@Gribouille342 - Yep, that’s about the size of it. So how about we just don’t look at our history anymore. Question is, can we do it??? 
You guys have been busy bees while I’ve been taking care of some personal things lately. Haven’t had the proper time to boot and use version 25 yet. But what is posted here is in line with my thoughts as well. I’ve wanted to get to the core issue which is, why these ports are continuously opened and closed , logged as well for what reason? Telemetry is what my thinking was/is. But what an annoyance factor seeing all that trash in history has become.
SA
2 Likes
@SoulAsylum - Do you really think that @Gribouille342 and I are going to have a pleasant walk in the park while you’re doing personal things??? And you haven’t even dealt with V25!!!
If I may make a suggestion, either raise hell with Norton Support and get nowhere, or the three of us will simply NEVER EVER look at our history again?
What’s it gonna be, boy? Yes or no?
What’s it gonna be, boy?.. Yes or no? (Taken from Meatloaf’s classic album “Bat Out Of Hell” (1977)
@bjm I have one more ask. No hurry but when you get a chance, would you look for PID 4 on the list in your TaskManager’s Detail. When I looked over the netstat -aon results you posted for me the other day, there were only two UDP events using ports 137 and 138. They both were related to PID 4. It’s only a hunch but those may be the processes triggering UDP(17) in N360. In my Task Manager, PID 4 is a Windows system process.
I’m not seeing any UDP traffic using ports 137 - 139 on my computers. The reason may be because I have netBIOS disabled in all my computers, as I mentioned before. My computers are running Win10 but the process for disabling netBIOS is the same on Win11. It would be interesting to see if disabling netBIOS in Windows will stop UDP(17) events in N360.
I posted directions on disabling netBIOS last week on one of the N360 threads but can’t find it. Here it is again. https://www.thewindowsclub.com/enable-or-disable-netbios-over-tcp-ip-on-windows-10
1 Like
You’re not chicken. Prudent. As I posted, I use Public network and it’s disabled by default. Never enabled it but you asked how to change the setting. Some people have to enable the traffic through those ports depending on their needs.
In addition to the network setting, I had also created custom traffic rules specifically blocking ports 137, 138 and 139. That’s a different process (under Traffic Rules) and probably overkill since I use Public network default settings. But am glad I had them in place. When v24 installed, it kept creating multiple networks and randomly changing my network setting from public to private opening those ports by default. No rhyme or reason. It’s not good when settings get changed randomly. Hope Norton fixed that bug.
As an added measure, netBIOS is disabled in Windows on all my computes. That’s been in place for years and I’ve never had any connection issues.
1 Like
Norton wants to be absolutely certain that we’re getting useless information.
2 Likes
A how to fyi for those interested: * Note that in earlier posts we talked about LMMNR and how it coupled with NETBIOS may be what Norton is trying to log.
SA
2 Likes
Bonjour,
@Gribouille342 - Oui, c’est à peu près tout. Alors pourquoi ne plus simplement regarder notre histoire ? La question est : est-ce qu’on peut le faire ??? :sourire:
Pour répondre à votre question ci-dessus, je pense que personne ne nous interdira d’ouvrir les ports 137 à 139. Selon moi, chacun est maître de son pc et est donc libre, de faire ce qu’il souhaite.
Personnellement et comme je l’ai déjà évoqué dans l’un de mes messages, je ne le ferai pas sur mon pc actuel, car je considère ne pas avoir suffisamment d’expérience dans la gestion des ports d’un pare-feu. Cela étant dit, ce n’est que mon avis strictement personnel.
2 Likes
You’re not chicken. Prudent. As I posted, I use Public network and it’s disabled by default. Never enabled it but you asked how to change the setting. Some people have to enable the traffic through those ports depending on their needs.
Je vous remercie pour votre réponse faite à @majorbuzz.
Pour ma part, je la trouve très instructive et cela même, si je ne souhaite pas faire de modifications.
1 Like
Merci pour votre retour intéressant qui répond à la question de @Puzzler
@Puzzler – I’m just trying to be helpful. I see PID 4 on the list in my Task Manager’s Detail tab. Here’s a snap shot for you.
To be honest I’m getting very lost on this whole UDP (17) thing.
Since my PC appears to be running just fine, I’ll leave things just as they are and see if Norton Support calls back a second time. Cheers for now.
Oh yeah. I’m running Windows 10 Pro. Using Xfinity Gateway. Wi-Fi is disabled on Gateway. I did not disable the NetBios in control panel.
1 Like
Great! So at least for now it looks like disabling NetBIOS in Windows stops the annoying Blocked UDP(17) event logs in N360. Thank you for being willing to experiment. Since I’m still using V22, I had no way to check my hypothesis.
UDP(17) “Allowed” alerts are helpful since NetBIOS poses a potential security risk but the value of incessant “Blocked” notifications is questionable. Hope Norton will tweak this in a future release.
Another “ask” for Norton is that it provide more information on the source of alerts (either through the GUI or support pages) to eliminate the need for our detective work and make N360 more user friendly.
Thanks again, BJM.
2 Likes
If your UDP(17) alerts are showing up as Blocked and your system is working, then there’s no concern. That said, maybe disable NetBIOS in Windows to be on the safe side.
As you note, this was a winding path for sure. My goal in chasing this down the rabbit hole was to find the source of the numerous UDP(17) events popping up in N360’s Security History. The sheer number of events logged seemed excessive. The first step was to eliminate N360 using ports 137-139 for UDP traffic, which @BJM and I did. Next was to confirm that the source was a Windows process. Since UDP(17) is a protocol for networking and those events weren’t showing up on my computer before reverting to V22 from V24, I had a hunch that disabling NetBIOS in Windows might be the answer. NetBIOS has long been known to be a potential security risk in Windows, so one of the first things I do when I get a new Windows computer is to disable it.
Time will tell if this was the answer. Either way, GREAT teamwork on this community forum! Norton should pay us. 
Please let us know what you learn from Norton tech support, if you do hear from them.
1 Like
@Puzzler-- Hi Buddy. I took the leap that you did and disabled NetBios.
It’s been half an hour and I haven’t gotten a single UDP (17) notification. As you know, and I just found out Googling, that NetBios has no security really and every result came back saying it should be disabled. I know you know this. So I feel safe in what we did.
Thing is this … as of now this is what my firewall says … still set to block those ports …
yet all the old notifications NOW say allow, when they used to say blocked. Is this OK?
No. It shouldn’t be allowed. Did you check your Network setting in N360? Is your network still set for Public? As I posted elsewhere, N360 sometimes changed my setting from Pubic to Private. The default rule for Private networking is “allow”.
1 Like
@Puzzler - My network is set to private and allow which is correct.
The traffic rule for those ports looks like this now.
This configuration with the NetBios turned off looks like this above in my traffic rules (Firewall) which is the way it’s always been. With these settings, I don’t receive any UDP (17) notifications.
It’s all the OLD notifications before I changed these settings that for some reason now say allow. If this is NG Puzzler please let me know and I will turn NetBios back on and live with all the notifcations. Thanks my friend.
P.S. I don’t know where @bjm was going with his comment and two print screens, except to say, that’s thee way mine lookED before I made the change.
just posting that NetBIOS setting → Default: triggers UDP Blocked
1 Like