• 所有社区 - 中文
    • 所有社区 - 中文
    • 论坛
    • 创意
    • 博客
高级

不是您要找的? 咨询专家!

此论坛帖文需要解决方案。
好评0

Configuration logfiles / ports

Hello,

Using Norton 360 including firewall on Windows 10, with no mail client (just gmail in the browser). Provider blocked the Internet access, and provided examples with time stamps of spam mail. Scan does not find anything with Norton, nor Malwarebytes.

1) Is the logfile accessible, so I can check whether the PC was active at the relevant spamming time?

2) Port 25 is protected, but it seems it cannot be blocked. Is there any regular use for the port and how to block it completely to avoid the spambot's activity till identified? Somehow SMTP ports with authentication cannot be protected by Norton. Any reason for this?

Best regards,

Michael

回复

好评0

Re: Configuration logfiles / ports

MichaelGassner:

...Using Norton 360 including firewall on Windows 10, with no mail client (just gmail in the browser). Provider blocked the Internet access, and provided examples with time stamps of spam mail. Scan does not find anything with Norton, nor Malwarebytes....

Hi MichaelGassner:

Could you please clarify.  Do you mean that you don't use any email application on your local computer like MS Outlook, Windows Mail, Thunderbird, etc. and always log in to Gmail through your browser (e.g., https://www.google.com/gmail/) to send and receive e-mails?  When you say "Provider blocked the Internet access" do you mean Google or your Internet Service Provider (ISP), and are these spam emails being sent to your <yourusername>@gmail account or another e-mail address provided by your ISP (e.g. <yourusername>@comcast.com)?

Norton's email scanning features are integrated with e-mail clients like MS Outlook on your local computer. From what you've described it sounds like the spam filters on your Gmail or ISP mail server are blocking these emails.  If you clicked on a malicious link or opened a malicious attachment and infected your computer while viewing these emails in your browser, Norton realtime AutoProtect feature should detect the malware if it attempts to infect your local computer, but Norton can't scan e-mails sitting on a remote mail server.

Is the logfile accessible, so I can check whether the PC was active at the relevant spamming time?

Norton activity logs can be viewed at Security | History (or right-clicking the Norton icon in your system tray and selecting View Recent History from the pop-up menu.  If the Norton icon in your system tray has a green check mark that means Norton AutoProtect is actively protecting your computer.  The icon should display an exclamation mark (warning) or red "x" (danger) if there is a problem with your real-time protection.

Port 25 is protected, but it seems it cannot be blocked. Is there any regular use for the port and how to block it completely to avoid the spambot's activity till identified?

Blocking ports in your Norton Smart Firewall would only block communications between the e-mail client on your local computer (which you said you don't use) and the remote mail server, so I don't think that would help if you only read emails in your browser using an online email application.  It might be better to configure the spam filters or blocked senders list in your Gmail account (for example, see the Gmail support article Create Rules to Filter Your Emails) if their default spam rules don't catch all these spam messages.

Somehow SMTP ports with authentication cannot be protected by Norton. Any reason for this?

POP3 is a standard mail protocol used to receive emails from a remote server to a local email client. POP3 allows you to download email messages on your local computer and read them even when you are offline. Simple Mail Transfer Protocol (SMTP) is the standard protocol for sending emails. The standard (non-encrypted) TCP ports used by most local email clients are Port 110 for POP3 (incoming messages) and Port 25 for SMTP (outgoing messages).

If you reconfigure your local email client to use the secure (SSL / TLS) servers of your email provider Norton can't scan these emails before they arrive in the Inbox of your local email client because the emails are encrypted.  My ISP is Shaw Communications and I've configured the Windows Mail e-mail client on my local computer to use the secure Port 995 for POP3-S and Port 587 for SMTP-S for emails sent to and from <myusername>@shaw.ca.  However, I was still  protected when an email with a malicious attachment arrived in my local Inbox and was detected by Norton's real-time protection (Trojan.Klovbot) when it tried to infect my computer.

From the Norton support article Learn How Norton Email Scanning Protects Encrypted Email Accounts:

"The email scanning feature in Norton cannot scan emails from the accounts that are configured for SSL. Email scanning can only scan emails from the accounts that are configured for POP3 and SMTP. The emails that you receive in your secure (SSL) accounts are encrypted, and Norton email scanning cannot scan them before they are downloaded to your inbox.

However, you are still protected. If someone sends you an email with an infected attachment, the file gets downloaded to your inbox along with the email. When you try to open it, the Auto-Protect feature in Norton detects and removes the infected file....

...In case of POP3 accounts, the email scanning feature detects and removes the infected file even before it is downloaded to your inbox... 

---------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22

This thread is closed from further comment. Please visit the forum to start a new thread.