Hello,

I've been trying to solve a thorny issue and I can't find a satisfactory solution that still keeps me secure (or what caused the issue in the first place).

I have a home wireless network with a desktop and laptop computer both running Win7 Home Premium 64-bit. Both computers are using NIS 2011. I purchased NIS with 2010 months ago and updated to 2011 with no problems when it came out.

In all this time, my shared resources on both computers were visible to each other and to other devices on the network. My printer (HP 8500 Wireless) was able to write scans to the public shared folders of both machines, and I could pull up a video file or document from one machine on the other. Things just worked the way I'd intended them to on the home network while NIS kept me safe.

More recently, and I'm not sure when this was, the two computers became invisible to each other. The shared resources are still shared, but the computers can''t get to each other's shared folders (and the printer can't get to them either) unless the firewall on the computer you want to access is temporarily turned off. I hadn't actually made any conscious changes to my setup so I'm not sure what changed or what installed to cause this.

Coming to this forum I see some people had issues updating to 2011. I do not recall any issues updating myself, and as far as I can recall I don't *think* this issue started at the same time as my NIS 2011 update. It's hard to be sure when a change might've happened because the two computers were more recently often not on at the same time (so they wouldn't have shown up to each other anyway) for me to be able to know anything was wrong or when the "wrong" thing happened.

I've been hammering at this problem in ways that are unsatisfactory to me, and short of disabling the firewall can't get full network talk back into place. I can provide more information on things I've tried upon request, but I thought I'd get fresh eyes on the problem by not rambling for too much longer in this post until and unless more information is requested. Based on what I've already described, what would your assumption be as to what changed to introduce this problem? Any gut reactions for what I might be able to do in order to re-enable my normal sharing without literally disabling important firewall protections that didn't seem to be an issue in the past?

Hi Slipgate:

When you click on the network map in each product, are the computers visble in each map?  If so, in each machine, click on the device, and using the edit function, set each to full trust.  Let us know if that helps or not.

Delphinium,

I'm at work at the moment and won't be able to check any of this until I get home this evening, but I wanted to reply soon so that you know I appreciate your prompt response. I will try what you say this evening, but I wanted to ask some questions about your suggestion.

My network map traditionally shows the different members of my network under the... I forget the name off the top of my head but it's the one other than "restricted" or "full trust" - the one that allows access but scrutinizes it. What bothers me is that was true of my network in the past when sharing wasn't an issue. Also, my network hard drive is similarly scrutinized but nothing in the network has trouble getting to it.

I'm certain full trust would make the computers show up (of course, this is pending verification this evening), but I'm not sure that solves whatever caused this in the first place. Wouldn't this solve the "symptom" but not the "problem"? Also, even though they're on my local network, it is also available to the Internet and I rather liked that Norton scrutinized everything instead of an infection that does slip into one machine easily getting to the others (which I presume would happen under full trust, right)?

If you mean for me to try "full trust" just as an attempt to narrow down the issue before I re-enable all the other restrictions not causing the problem, then I take back my questions of course. But a procedural question occurs to me - this would make the desktop and laptop see each other again because they specifically trust each other, but what of the printer seeing the two of them? I suppose I could set the printer to be fully trusted on both machines, but I'm still puzzled that all of this worked while the network map had things in "restricted access" before.

If my wireless network has access to the Internet through the router and to each other otherwise, do you think it really is safe to set the computers as "full trust" to each other?

