I have the Norton 360.21.1.0.18 system installed (I believe it's the most current).
Under NORTON INSIGHT, there are 27 files connected with Trusteer Rapport. All except 2 are listed as Norton Trusted. Why are the following listed only as Good?
rapportsetup.exe
rapportutil.dll
Since this service adds extra protection specifically for banking online, I like to have it. Still I'm curious as to why 2 of the 27 files are rated as good while the others are rated as trusted? I've been in touch with the Trusteer Support Team and they do not understand either although they confirm Norton is supports by their service.
I have the Norton 360.21.1.0.18 system installed (I believe it's the most current).
Under NORTON INSIGHT, there are 27 files connected with Trusteer Rapport. All except 2 are listed as Norton Trusted. Why are the following listed only as Good?
rapportsetup.exe
rapportutil.dll
Since this service adds extra protection specifically for banking online, I like to have it. Still I'm curious as to why 2 of the 27 files are rated as good while the others are rated as trusted? I've been in touch with the Trusteer Support Team and they do not understand either although they confirm Norton is supports by their service.
Thanks for the reply and information. If the answer is as simple as Symantec not yet having an opportunity to evaluate the files yet, is there any way I can "request" evaluation of the two files in question?
Like all other programs, Trusteer updates from time to time and have done so many times since I installed it years ago. Clearly, I AM NOT A COMPUTER EXPERT, but I would think if they update, they "replace" the existing files on my laptop with new versions as is the case with all programs. When a file is updated with an existing file, does Norton keep the "Trusted" rating for the replaced file? If that is the case, it means that over the past couple of years Norton has made 25 of the 27 Trusteer files Trusted.
When Norton recently updated Norton 360, I started getting warnings (15 to 20) under Security History every time I do my back-up. Every warning says "Unauthorized access blocked (Access Process Data)" showing medium severity and status blocked. Every one of them refers to a Norton file and when I talked to Norton Support, they said there was nothing to worry about, that it was a normal thing with the new edition even though it did not happen with the previous one. I used to get the same warnings for Trusteer. I suppose I'm wondering if Symantec has not evaluated their own files yet, or is this one of those "we're working on it" things?
The two items are similar in that I get the same warnings under Security History except Trusteer's warnings are now only 1 or 2. Perhaps Symantec can take a look at their latest Norton 360 download and make sure all the files are evaluated and shown as Trusted. Perhaps that will get rid of all these warnings under Security History. Thanks again for your continued help.
The "Unautorized access blocked" log entries occur whenever any program (or even Windows processes themselves) attempt to access a Norton file or process. Norton does not allow any outside agent, trusted or otherwise, to access anything that belongs to Norton. No matter what the reputation rating assigned to the Trusteer files, if they try to access Norton they will be blocked and a log entry created. You can disregard these log entries - a legitimate program (Trusteer) has tried to access a Norton process and was prevented from doing so - it happens with many programs frequently, is a normal Norton function, and does not indicate any sort of security concern.
As to trusting the Trusteer files, it is not necessary. As long as they are not considered to be risks ("Good" is good), it doesn't matter what the reputation rating is from a security standpoint. The only thing a "Trusted" rating would get you would be an imperceptible system performance increase because Norton would not bother to scan those files every time they are accessed. And no, a trusted status is not retained through an update - the slightest change in a file will cause Norton to remove the "Trusted" rating and reclassify the file,
Really, you needn't be concerned about either of these things - they have to do with keeping Norton itself undisturbed by outside agents, and optimizing Norton's scanning efficiency. Neither of them are directly involved with the day-to-day protection of your system.
Thanks for the reply and I've stopped thinking about Trusteer Rapport. However, I'm still wondering why the log entries for all the Norton files are appearing. I understand what you're saying about when other programs try to access a Norton file a log entry is made. The problem is before the latest version of Norton 360 was installed, I never received a log entry for a Norton file. So why am I now getting 15-20 warnings listed after I do my weekly back-up (I run all the tasks listed)?
I realize I don't have to worry about the log entries "Unauthorized Access Blocked", but this never happened (Norton files being listed as log entries) with the previous version. Again, I think I've been told by phone by a Norton tech person that they're still implementing the latest version, and I know I don't need to worry, that I'm fully protected, but I'd just like to know why so many appear in the report every week when they didn't with the previous version. Again, this applies only to the Norton files.
Again, this is just curiosity, wondering if the tech department is still making "adjustments" thus causing these log entries.
Can't tell you how much I appreciate your patience.
I'm not sure that I follow you. Norton Product Tamper Protection is specific to Norton files (and a few miscellaneous registry keys). The only time you will ever see a log entry is when an outside agent has attempted to access a Norton file or process. The monitoring and logging are tweaked from time to time, so every once in a while you may notice entries for a program that you have not seen before, but that is simply due to a change in what is being logged. The logging is intended to assist in troubleshooting those rare cases where some software may crash or become unresponsive, rather than continuing to run normally, after being denied access to a Norton file or process. If you have a program that suddenly starts having issues, you can check the Norton Product Tamper Protection logs to see if the problems correlate with tamper protection events.
First, thanks for your most recent reply. Unfortunately I'm having problems understanding what you're saying as far as the "unauthorized access blocked" comments. I did my weekly back-up yesterday and a week ago, still getting dozens of the log entries about Norton files, but if I'm understanding you, I shouldn't care even though it never happened with the previous 360 version. So I've decided to ignore the logs which will perhaps disappear in the future as your techs keep working on this newest Norton 360 version. But thank you for trying.
Second, I wanted to let you know that yesterday, after the back-up, I was checking the results and theTrusteer Rapport items I originally wrote about are now listed under Firewall Settings/Program Rules as Norton Trusted instead of Good. Obviously Norton and Trusteer got together and fixed the rating or something was done but my original "problem" has been completely resolved. Thought you'd be interested.
Thanks again for all your help and patience. I have not marked anything as the answer because I'm not technical enough to know if the "unauthorized access blocked" question has been answered or not (please understand I say this purely because Norton logs never appeared with the 360.21.0.1.3 version or any of the previous versions I've had installed). However, I think what I got from your comments is I shouldn't be worried about any warning logs dealing with Norton files, that I'm completely protected by my Norton 360.21.1.0.18 version which is the most up-to-date.
Keep in mind that it is not just Norton that changes, perhaps how or what it logs, but other programs as well. Trusteer may have made some changes that cause it to access more Norton files than it did before, which in turn increases the Norton logging of those events. Tamper protection responds only to what other programs are doing to its files.