So I keep getting 'unauthorized access blocked' notifications coming fromC:\WINDOWS\SYSTEM32\OSK.EXE which is targeting C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.0.36\ccSvcHst.exe and I checked that the osk.exe is my on-screen keyboard, and could it be that it was because on start up the application opened by itself? Well I made the option so it won't start up on boot up. Now I have this message actor coming from ,C:\WINDOWS\SYSTEM32\CONHOST.EXE targetting C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.0.36\cltLMH.exe what should I do?
Hi jasonxlima,
I would like to ask a few questions about your issue as I have a different view of what you are seeing.
The entries you notice are related to the Norton Product Tamper Protection feature and are considered normal. Norton Product Tamper Protection prevents other programs from changing or modifying your Norton program files.
When attempts or requests are made to access those files, in this case by what appears to be CONHOST.EXE, the event may be either logged or blocked. Generally there is nothing to be concerned about. As a matter of fact, when I check my security history for Norton Tamper Protection, I have regular entries of Actor: C:\WINDOWS\SYSTEM32\CONHOST.EXE Target: C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\cltLMH.exe. There are also a variety of other events which are listed as being blocked
I am not getting any onscreen notifications of these events, I have to check my security history to see them.
There is more information about the subject in this post by yogesh_mohan.
Now, how are you getting the notifications? Are they on screen or are you seeing these entries in your security history?
Is your Norton product set at the default settings?
Is your computer suddenly acting strange or differently?
For peace of mind, if you feel you have a problem, you can certainly take Dick Evans advice to get a third opinion. However, I think what you are seeing is normal behavior. But I am curious as to how you are being notified of these events.
Let us know.
None of these messages are an issue. Norton is just blocking these processes from reading Nortons processes. It isn't blocking them from running or doing what they are supposed to. Everyone gets the conhost blocked message, and I also get my keyboard drivers blocked when they tries to read Nortons processes. Everything you describe looks normal, and you shouldn't have to do anything, and nothing is being prevented from functioning properly.
For your questions I have some answers.
I'm getting these notifications by viewing my history.
Yes, my Norton product is in default settings.
My computer is not acting strange.
There has just been 2 incidents where an IP has been show on the bottom right corner, about some access being blocked, and this was in my history last night, same thing unauthorized access from
C:\WINDOWS\SYSWOW64\WBEM\WMIPRVSE.EXE targetting C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.0.36\ccSvcHst.exe
jasonxlima wrote:For your questions I have some answers.
I'm getting these notifications by viewing my history.
Yes, my Norton product is in default settings.
My computer is not acting strange.
There has just been 2 incidents where an IP has been show on the bottom right corner, about some access being blocked, and this was in my history last night, same thing unauthorized access from
C:\WINDOWS\SYSWOW64\WBEM\WMIPRVSE.EXE targetting C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.0.36\ccSvcHst.exe
Then you have absolutely nothing to worry about, and don't have to do a thing. Everything is working as it should, and the events in the history is just messages from Nortons self-protection, where it blocks anything that attempts to read any of its files or processes. The processes you describe are perfectly legitimate and just happens to come across the Norton files, thus being blocked from doing so, and these events are recorded in the history. You can disregard them.
So I keep getting 'unauthorized access blocked' notifications coming fromC:\WINDOWS\SYSTEM32\OSK.EXE which is targeting C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.0.36\ccSvcHst.exe and I checked that the osk.exe is my on-screen keyboard, and could it be that it was because on start up the application opened by itself? Well I made the option so it won't start up on boot up. Now I have this message actor coming from ,C:\WINDOWS\SYSTEM32\CONHOST.EXE targetting C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.0.36\cltLMH.exe what should I do?