My physical network setup is basically a router which is hooked to a cable modem and to a network hard drive by Ethernet cable, and the desktop, laptop, printer, and any other devices (game consoles, phones, other peoples' laptops if they bring them and I trust those people, etc.) all access the router wirelessly. Previously Norton kept things secure but never obstructed my printer or computers from seeing each others public shares as long as the computer in question was on. Last night by turning off various "Block" rules in the general rules and unchecking "Windows File Sharing" (#63) in Uncommon Protocols I managed to get to a situation where the computers would show each others' NAMES at least when viewing the Network in Win7, but trying to access them by the names wouldn't work. \\(Laptopname) wouldn't work but \\(laptopIP) would. But this was only after turning off various block rules AND the one "uncommon protocol."I was doing that because I was hoping to see the sharing return fully and then slowly re-enable protections until I determined which one killed it again (I wanted to do this instead of Full Trust at the time because I wanted to be secure other than whatever the problem setting was). Note that on the general options settings screens for Norton I do tell it to allow for windows file and printer sharing and other such related things. It was seriously a test case scenario I wouldn't want to persist because who knows what else the block rules I turned off are protecting me from? Like I knew that the firewall off worked, the firewall on didn't, and I was going to pick through the configuration of the firewall until I narrowed down whatever setting was the issue.

One potentially relevant piece of data came to mind: A while back, I wanted to make it so that my laptop could remote desktop to my desktop PC. The laptop was mobile, but the desktop wasn't, and if I ever took the laptop elsewhere but needed resources from my desktop PC - you understand. I took steps to try to enable that only to learn that Home Premium doesn't let you serve Remote Desktop access. I'm not sure if the attempt/research to set this up may have created a problem by mucking with some network config behind the scenes, but I do recall that *after that* I noticed the printer couldn't write to the desktop's public share but could to the laptop's. I confirmed the desktop could reach the laptop but not vice versa. When I first tried comparing the firewall settings on the two no differences were apparent (I even looked in the general rules and uncommon protocols) but after LOOKING at comparing the two, suddenly the laptop was as unreachable to the printer as the desktop had been. And then I saw that the two were unreachable to each other. I don't know if the RDP attempt (which probably ended at reading a help file that told me I couldn't do it) could've done anything or if it was just temporally close to but unrelated to these events, but... well, I've been racking my brain, so there you go. Any stone, and all that.

I'm afraid I may be overloading you on information here, so I'll stop this post here. Thank you for your prompt reply, Delphinium, and I will try your suggestion this evening, but if you have any thoughts in relation to my questions here (or if anyone else feels they can help) I would be most grateful.

The idea is to set the machines to full trust as a diagnostic and also to allow Norton to build the rules necessary to allow the connection.  Networking is a tricky business because you are basing the firewall rules on Windows settings and dealing with router firewall, and other computers' firewalls.  If you have a Home Group, the rules are slightly different than if you do not have a home group.  In my case, I have a home group of two computers, both wireless, that can communicate with the printer through the third wired home group computer.  Another laptop is not included in the Home Group and accesses the net through the same router but cannot access the printer.  Three different security products are on the machines.  Two are Win 7 Home Premium, one is Win 7 Ultimate, and one is XP.  The Ultimate took precedence over all other machines in the building of the home group, so that is also a consideration.

The rules that 2010 had in place to allow all the connections may have been lost in the upgrade, or perhaps are not properly applicable after the usual dozen Windows updates.

You want to begin repairing the connections as simply as possible rather than digging into rules changes and uncommon protocols.  You can try resetting the router and turning on each machine, one at a time to make sure that the router connects properly to them all, you can set the firewalls in each product to default, purge the network maps, and let all of the connections rebuild themselves, you may require a home group with a password to connect them all,

and then once everything connects, you can set the trust level to shared, or even restrict the access of some of the machines to your machine without interfering with their ability to access the net.

Let us know how you get on after you've had a chance to troubleshoot at home.

Hi Slipgate,

If your network trust level is set to "Restricted" or "Protected" you will not be able to share files.  The network trust level should be set to "Shared" if you do not want to continue to use full trust.  If your wireless network is not secure Norton will automatically set the network trust level to "Protected" so make sure you are using encryption.  These network trust levels control the firewall rules that apply to various network configurations, so it should not be necessary to manually select the rules as you tried to do - the proper allowances will be enabled automatically.

Delphinium and SendofJive, first, thank you both for all your help.

I will try full trust tonight after re-enabling all the disabled rules. And you two are saying this will build a new set of general rules that will allow the cross-talk between the machines? What I mean by this question is - will it begin re-building the rule set from scratch right away or will I first need to do take action after setting the devices to full trust like re-setting the firewall in order to get it to build rules based on allowing the sharing?

