In the process of dealing with all the firewall issues caused by the n360 Vers 22.5.0.124 update, the following need to be addresses ASP.
Why are standard known update services blocked. Most of them are very important to the security of the system.
One big example:
Alert entries: Category Firewall - Activities
##
Activity: Info, You blocked blocked Adobe® Flash® Player Update Service 18.0 r0 from accessing your network resources
7/13/2015 7:15:00 AM
Program Path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Local Computer: 192.168.1.153, 57307
Traffic Description: Outbound TCP, https
##
Update services from all the different vendors needs to be reviewed and added automatically so that fixes get into systems as soon as they are available. I understand that this is
a two way street. The vendors have to notify Norton and the other anti-virus vendors, so that the digital IDs can be added and tested. I would guess that this process should be well understood by now. So with that being said...
Blocking new versions of updaters for a day or two is normal, but this one has a digital signature from July 3, 2015 and modified date of 7/8/2015 10:10 AM.
And the big deal here is Adobe is not some small off the wall company, thier software is used by just about everybody on the internet.
So why is it blocked?
Another one for example is C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Its' digital signature is Janury 9, 2014 10:26:44 PM and modified date of 1/9/2014 10:26PM.
This is not a new program!
Currently I am manually unblocking any updaters that I find are blocked in the "Security History".
This is taking a lot of my time, and if I need to reset the firewall all of these fixes are removed.
Since most updaters run on their own schedule or when a program is used, this is a very time waisting process to go through the history to find the ones that are not working, since they are being blocked by the firewall. From what I have seen, most of these updaters donot report an error to the end user, since they just guess that the network access was bad and retry later.
I have not work on code for a few years, but one would hope that a new error code would have been added to return access blocked by security code. But I know that is very unlikely knowing how the kernel and driver code are written.
Most End users, would not even understand what is going on with these programs being blocked or that they are blocked.
Let alone how to unblock them.