I'm running NIS 21.4.0.13 on Windows 8.1 64-bit. When looking through the security history I see many items labeled as 'Unauthorised access blocked (retrieving process details)'.
The target is: ''C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe''. The sources are the following programs:
My problem (see at start of this thema) with Totalmedia 3.5 is solved. Some is probably changed at Norton, and I have at my Totalmedia 3.5 swiched out choice "hardware accelaration" .
Hi Zemle_1:
Thanks for your update. I'm still not sure if Norton v22.8.1.14 was involved, but I'm glad to hear TotalMedia v3.5 is no longer crashing.
It's very common for graphics hardware acceleration to cause software and/or browser crashes, especially when older video cards with limited amounts of VRAM are trying to perform graphics-intensive tasks. I know of several users with older video cards who find that their browser sometimes crashes when they play Flash videos, and this problem can often be fixed by either updating the graphics card driver or turning off graphics hardware acceleration in the browser and/or Adobe Flash. In 2015 there were multiple users in this forum reporting excessive CPU usage and browser crashes when they used Adobe Photoshop or Photoshop Elements, and the problem was eventually traced back to an incorrect setting for the GPU/OpenGL preferences for their graphics card in their Adobe software.
------------
32-bit Vista Home Premium SP2 * Firefox v51.0.1 * NIS v22.8.1.14 * MBAM Premium v2.2.1
It causes ArchCAD to crash. When I look at the Norton history it has blocked ArchiCAD at that time
floplot:
Since it's the weekend now, I don't think any Symantec Employee is going to show up on the weekend.
Hi nathan vartha:
Just following up. Is ArchCAD still crashing, or were you able to find a solution?
------------
32-bit Vista Home Premium SP2 * Firefox v51.0.1 * NIS v22.8.1.14 * MBAM Premium v2.2.1
It causes ArchCAD to crash. When I look at the Norton history it has blocked ArchiCAD at that time
Hi nathan vartha:
When you say you can see Norton blocking ArchCAD in your security history, do you mean you see Unauthorized access blocked messages in your Norton Product Tamper Protection history around the time that ArchCAD crashes (it would be very unusual if NPTP was the actual cause of your crashes), and is it possible this problem dates back to 16-Dec-2016?
According to my Intrusion Prevention history the last major update to my IP system was around 16-Dec-2016, when the IP engine was updated from v7.7.1.8 to v8.0.0.512 and the IP driver was updated from v15.2.3.14 to v16.0.0.1712. There have been several updates to the IP definition set since then (my current version is v20170113.001) but if the IP system, and not NPTP, is causing a problem with ArchCAD then the IP driver v16.0.0.1712 is the most likely culprit.
Further to my previous post, issues with Intrusion Prevention can also occur if Exploit Prevention thinks your software is mimicking the behaviour of a known exploit (i.e., even if you don't use other third-party security software with anti-exploit features like EMET or the new MBAM Premium v3 that could conflict with Norton's Exploit Prevention). In March 2016 some users reported ODBC connection failures with MS Office applications if they tried to retrieve data stored in an external database - see comments after 22-Mar-2016 by EmileL, BigKahuna and others in the thread Microsoft Word VFPODBC Issue since recent Norton Update. Once again, disabling Norton's Exploit Prevention temporarily solved the problem until Norton released an update for the IP driver IPSEng32.dll (see Symantec employee Sunil_GA's post <here>) as a permanent fix.
------------
32-bit Vista Home Premium SP2 * Firefox v50.1.0 * NIS v22.8.1.14 * MBAM Premium v2.2.1
It causes ArchCAD to crash. When I look at the Norton history it has blocked ArchiCAD at that time
20750065:
my comment here is just an untested method to troubleshoot said OP. Maybe, Norton or NPTP just thought the attempt made by some installed app (ArchCAD, even WMP, etc.) was risky even malicious, then Norton or NPTP just flagged/blocked that access, as a fightback.
Hi nathan vartha:
Unauthorized block messages are just a logging function of Norton Product Tamper Protection (NPTP.) NPTP doesn't "fight back", it just prevents executables (e.g., disk cleaners, registry cleaners, malware, etc.) from reading or changing protected Norton files and registry entries.
That doesn't mean, however, that a recent update in the Intrusion Prevention System (IPS) isn't causing issues with legitimate software. In September 2015, for example, an IPS engine update caused several legitimate programs like IE, Adobe Acrobat, MS Word, etc. to start crashing on some systems, and the issue was eventually traced back to a conflict between Norton's Intrusion Prevention and Microsoft's Enhanced Mitigation Experience Toolkit (EMET). Norton eventually delivered an update for the Intrusion Prevention driver (IPSEng32.dll) that solved the problem. See Symantec employee miket's post in Useful's thread Norton stops programs from running for one example.
Does ArchCAD run normally on your system if you temporarily disable Norton's Exploit Protection feature (Settings | Firewall | Intrusion and Browser Protection | Exploit Protection | OFF)?
------------
32-bit Vista Home Premium SP2 * Firefox v50.1.0 * NIS v22.8.1.14 * MBAM Premium v2.2.1
my comment here is just an untested method to troubleshoot said OP. Maybe, Norton or NPTP just thought the attempt made by some installed app (ArchCAD, even WMP, etc.) was risky even malicious, then Norton or NPTP just flagged/blocked that access, as a fightback.
Then nathan replied that his/her CAD app crashed. Plz review bjm's comment here.