Worth noting that I have (in attempting to fix this issue) reset the firewall and purged the network map more than once in attempting to ferret out what the blockage was (there was a blockage even before I did that, though). I have not reset the router thus far. Should I before I do what you have specified here? Actually, I haven't looked at the router settings in a while - I mean, I set them the way I want, but I may inspect them just to see if anything jumps out at me - before I do anything else, in fact.

Also, SendOfJive has helped me remember the setting the machines were on. On the existing Norton network map, the computers are in fact set at "Use Network Trust (Shared)" - they're not set to Restricted or Full Trust. And Windows File Sharing is enabled. I was concerned that Full Trust was opening the floodgates too much to possible unecessary risks, and so I was trying to determine what setting was at issue. But the fact that it should be able to share is why I was so stumped on what was going on. I will try the things you mention here and let you know.

I do have a question, though - I have interpreted "Full Trust" as implying that no inspection or prevention of traffic between my computer and the computer set to "Full Trust" will happen. Are there still security controls from Norton in place over traffic between two machines if they are set to Full Trust in each others' network maps? My concern with setting full trust is that if one machine manages to get an infection from outside due to a boneheaded move on the part of someone using one of these machines, that the others would be as good as un-firewalled against the threat traversing the subnet.

And what if the machines get new IPs periodically due to DHCP - would the network map / trust control identify them on the new IP address? It didn't seem so, but again I'd been purging my network map a few times in trying to troubleshoot all of this already.

Although I dug through every setting of Norton when first setting it up earlier in the year, and again after the 2011 update, making sure it was all configured as I wanted, I did not touch excessively verbose things I didn't need to (like the general rules) as long as Norton seemed to be working without blocking access to my stuff. Notably, I couldn't tell you what trust level the machines were on in the network map as I'd first introduced them to the router one by one. I suspect they were possibly at network trust rather than full trust, but I honestly wouldn't know at this point what those network maps of months ago that flitted by my eyes said.

And SendOfJive, a question. You say if a network is not viewed as secure Norton will default to "protected" - I assume by this you mean "restricted" and not "network trust (shared)"? Because my wireless network is using WPA2. And your post helped prompt the question I asked you both in the first paragraph of this message.

This is a very helpful explanation by Vineeth, one of the Symantec volunteers that may help to explain the options. 

http://community.norton.com/t5/Norton-Internet-Security-Norton/Help-with-Smart-Firewall-Trust-Control/m-p/94938/highlight/true#M50319

Have a look at the router settings.  All of the devices that connect to each other through the router, wirelessly should be listed, as well as any devices that connect directly through the router to the internet.  It should tell you if they are online or offline.  It doesn't seem likely that the router is an issue because you said that you could connect if the firewall was dropped. 

Did you build a home group?  That does seem to open more ports from machine to machine when they are all tied together.

---

Slipgate wrote:

And SendOfJive, a question. You say if a network is not viewed as secure Norton will default to "protected" - I assume by this you mean "restricted" and not "network trust (shared)"? Because my wireless network is using WPA2. And your post helped prompt the question I asked you both in the first paragraph of this message.

---

No, it defaults to "Protected,"  which is enough to prevent unwanted traffic on the network from accessing your PC (Full Trust, by the way, still blocks known threats even though it is more permissive about traffic in general).  If you are using WPA2 Norton will maintain the "Shared" of "Full Trust" settings because your network is considered secure.  Rereading some of your earlier posts I am inclined to think this may be a connectivity issue unrelated to Norton.  If your network trust level is shared and the other devices appear in the Network Security Map, there should be nothing that Norton or the Norton firewall should be doing to prevent communications with the networked devices.  I would suggest investigating some other things that may be causing your issue which you can do with Windows Network Diagnostics and some other suggestions offered by Microsoft in this article.

http://windows.microsoft.com/en-US/windows-vista/Troubleshoot-network-connection-problems

