intesec wrote: I don’t think the Norton toolbar was causing the intrusion alerts the attack may have stopped as you disabled it would you like to try enabling it again to check?
It wasn't an intrusion alert. It was a Medium level error that only appeared in my system log - no pop up warnings. One file on my computer was supposedly trying to access another. In the "Advanced Details" window for the history log item it says:
• Severity: Medium
• Unauthorized access blocked (Open File)
• Time and date
• Status: Blocked
• Recommended Action: No Action Required
• Actor: Firefox.exe
• Target: nppw.dat
There were 30 pages of this, over a few hours. Previously, before my manual Live Update run this morning, this messages were few - nothing like the spamming my log got after the Live Update session. Right after the live update session, my web connection slowed down dramatically. But it wasn't my connection that was the problem - I tested it on a popular connection speed test website and it was very fast. It was my browser that had been degraded, not the connection speed. Then, IMMEDIATELY after I disabled my Norton Toolbar, my browser went back to normal - became very fast again. And, I just checked, it's like an hour and a half after I disabled the toolbar, and there is not a single error of that type in my Norton history log since.
This was a several hour event, that started right after the Live Update session and ended immediately after I disabled the toolbar. And disabling the toolbar coincided with no more log file entries, of which 30 pages had been generated in a few hours. The evidence clearly indicates to me a problem with the toolbar, caused by the Live Update session.
Hi SendOfJive and kermit
Thanks for pointing out my error.
Why should the Norton toolbar trigger a tamper protection action?
ATB
intesec
Please see the thread from a few days ago. Evidently this is not just a Microsoft Windows problem We have two computers, one with Windows Vista and the other one with Windows XP. I think this has to be a Norton problem. Many of us thought some Windows Updates might have caused it. However, it looks like it is a Norton problem. Hopefully someone on this forum,who can notify Norton will get back to them as this has been going on since the evening of Sept.12 for me and Sept. 9 for my sister.Hope this helps.
For: kermit and others who replied to kermit
Holly
I believe this probem is happening to all Norton versions, even the latest.
See this link:
Holly
kermit wrote:I had about 30 pages of "Unauthorized access blocked (Open File), with the actor being Mozilla Firefox (web browser). I didn't have these continuous log messages prior to the manual Live Update this morning...I then disabled the Norton Toolbar addon. That fixed the problem. No more issues, and the web is back to normal for me.
Software details:• Norton Internet Security version 18.7.x.x• Mozilla Firefox 12.0
Hi kermit:
Welcome to the Norton Forum.
I had a similar problem. In my case, it appeared to be caused by an attempted defrag of files associated with my Firefox v. 23.0.1 browser's Norton Toolbar and/or Identity Safe extensions (see post # 64 in Calls' thread). Symantec released an update to their Behavior and Security Heuristics earlier this week (see post # 84 by elsewhere) that has resulted in an increase in the number of "unauthorized" access blocks by Norton Product Tamper Protection (see post # 42 for further details on the purpose of Tamper Protection).
I agree with SendOfJive. While this upswing in "unauthorized" access blocks in your history looks alarming, it doesn't mean that your computer is under attack and there's no need to be concerned.
You should also read Tony Weiss's latest post here about Firefox support for the Norton Toolbar. In part, it states "Please note: We now only officially support Firefox 21.0 and above. Firefox 20.x and older are no longer supported".
------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 23.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
I tried disabling the Norton toolbar, but it didn't work for me . Also I don't seem to get the notifications during the time I'm using my computer.
Holly
Holly wrote:
I don't seem to get the notifications during the time I'm using my computer.
Hi Holly:
I suspect it has something to do with the problem you're having with your Windows Disk Defragmenter (dfgrntfs.exe). When you stop using your computer, your system goes into idle and your idletime disk defrag starts up again. As soon as it tries to defrag Norton files (possibly files associated with your Norton Toolbar and/or Identity Safe), Norton Product Tamper Protection kicks in and floods your security history with "unauthorized" access blocks. When you start working on your computer again, your system comes out of idle mode and the defrag pauses, which in turn stops the logging of further access blocks.
Did you try Apostolos' suggestion here and run Window's System File Checker (sfc.exe /scannow) from an elevated prompt with Administrator rights? You can follow the instructions here, and if Vista finds any corrupted system files it might be able to automatically repair the files, including any associated with your Windows Disk Defragmenter.
------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 23.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
Holly wrote:I tried disabling the Norton toolbar, but it didn't work for me . Also I don't seem to get the notifications during the time I'm using my computer.
Holly
Holly:
In your Norton log, what's the actor, and what's the target? If you click on the log file entry, and click More Details, it will show this information.
Is your log being spammed by this item? Meaning are there hundreds of entries a few seconds apart?
Hi kermit:
Further to my previous posts, on my 32-bit Vista machine the actor was always C:\Windows\System32\dfrgntfs.exe (actor PID 2244). The Norton files reported as the target varied but almost every one was located in a subfolder of C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\. I googled {0C55C096-0F1D-4F28-AAA2-85EF591126E7} and it appears the Norton extensions for my Firefox browser (e.g., coFFPlgn.dll, IPSFFPl.dll, etc.) might have been the intended target of dfrgntfs.exe for many of these blocks (see my posts here in Calls' thread).
I believe that my disk defrag was triggered by the Windows Update that ran on 10-Sep-2013 (i.e., this month's Patch Tuesday, which occurs the second Tuesday of each month) - which is the day after Norton's LiveUpdate delivered the update for the Behavior and Security Heuristics . I closed my Firefox browser, left my system in extended idle mode for a few hours to let my defrag run to completion (see my instructions in post # 71) and this seems to have permanently stopped the flood of "unauthorized" access blocks on my system - at least for the time beiing.
EDIT:
LiveUpdate just delivered an update for my Norton Toolbar extension this morning for the upcoming release of Firefox 24 (see Mohan_G's announcement here) and this could potentially trigger more blocks on some systems. I checked my security history for Norton Product Tamper Protection and I'm just seeing the occasional block for Window's svchost.exe and services.exe but not the previous flood of multiple blocks per minute for dfgrntfs.exe.
------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 23.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
To: kermit
The actor is: C:/WINDOWS/SYSTEM32?DFRGNTFS.EXE
The Action is: Open file
I have Windows Vista , Norton version :19.9.14 (which I believe is Norton 2012).
The target is:C:/ProgramData/Norton/0C55C...
However I haven't seen any more of the notifications since I turned on my Computer today (Sept. 16) at around 6:00 AM ESDT. So somebody fixed the problem---I WONDER who?????
Hope it doesn't return!!!!!!!
Holly
IT's BACK. It came back on at 11:46:27.
It had been off for 51/2 hours. I give up. Just going to live with it until my subscription comes up for renewal.
Holly
I fail to see why users are getting so upset about a change in the reporting features of Norton products.
As SendOfJive has pointed out, this is not an instrusion, but Norton Tamper Protection doing its job. Windows Defrag is trying to move a Symantec file, and Norton is reporting this now, where it did not in the past. These protections were allways happening in the background, it is just now being reported.
Is this a reason to move on to some other product? That is your call. It is not like this is harming your system. It is only taking up some of your valuable time in reading logs, which most users do not even know about.
At the moment for what ever reason Norton is not at times silently logging (reporting) the Anti-Tamper protection entries and is instead alerting users of actions they do not need to worry about.
Quads