I've noticed with a file excluded from Auto-Protect. NPTP logging stops for that item.
Just saying... Thx... :)
(sorry if I missed out on some info/details above...)
ps:
ARCHICAD
... is the leading Building Information Modeling (BIM) software application used by architects, designers, engineers and builders to professionally design, document and collaborate on building projects. Since its release over 30 years ago, ARCHICAD has been all about BIM.
Since it's the weekend now, I don't think any Symantec Employee is going to show up on the weekend. From what I could find, nothing has changed concerning Tamper Protection stopping other programs and files from getting too close to Norton. I did find this KB which was created last Sept. Perhaps this will help.
I would say that anything you put into folders and put them into exclude from SONAR,and the other things will lesson the security of your computer. It's being excluded from Norton activities which are meant to protect your computer.This is just my opinion since I am not a Symantec Employee.
SendOfJive: This also means that anything and everything excluded from scans, for whatever reason, would be able to have access to Norton files and processes. That does not sound like something that a developer would intend.
FWIW
some time ago, I asked Norton Support and was told that Exclude from Auto-Protect asks Norton to ignore excluded item activity. To what extent. IDK
again, Please correct me.
Note: my apology as message not related to opening post
SendOfJive: There is no way to exclude a program from Norton Product Tamper Protection.
FWIW
I've noticed with a file excluded from Auto-Protect. NPTP logging stops for that item.
As if I've asked NPTP to ignore that item by adding item to Exclude from Auto-Protect.
Please correct me. Thanks
Hm. Looks like I stand corrected. I just tested this, and it does stop logging for NPTP events for excluded programs. I could be mistaken (again), but I don't think that was always the case. At any rate, assuming that is because Norton is no longer blocking the program from accessing Norton processes, it is a bit concerning. If programs, even safe ones, can write to Norton, unintended consequences could arise. NPTP is not specifically concerned with malware, it is concerned about any outside agent. A program given access to Norton would not need to be malicious to cause trouble.
This also means that anything and everything excluded from scans, for whatever reason, would be able to have access to Norton files and processes. That does not sound like something that a developer would intend.
SendOfJive: There is no way to exclude a program from Norton Product Tamper Protection.
FWIW
I've noticed with a file excluded from Auto-Protect. NPTP logging stops for that item.
As if I've asked NPTP to ignore that item by adding item to Exclude from Auto-Protect.
I wish the people saying they are having issues with "unauthorized access blocked" would please explain if they are saying that they are seeing these events in Norton History only (nothing to worry about) or if the programs they are using actually stop working. Very hard to recommend a course of action without knowing what the situation is. There is no way to exclude a program from Norton Product Tamper Protection.
Microsoft officially ended support for Windows XP as of April 8th 2014. That means you no longer are receiving any updates for it. You are using an operating system that has vulnerable to hackers and malware despite having an antivirus.
However, be aware that in addition to running the most up-to-date security products, another important aspect of protecting your computer is to keep them current with the latest service pack and patches for the operating system.
As Microsoft announced that they will no longer publish patches for Windows XP, these computers may become targets for cybercriminals, particularly if new vulnerabilities are discovered in the operating system. Depending on the nature of the threats involved, Windows XP may be susceptible to viruses and risks to which more recent iterations of Windows are immune. Due to this, we strongly recommend that you upgrade your Windows XP computer to a supported operating system as soon as possible.
Again you cannot be using Windows XP unless you are not going online with it. Your using an unsupported operating system which is full of exploits and vulnerabilities. Soon Vista will be joining XP in April of this year.
Perhaps one of the Gurus could ask a Norton employee to jump into this thread and explain the significance of these Unauthorized access blocked messages in the Norton Product Tamper Protection history. There seems to be a lot of conflicting advice being given in this thread and it's creating quite a bit of confusion.
------------
32-bit Vista Home Premium SP2 * Firefox v50.1.0 * NIS v22.8.1.14 * MBAM Premium v2.2.1
Or... you may exclude ArchiCAD in your Norton software and, add trust ArchiCAD pp by adding that app to the Program Control under Firewall.
Hi 20750065:
Could you please clarify. Are you suggesting that users should go through their Norton Product Tamper Protection (NPTP) history and create file exclusions and customized firewall rules for executables listed as an Actor in their Unauthorized access blocked messages?
Almost all the recent Unauthorized access blocked messages logged in my NPTP history are for my Firefox browser (firefox.exe) or the Windows host process svchost.exe. The Program Control for my Norton Smart Firewall (Settings | Firewall | Program Control) shows that both these executables are trusted by Norton (three green bars in the Trust column) and are allowed through the firewall.
In the past, I've always ignored these Unauthorized access blocked messages as long as my software was working as expected, per my 2013 product suggestion Stop Logging Unauthorized Access Blocked Warnings in Security History (unfortunately, most of the threads listed in that product suggestion were created in the old Lithium forum and the hyperlinks no longer work). Are Unauthorized access blocked messages in Norton v22.x different from those in previous versions of Norton?
These Unauthorized access blocked messages logged by NPTP are very different from the type of false positive detections that Skanderon is discussing <here> where Norton Auto-Protect features like SONAR or File Insight incorrectly detect the executable as a possible threat and delete/quarantine the file.
------------
32-bit Vista Home Premium SP2 * Firefox v50.1.0 * NIS v22.8.1.14 * MBAM Premium v2.2.1
