Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
I am not a big expert, but it appears that what Symantec does under Personal Firewall, Advanced Settings, General Rules, is set up two rules each for network discovery and file sharing - one to allow them from computers on the same network as you, and one to disallow them from all other computers.
Someone with more expertise can correct me if I'm wrong.
Since my computer is not connected to a network in the house, do I have to and is it safe to completely remove the two allow rules for Discovery and Windows File Sharing (for shared networks) from the General Rules window?
I suppose you could disable both rules. Why not try it?
I can't imagine Symantec would create them by default if they were a huge problem though.
I'm not sure why NIS 2008 would modify Vista's settings unless it wants to force Vista to allow the connections so NIS can manage them itself.
By default, NIS 2008 sets itself to trust the first network you connect to after installing NIS 2008 (it doesn't trust any other network by default). If you aren't using a router, you do not want to trust that network since it allows file sharing, incoming connections, etc. This would mean any of your neighbors could access your files.
You can remove trust (or make sure trust wasn't given) either in the Firewall configuration or the Network security map.
Morac wrote:I'm not sure why NIS 2008 would modify Vista's settings unless it wants to force Vista to allow the connections so NIS can manage them itself.
By default, NIS 2008 sets itself to trust the first network you connect to after installing NIS 2008 (it doesn't trust any other network by default). If you aren't using a router, you do not want to trust that network since it allows file sharing, incoming connections, etc. This would mean any of your neighbors could access your files.
You can remove trust (or make sure trust wasn't given) either in the Firewall configuration or the Network security map.
Message Edited by Morac on 05-27-2008 05:10 PM
This behaviour is not limited to just NIS2008. NIS2007 modified Vista's network settings in the exact same manner (ie. Network Discovery ON, and File Sharing ON). Disabling those two rules under General Rules in NIS2008 has absolutely no effect on those two settings. It's weird.
Under Trust Control, I do not have any networks in the Trusted tab. In fact, the first thing I did immediately after installing NIS2008 was removing whatever was under the Trusted tab. I see two networks under the Active tab, both of them are listed as Protected under the Security column. However, should I categorize both of them as Restricted?
I don't mean to be rude to bump this thread back to the top of the forum, but I would greatly appreciate it if a moderator or a Symantec employee here on the forum follows up on my question/problem.
Firstly, is it normal for NIS2008 to by default turn on Network Discovery and File Sharing in Window Vista's Network and Sharing Center? If it is, is it safe? I am not connected to any home networks at all, so I have absolutely no need for Network Discovery and File Sharing.
Secondly, regarding NIS2008's Trust Control, am I supposed to remove any networks that appears under the Trusted tab (as I am not connected to a home network)? Should I move anything over to the Restricted tab?
I have a bit less than a month left on my current subscription, and I would like to obtain clarification before I proceed to renew my subscription.
Thanks.
Hi,
This is not an issue. The Windows firewall is not on therefore those policies don’t apply. The NIS firewall has its own policies governing discovery and sharing:
- For File/Printer sharing, these are covered by the NETBIOS and FileSharing system rules and trust control policies.
- For Network discovery, these are covered by the SSDP and UPnP system rules and trust control policies.
Note the Network and Sharing Center statement in yellow when you have Windows Firewall off:
“For sharing and discovery to work properly, make sure the settings in your firewall program match the following settings”.
It’s basically saying that the firewall program (NIS) has control over the policies. It seems the Network and Sharing center will default to showing network discovery, file sharing, and password protected sharing as ON when another firewall is used.
For your second question, if you are connected directly to your ISP, the recommended setting in the Trust Control tab is “Protected”. You do not and should not set it to Restricted.
Thank you,
Chester
ChesterK wrote:
For your second question, if you are connected directly to your ISP, the recommended setting in the Trust Control tab is "Protected". You do not and should not set it to Restricted.
Thank you for the reply, Chester.
I just want to make sure that we are on the same base here. Under Trust Control, I have 2 items under the Active tab. One tells me what the gateway physical address and the domain address are, while the other one tells me what the gateway IP address is. Both of the items are "Protected" though under the Security column under the Active tab. I have nothing under the Trusted tab and the Restricted tab.
Is this the correct and appropriate setting for my setup?
Thanks.
Hi HamsterJam,
Yes, that is the correct configuration. The key is that since you are connected directly to the ISP, you want filesharing and discovery traffic to be filtered by the rules. In this case, they will be blocked.
In the future, if you decide to buy a home router with multiple computers connected to it AND would like to allow filesharing, then the recommended setting would be "Trusted" or "Shared".
Thank you,
Chester
Thank you for the information, Chester.
Cheers! 
Relocating posts relating to Norton 360 to N360 board.