This "For Dummies" article might also be helpful, even if you are not really a dummy:

http://www.dummies.com/how-to/content/how-to-repair-a-network-connection-in-windows-7.html

All,

Hi Slipgate,

I believe you have everything buttoned up, and as networking problems go, that didn't take long.  As far as the Norton configuration goes, using the default firewall rules and having the trust level set to "Shared" should enable everything to communicate.  I am not sure why you found the trust level as "Restricted."  Norton does initially set the network trust level based on what it finds when you first install it.  It checks a lot of different variables and selects the most appropriate level based on your networking needs at the time.  "Restricted" blocks everything on the network from reaching your computer,  I don't believe that Norton would choose "Restricted" as a default if it saw nothing on your network, but I suppose it might.  I wouldn't be too concerned about it.  It was either set when you first installed Norton, or you might have manually set it yourself for some reason, now forgotten.  Norton would not make that trust level change due to any threat, so you don't need to worry about that.  There are situations where Norton might detect that your communications are open to the public and will set the level to "Protected" but I am unaware of any scenario where "Restricted" would be selected on-the-fly.

In short, don't worry about how the network configuration came to be - just be happy that you were able to fix it so quickly and now everything works.  Once set correctly, you should not experience any more problems.

I'm in full agreement with SOJ.  Once you have everything working, try not to tweak things.  New version changes do tend to set many of the rules back to default, or to the most secure configuration without regard to what the user really wants.  The local network is open to its devices, but is still protected from incoming traffic from the outside.

Since no security software is 100% due to continual changes in the malware, should you get another malicious infection, we will be able to assist you in getting help for it.

Glad everything is working.

Huh. Now that I'm not stressed by the issue any more, I'm thinking about what you've said, and I can think of a misperception that Norton might have made on my desktop that had it go to "Restricted" - it's just an educated guess... but I have VirtualBox installed on my desktop. This never gave it pause before (and I installed VirtualBox after Norton was already installed, at least the 2010 version) but it's possible the virtualization layer (which is tried as another network in "Network and Sharing Center") which allows a VM machine to access networking if I set it up to be able to network might've tripped a flag at some point and made Norton think I was sharing connection time on an unsecure network. Funny enough I have yet to set up a VM that would be in that position (the only VM I've set up so far to completion is a DOS 6.22 running VM. I have been meaning to create a Win9x vM but the Win98 disc I've been trying to use has been crashing mid-install - I'm going to try Win98's install on VMWare Player later).

Anyway, I have yet to actually take advantage of the virtualization networking layer but it might've been misinterpreted at some point and had Norton go to restricted mode. If so, it would explain why the desktop locked down as far as sharing goes but the laptop didn't (and lets me know where to look first should this ever happen again). As for why my attempts to compare the settings on the desktop and laptop ended up making the laptop experience similar connectivity issues, I'm self-deprecating enough to assume that there was a hilarious (if you weren't me) spiral of human error on my part after that.

I will definitely return here if and when I ever have issues with Norton again (which, considering this is the first one and I've been using it 5 months, is not terribly likely, but as I say that I knock very hard on my wooden desk here). Thanks all.

FYI: The post I marked as a solution - I intended to mark that post (by Delphinium) and the next post (by SendOfJive) as solutions because collectively between those two messages it helped me figure it out. Sorry I only seem to be able to mark one or the other.

It's not a problem for either of us, whichever you choose, (of course it's easy for me to say that ).  We both get more satisfaction out of a working system than we do a solution tag.  The solved tag is for those coming after you with the same issues.

The spiralling human error is something we all stuggle with.

---

Slipgate wrote:

FYI: The post I marked as a solution - I intended to mark that post (by Delphinium) and the next post (by SendOfJive) as solutions because collectively between those two messages it helped me figure it out. Sorry I only seem to be able to mark one or the other.

---

Hi Slipgate,

Yep, as Delphinium said, we're just glad to have helped.

Thanks one last time. I shouldn't be back here until and unless I have another problem. :)