Weird entries in Norton Firewall Security History

Norton Security | Norton Internet Security
1

After I upgraded to Norton 360 Version 21.0.1.3 I came across the following entries in the firewall history:

First instance: An instance of "C:\WINDOWS\System32\logon.scr" is preparing to access the Internet..

Other similar entries are:

.....\System32\wbem\wmiprvse.exe,           ....\System32\csrss.exe

     \System32\msfeedssync.exe,                    \System32\autchk.exe

     \System32\imapi.exe

    \System32\verclsid.exe

    \System32\rundll32.exe

   \System32\logonui.exe

  \System32\services.exe

   \System32\winlogon.exe

  \System32\smss.exe

 

All the exe files above are preparing to access the Internet,according to Firewall Security History.

I never had such instances in the previous version of Norton 360. Are these exe files really preparing to access the Internet and why? Do they really need to access the Internet? If they are not actually trying to access the Internet, then why do I see these instances in the firewall history?. I ran Norton full scan, which detected nothing; then I ran Norton Power eraser,which again did not detect any malware. Finally I ran Microsoft Security Scan for several hours,which did not detect any malware either. I would appreciate anyone helping me understand this weird phenomenon.

 

2

Hi ekarabekir,

 

I don't think there is any cause for concern.

 

I just checked my XP machine running NIS v21 and under Firewall Activities I see all of the entries you have listed except for msfeedssync.exe and autchk.exe.

 

For comparison, I checked my Win 7 machine running NIS v20 and of all the entries you listed, I only see msfeedssync.exe, rundll32.exe and services.exe.  The rest are not present.

 

It may be that the new version is using a different set of parameters to gather the Firewall Activities history.

 

I'll see if I can get more info if this is the case and get back to you.

 

3

Those are all Microsoft applications/services, and everything Microsoft "phones home", which creates a firewall entry when they do for the first time.  And they are all automatically allowed to do what they want, being Microsoft and known safe.