Unauthorized access blocked question

I have Norton Security Suite (from Comcast) so I am not sure that this is the correct location to post, if not please advise.

 

I am continually getting "Unauthorized Access Blocked" message and would like to know why and what I should do to prevent the issue in the future.  I have attached a screen print of the issue for your use in helping me.

 

Thank you and I would appreciate yor help.

Would anyone know if there were any NIS2012 updates yesterday that would spark this activity?

I’m a little concerned since I looked at my full NIS history and never see this warning.
I scanned the DFRGNTFS.EXE and it shows clean

Hi Calls,

 

No need to be concerned.

All is normal.

Did you launch a manual Windows defragmentation?

Keep in mind that if you let your pc idle for 20 or more minutes, the OS is performing some scheduled tasks and one of those is to defragment your HDD(S).

Go to Control Panel - Scheduled tasks and see how the OS is set to run the Defragmenter.

Hope this helps,

That’s the thing I did NOT manually launch defragmentation. And my computer is on nearly 24/7 so there would be many times it is idle. Yet only this morning I see these entries. So if it runs even every 3 months when idle, it would be showing in the history log over the last year

Calls,

 

When u say 24/7, you mean working all day or there are times that it sleeps/hibernate??

If so, the defragmenter doesn't work when the pc is on standby/sleep or hibernation mode.

Again, do not pay much attention, as NIS blocked this process from accessing it's files.

 

Regards,

Hi Calls:

 

I believe Bombastus and Apostolos are correct - There's no need for concern.  I have Vista Home Premium 32-bit SP2 on my laptop and frequently see Windows Disk Defragmenter (dfrgntfs.exe) blocked in the Norton Product Tamper Protection section of my Norton History when WDD tries to defrag a Norton file.  I upgraded to NIS 20.x (NIS 2013) and still see these blocks.

 

NIS 2013 dfrgntfs Block.jpg

 

Please note that I have prevented Vista's WWD from running on a schedule (Start | All Programs | Accessories | System Tools | Disk Defragmenter | Run on a Schedule) and WDD will still occasionally run during system idles to defrag critical system boot files - see here for more information.

 

dfrgntfs.jpg

 

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 23.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Ok I know it’s ok but some reason I’m just stuck on this issue.
I came home today and saw that @9:30am today more of these entries are in the log. but that could be due to me maybe interrupting the process earlier this am.
I see on another post that sometimes NIS uses the DFRGNTFS.EXE???
I looked in my Norton tamper logs and NEVER show these entries.
I checked when the windows defrag last ran and it was 9/7/13 not today
So just perplexed why now.
Thought it might be due to me renewing my subscription, but that’s not it I don’t think


Calls wrote:

I see on another post that sometimes NIS uses the DFRGNTFS.EXE????


Hi Calls:

 

Two possibilities that I can think of off the top of my head:

 

Do you have Insight Optimizer enabled at Settings | General | Norton Tasks | Idle TIme Optimizer?  I understand that Norton's idletime Insight Optimizer does indeed use WDD's dfrgntfs.exe for defragging - see AllenM's post here.  So if you have Insight Optimizer enabled, this would cause dfrgntfs.exe to run frequently during idles.  If I recall correctly, Norton schedules Insight Optimizer to start a new scan every time you install or update software.

 

Secondly, do you have Windows Disk Defragmenter set to run on a regular schedule (Start | All Programs | Accessories | System Tools | Disk Defragmenter | Run on a Schedule)?  If so, the WDD in Vista uses low CPU priority and can continue to defrag using reduced resources (less CPU and disk read/write activity) even when your computer comes out of idle (see the Wiki article here for more info).  A manual full WDD defrag on my Vista machine takes almost 2 hours of uninterupted time if I leave my system in idle so I imagine that one of these automatic WDD backgound defrags scheduled with the Task Scheduler could take ages to complete.

 

I personally have both Insight Optimizer and regularly scheduled Windows Disk Defragmenter defrags disabled because I don't feel there's any benefit to having defrags running this frequently on my system.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 23.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

A third possibility is simply that Norton isn’t free from bugs and it hasn’t logged everything properly before.

First thank you all vey much for helping me to try and understand this.
I’m not trying to discount what y’all are telling me.
Just trying to see how it makes sense.
The part about NIS running optimizer after new software is installed - that concerns me since I do not see any new software. Yet at the same time I installed flash player just about a month ago yet no log such as the one I originally described.
Could it be that 2012 did not log this before?
Those who say that they see this all the time, was that true when you were using NIS 2012? Or just started with 2013?
Wondering if norton just recently added this logging to 2012? But why would they do that for 2012 when it’s so old now?

