I still keep getting DAILY alerts for unauthorized access from CONHOST.EXE ...
I've seen on the internet that this message is good for nothing.
So why I'm still getting this alert daily in my logfile???
I'm angry because understanding this useless alert took me more than an hour.
P.S.: I'm using daily updates on Norton Antivirus (so my current version is 18.5.0.125).
P.S.: The enclosed hardcopy is one which I've found on the internet, but it shows the same alert like on my PC (but I'm using the product in German language so many of you guys wouldn't be able to understand my German hardcopy).
This is perfectly normal and nothing to worry about.
CONHOSE.EXE is a Microsoft process, and what is happening is that it is "touching" a Norton process, file or folder, and is then blocked by the Norton Tamper Protection, and this message is logged.
Don't worry about it. CONHOST.EXE is just doing what it is supposed to, and so is Norton by blocking it. Norton Tamper Protection blocks everything that touches it, good or bad, as it should.
So why I'm still getting this alert daily in my logfile???
I'm angry because understanding this useless alert took me more than an hour.
Hi Stoner,
Also, please note that log entries in Norton Security History are not alerts. True alerts will be seen as popups notifying you of a problem. Log entries on the other hand, are simply records of the various activities that Norton monitors which do not require user action.
Yes, I did understand how important that entry in my Log is.
For sure a useless log entry like this one marked with a red dot and a severity level of "Medium" attracts my attention (at least mine and maybe 99% of all owners of that product).
So it is no wonder that I'm starting an online search ... and I'm looking for some feedback of other users ...
But I'd like to mention that I'm using Norton Antivirus to save my time, not to waste my time.
For sure a useless log entry like this one marked with a red dot and a severity level of "Medium" attracts my attention (at least mine and maybe 99% of all owners of that product).
[...]
I agree. I'd also like to know why an 'Unauthorized access blocked (Access Process Data)' event is considered to be a 'Medium' Severity issue. For all intents and purposes, the 'Access Process Data' description implies that the 'Actor' process is simply taking a look at the data present in the Norton 'Target' process. No harm done, right?
Your point about the usage of the red dot is not lost here; the importance of appropriate colour usage has been raised recently and predominately fixed in the newer Norton product releases.
Stoner wrote:
[...]
So it is no wonder that I'm starting an online search ... and I'm looking for some feedback of other users ...
[...]
OK, some feedback.
In terms of my machine, logging the 'Access Process Data' events makes my Recent History log unreadable:
Please take a good look at the repetition in the Date & Time' column for each log entry. The software in question is the product that controls the fingerprint reader on my laptop. If the Fingerprint Reader software is enabled, then the Norton Security History log essentially becomes unreadable due to the sheer number of 'Unauthorized Access' events recorded, as shown in the log above.
I don't know where you get accessing as just looking from but it's way off. Accessing is just that: Accessing the data of the process. From then on it does whatever the program's routines for that procedure are. Be it harmlessly logging data to completely rewriting the target's code to deleting it.
Myself, I'd want unauthorized access to my anti-virus software to be red flagged. As a programmer, if I were writing malware, first step in programming malware is to disable anti-virus/anti-malware.
Your best bet is to either stop using the software which is trying to access Norton (I don't know why a driver or software for a fingerprint reader would) or contact Symantec and figure out how to block unauthorized access notifications for individual programs.
I honestly don't know why people don't think of calling Symantec. It's not like support isn't free for the product you spent $70+ on.
Here's a very simply example of code to do access a file and do something:
See how easy it was? That one line of code just accessed my Norton folder and deleted it. If Norton didn't protect it's files from tampering, my Norton is gone. Except most files cannot be deleted as they are in use and would require some more code.
