At present if the user has a TDL rootkit on their system that Norton does not detect Intrusion Protection prevents it from accessing the internet and says blocked-no further action required. This is misleading since much further action is required and it leaves the average user completely unaware that they have a rootkit.

My suggestion is that Intrusion Protection be improved so that it will alert the user to the presence of a TDL rootkit based on the data collected from the connection attempt alone, the connection would still be blocked, but instead of saying no action required, it would alert the user to the presence of a rootkit.  

Check this thread for screenshots and more info, especially Quads post:  Link