I'm glad to see others post about this.  All 3 of my computers had an alarming (say 20ish) number of these "Unauthorized Access Blocked (open file)" messages in the last 24 hours.  On the XP machine, the culprit most often is "DFRGNTFS.EXE".  On the two Windows 7 machines, the culprit is "SVCHOST.EXE".  All medium risk, all blocked.

 

I was pretty alarmed to see all this activity, but the good news seems to be that it is all blocked, and all *looks* like Windows activity trying innocently to access Norton files.  But why now?  Was there a LiveUpdate push in the last few days that started making NAV log all these?   Should we expect more in the future?

 

 


drexxell wrote:

 

I'm glad to see others post about this.  All 3 of my computers had an alarming (say 20ish) number of these "Unauthorized Access Blocked (open file)" messages in the last 24 hours. 


This is just speculation, but yesterday (10-Sep-2013)  was Window's Patch Tuesday for September (which occcurs the second Tuesday of every month).  If you have Windows Updates set to run automatically, one of these updates could have triggered a defrag.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 23.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS 

I do have Windows Update set to automatic.  Is it common for them to to try an defrag?

 

Additional information:  Since this morning, I've been monitoring Norton's activity on my computers.  I'm in the middle of a full system scan on one of the Windows 7 machines.  On the other, I have just seen this: 

 

13 entries, back-to-back over about 2 seconds, listed as "Severity: Info" saying "Norton Community Watch Feedback", Status "Pending".  After those 13 entries are two more (also listed as "Severity: Info") saying "Norton Error Reporting Submission" within 2 seconds of each other.  When I open these two error messages though, I see a lot of info, and if I open "More Details" and look under "Advanced Details" one says "Severity: Low" and one says "Severity: High".

 

Would there be a relation between all of these and the high activity today?

Further to my previous post, I've gone back through my Norton Product Tamper Protection history and have also seen a large upswing of these blocks for dfrgntfs.exe, starting on 09-Sep-2013 @ 7:41:44 PM and continuing through to the present, so it can't have anything to do with Patch Tuesday.

It could be coincidental, but I currenlty have automactic LiveUpdates disabled on my system and only run my LiveUpdates manually once or twice a day, and noticed I ran a LiveUpdate on 09-Sep-2013 @ 7:41:38 PM.

 

Sorry, Calls.  I didn't really understand what your concern was until I saw drexxell's post.
------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 23.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

I re-started my system (full power down, not just a soft re-boot), ran another manual LiveUpdate, and haven't seen any of these dfgrntfs.exe blocks since.  I'll post back if they re-appear.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 23.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Calls, I having this problem too. This is very suspicious.

 

http://community.norton.com/t5/Norton-Internet-Security-Norton/Unauthorized-Access-Blocked-open-file-Major-security-breach-in/td-p/1020259

Hi to all,

 

I have to say that I have automatic, (scheduled defragmentation), set to OFF.

I prefer doing this manually.

I do not have any related logs in NIS 2014 history.

Try this out and see if that solves the issue.

Hope this helps,

 

Regards,

Hi Melen:

 

Are you running Win 7 or WIn 8?  On XP and Vista machines, the program being blocked is dfrgntfs.exe.  Your thread mentioned that the program being blocked on your machine is usually svchost.exe (the main Windows process that runs multiple Windows services like defragging, etc.), which is what drexxall reported seeing on his Win 7 machines.

 

And for other users who are not seeing this problem, here's a screenshot of my recent history showing that these blocks were occurring multiple times per minute around midnight last night before I powered off my system.

 

NIS 2013 dfrgntfs Multiple Blocks.jpg

 

 

My system re-start this morning seems to have solved (or at least improved) the problem.  I've gotten a few "unauthorized access blocked" messages for svchost.exe and services.exe in the past hour, but these infrequent blocks are normal on my system.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 23.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Thanks all for the feedback
I started noticing these 9/10/13 @ around 7:30am central U S time. I did not run Microsoft updates until today around 7:45am
So I don’t think it has to do with Microsoft updates.
I did renew my NIS2012 subscription in the evening if Monday 9/9/13. Then noticed this the next morning.
Did anyone else renew a subscription before this started to show in the logs?
Or as brought up earlier, did norton just change the way they log things? But would they add that change to an older product like 2012?