Unauthorised Access >Blocked

Hi,

 

I've just been looking through the NIS logs and I've found some things that I really don't understand. Over the last few days I've been getting dozens of Unauthorised Access Blocked messages, they all originate in Windows System 32, usually services.exe, wlsync.exe or dllhost.exe and are targeting Norton. I've checked in other threads and seen that it may have to do with various pieces of software but this is the operating system, so what does that mean? Is it a risk? There are also dozens of notifications of "Unused port blocking has blocked communications, Inbound TCP connection" and more about something called a Teredo Tnneling pseudo interface (!!).  I have no idea what any of this means but yesterday Norton pulled a few dodgy files as trojans (keygens, dodgy software, not mine) and now seeing these warnings, I'm a bit worried. Should I be?

 

Thanks in advance,

 

Jonathan

 

PS running Windows 7

Hi Jonathan,


For the "unauthorized access blocked/logged" message with Operating System files such as services.exe, read the information from the following thread:

http://community.norton.com/t5/Norton-Internet-Security-Norton/unauthorized-access-logged/m-p/54580


Although, the product mentioned in thread is Norton 2009 product, the basic functionality remains same and is applicable for Norton 2010 product as well. The message regarding the teredo tunnelling is discussed in the following thread, hope this helps you to understand why it happens:

http://community.norton.com/t5/Norton-Internet-Security-Norton/Teredo-Tunneling-Pseudo-Interface-problem/m-p/212670

 

To make sure that you are safe, run a full system scan using Norton by booting your computer in Safe Mode. Restart the computer, boot into Safe Mode and then double-click on Norton icon in desktop to start the full system scan. Let us know the results

 

Yogesh

 

[corrected second link]

Hi, thanks for the reply. I'm going to run the full scan in a moment but I can't open that second link, I'm getting a Forbidden screen.

Well, I did the scan and it only found a few cookies. So I guess I'm in the clear. One strange thing, though, is that yesterday the full scan checked 170,000 files. Today, in safe mode, it checked 350,000 files. Why is that?

Hi JonathanM,

 

Norton will not scan Trusted files or files that it has recently scanned and knows to be clean.  These will be shown in the Security History log as Trusted files and Skipped files and are not included in the total number of scanned files.  To see if your first scan file count was reduced because of these categories go to Norton Security History and select to show Scan Results in the dropdown box.  Highlight a scan and click More Details.  Click the small + sign in the Total Items Scanned listing to see the types of files and the numbers for each.

 

A later full virus definitions update will cause previously Skipped files to be scanned on the next scan, so that may account for the jump in the number seen the next day, if the discrepancy is not due to something other than skipping files.

Hi, yeah it skipped about 130.000 files so that explains that. Thanks a lot for all the help and info. I guess I can label this solved now. Thanks again.