regards,

Calls, I see so many people digging into their recent history and stressing over whether this or that should happen.

 

Providing your Norton product is working fine and you have that green tick icon sitting in your tray, then you can sit back and enjoy life.

 

Fwiw, I never check things, unless there's a definite problem.

 

Norton does a great job of looking after us on it's own !  :smileyhappy:

Hi,
F4E is right. Unless there’s a problem, logs are meant for informational purpose only. Just sit and watch it to kill your lesure time. Unnecessory worry too much with logs is a waste of time.


All live updates does not necessarily trigger a fire wall rule change / updation or new rule. Its the intrusion prevention (IPS) updates and web protection updates that cause firewall modification, not the virus definitions.

Hope it helps…

I agree that some like myself look at the logs too frequently.
However if I didn’t check the logs I would not have known that my automatic quick scan ( after virus def updates) was not running. Sigh

But back to this issue. I did a quick check of my log over the last few days. I see firewall configuration update entry sometimes only when the live update gave me just virus def update. Then sometimes when live update runs there is only web protection but not firewall configuration update
So not really sure what triggers the firewall configuration update
If there are any symantec staff who may still look on the forum, can anyone tell me what would trigger the firewall configuration update so I know if all is working ok?

Be nice if someone from Symantec could shed some light on thus


Calls wrote:
Be nice if someone from Symantec could shed some light on thus

Going back to what F4E said. Stop looking at logs. You are only creating stress for yourself.

 

Norton knows why things are logged and how the program works so we do not have to think about it. If there is a problem, Norton will notify you and then you can look at the logs to see what happened. If the Norton icon in the system tray has the green check mark, just enjoy your computer for the reasons you bought it.

 

 

 


Calls wrote:
I agree that some like myself look at the logs too frequently.
However if I didn't check the logs I would not have known that my automatic quick scan ( after virus def updates) was not running. Sigh

But back to this issue. I did a quick check of my log over the last few days. I see firewall configuration update entry sometimes only when the live update gave me just virus def update. Then sometimes when live update runs there is only web protection but not firewall configuration update
So not really sure what triggers the firewall configuration update
If there are any symantec staff who may still look on the forum, can anyone tell me what would triggee firewall configuration update so I know if all is working ok?

Ignore what's triggering the firewall update and concentrate on what the firewall update is doing.

 

One of the observable features of this firewall update is that it's performing a validation check to ensure that an existing firewall rule is actually linked to an application on your computer. If a mis-match is found, then the firewall rule will be deleted.

 

Try it for yourself (version 20 and earlier):

 

  1. Update your Flash Player via the Adobe website.
  2. The Norton firewall will create two new rules for the temporary files that are required to perform the update.
  3. Both of these files will be deleted when the Adobe Flash player update has been finalised.
  4. The Norton Firewall will notice that the temporary files have been deleted and will remove the corresponding firewall rules for these now non-existent applications.
  5. This behaviour will be shown by a rule adjustment count noted in your Security History log.

Let us know how you go.

 

Thanks