Unexplained firewall updates

Version 20.3.1.22

 

I regularly update, scan, and check history to monitor the security on my system.  In checking history I first noticed an unexplained update to firewall rules 3 days ago.  That is; the message "Firewall updated - 89 rules" appears by itself outside of any point in time where it is expected (for example: expected during boot or when I add/modify a rule) and reflects a change in the number of rules.  In the first instance firewall went from 89 to 87 rules.  Could find no information regarding the cause, reason, source of the reduction.  Nor can I find any information regarding what rules were removed.  In the latest instance the firewall was updated to 86 rules.  Again; no reason determined.

 

The changes appear to be in respect to traffic rules, not program. I generally rely on Norton to control the traffic rules and don't usually check/confirm them.  Thus; I have no idea which rules may have been removed.

 

The reduction in rules this morning occured 10 minutes after the most recent Liveupdate.  In the other 2 instances I could not say that there was, nor did there appear to be, any relationship to LU timing.

 

My questions:

 

Does LU add/delete firewall traffic rules without logging that action? For example "traffic rule x removed/added".

 

How can I determine whether Norton, or something else, removed the rules?

 

How can I determine whether, or not, the existing traffic rules are,  or are not, what Norton expects them to be?

 

Thank you!  

oldguy62 asked:

"

My questions:

 

Does LU add/delete firewall traffic rules without logging that action? For example "traffic rule x removed/added".

 

the report is for the number not the name of the rules. They are adjusted to provide the best possible protection in the dynamics of threat prevention

 

How can I determine whether Norton, or something else, removed the rules?

 

With Norton's self protection active it should be almost impossible for an outside program to make any type of change to your Norton program

 

How can I determine whether, or not, the existing traffic rules are,  or are not, what Norton expects them to be?

 

If you are current on your updates and the program tells you that all updates have been downloaded and installed, when you run live update manually, then you can be sure thae all is in order and the program is as Norton wants it to be on your system.

 

Thank you!  

 
Stay well and surf safe

Thank you for the timely response.

 

I will trust that liveupdate/Norton changed traffic rules for its purposes.

 

I would be more comfortable with that if it were not for the fact that there is always a remote possibility that something got around the self-protection features. 

 

Thus; it would be helpful if there was an additional message or something to indicate the reason or what made the change.  For example; if a rule is added to Program Rules the "Firewall updated..." message is usually preceeded by a message (forgot detail) like "Rules added for..." or "User changed rule.,." that helps me keep that warm & fuzzy feeling that security is in good shape, or not,  For example; Norton's default rules for xxxxxxxx do not take into account that in my instance I only want access granted for the local computer.

 

Currently I don't see anything anywhere, including with respect to LU, that traffic rules were altered by Norton.  Thus; not so warm & fuzzy anymore.  For all I know a rule that previously prevented full FTP access to anyone from anywhere simply disappeared.  Nor is there any way, that I can see, to confirm that the rules comply with the current defaults.  Can't even "reset defaults" to ensure that.  Nor anything saying something like "There are currently n default traffic rules".

 

In any event; thanks again.  The information you provided did ease my concerns.