While online surfing(not downloading anything) I got the Norton alert that a downloaded file was safe. As I said I was not downloading anything. I checked my security history and saw this:

Category: Download Insight
Date & Time,Risk,Activity,Status,Path - Filename
2/10/2014 3:11:53 AM,Info,Download Insight analyzed 5A1DA1AA.TMP,Access allowed,c:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\5A1DA1AA.TMP

A few minutes later I checked the security history again and saw this:

Category: Norton Product Tamper Protection
Date & Time,Risk,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Action,Reaction,Terminal Session
2/10/2014 3:19:02 AM,Medium,Unauthorized access blocked (File System Directory Set Security),Blocked,No Action Required,2/10/2014 3:19:02 AM,C:\WINDOWS\SYSTEM32\DLLHOST.EXE,18288,C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp,File System Directory Set Security,Unauthorized access blocked,1

Is this normal? Some file downloaded into a folder and a few minutes later that folder has an unauthorized access attempt blocked. Thanks for your help.

I forgot to mention that I was denied access to the folder where that file was downloaded.

Norton tamper protection just stops anything from accessing Norton files. Many things do attempt access. Norton blocks them from touching its files. Not a problem.

Thanks for the reply. What is bothering me the most is not knowing where the tmp file came from. If I knew it was downloaded via Norton 360 I wouldn't worry. I was surfing on Ebay when the file downloaded and I got the alert saying the tmp file was safe. I had just come from watching a video on YouTube. Any ideas where the tmp file would have come from?

No idea. I had assumed that you knew what it was. Have you had any unusual behaviour in your browsers?

No browser issues that I noticed.  Now you understand the concern from my first post. Could a bad/infected advertising file cause a tmp file to be downloaded? As both ebay and Youtube have lots of advertising. Do you know what Norton 360 program module that "SRTSP" does? If there is something(tmp file) that downloaded from a site with advertising what "HACKING" value is there to be put into the SRTSP folder?  I am still getting a lot of attacks on the Norton 360 program. Norton reports they are blocked. Hope so.  Thanks

Hi, photon2014. SRTSP is a Norton driver used for scanning files.

Asdelphinium says,many processes will be blocked by Norton from accessing the program.

In regard to the temporary files, do you use CCleaner ?

Sometimes when cleaning, it will throw up these strange sounding files.

Thanks for the info what SRTSP does. I do not use CCleaner. As I said I was surfing and this tmp file downloaded and went into that folder. I do not know where it came from or what is doing. If you look at my first post again you will see that access was allowed. Allowed to do do what? Thanks Again.

Hi, photon2014. Norton has scanned the temporary file,found it not to be malicious and therefore allowed it.

It's a temporary file, associated with the scanner driver activity.

Nothing to worry about.

Same date, same folder, different .TMP file name, different outcome:

NIS 20-4-0-40

Filename: Suspicious.Cloud.7.F

Full Path: Not Available

____________________________

Details

Unknown Community Usage,  Unknown Age,  Risk High

Origin

Downloaded from? Unknown

Activity

Actions performed: Actions performed: 1

____________________________

On computers as of Not Available

Last Used 10/02/2014 at 6:48:54 PM

Startup Item No

Launched No

____________________________

Unknown

It is unknown how many users in the Norton Community have used this file.

Unknown

This file release is currently not known.

High

This file risk is high.

Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.

____________________________

Source: External Media

?

____________________________

File Actions

File: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\srtsp\srtetmp\2e23fe97.tmp No fix attempted

____________________________

File Thumbprint - SHA:

Not available File

Thumbprint - MD5: Not available

Based on the above, it looks like Norton detected one of it's own temporary files as a threat. At this stage, I'd suggest that what we are seeing is the result of a faulty update delivered via LiveUpdate. It would be interesting to hear from others who see either of these events occurring on this date in their Norton Security History.

Thanks in advance.

---

photon2014 wrote:

Thanks for the reply. What is bothering me the most is not knowing where the tmp file came from. If I knew it was downloaded via Norton 360 I wouldn't worry. I was surfing on Ebay when the file downloaded and I got the alert saying the tmp file was safe. I had just come from watching a video on YouTube. Any ideas where the tmp file would have come from?

---

Hi, photon2014.

Were you using Chrome when this file was downloaded by any chance? 

If so, you "probably" have nothing to worry about.  Google often updates Chrome automatically while you're using it to surf the Web and these files usually have nonsensical titles.  This article (see link) mainly talks about Flash Player being downloaded/installed onto Chrome without asking for permission, but it also mentions that this applies to Chrome updates in general.

http://www.computerworld.com/s/article/9174581/Google_s_Chrome_now_silently_auto_updates_Flash_Player

I'm beginning to like Chrome less and less............Google is way too intrusive, period.

That's why I use Firefox almost exclusively.  Love that NoScript add-on!