| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 64697 | 2005-12-23 19:45:00 | Norton Internet Security log files help please | cybergran (9452) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 415496 | 2005-12-23 19:45:00 | :waughh: I have just purchased a new computer running Win XP and Norton Internet Security....I have viewed the logs and after searching Symantec for information I would like help in interpreting the following logs, please.... 1. Symantec Resource Protector Alerts...Red X beside it. C:\win\system32\winlogon.exe (PID-508) Target C;\program files\Norton Internet securit| Norton antivirus\navapsvc.exe Action: unauthorised access Reaction: unauthorised access stopped www.symantec.com link button 2. Norton Internet Security Firewall icon... Inbound TCP connection remote address, local service is (207.210.245.140,http(80)) detailed info at symantec about this attack www.symantec security response link button. 3.Intrusion Detection... circle with a - inside (brown/red) icon attempted intrusion "portscan" against your computer was detected and blocked Intruder: 206.204.51.131 (2070) Riks Level: medium Protocol: TCP attacked IP. 210.54.85.154 attacked port: imap (143) detailed info at symantec security response link button. 4.System. i blue icon "Port block Allow NetBIOS" changed. old value 1 new value 0 5. Alerts. blue arrow icon Rule: "default block backdoor/subseven trojan horse" blocked (210.55.145.174.27374) Inbound TCP connection local addres, service is (210.54.100.56.27374)Remote address, service is (210.55.145.174.1409) process name is "N/A" 6. Firewall icon. The user has created a rule to "permit" communications Outbound TCP connection Remote address, service is (203.96.92.131,smtp (25) process name is: "C:\program files\internet explorer/iexplore.exe" I would appreciate replies interpreting these logs....thanx so much.. A very Merry Christmas & a even Happier New Year to everyone. |
cybergran (9452) | ||
| 415497 | 2005-12-23 20:44:00 | :cool: PS.. Please advise what type of logs I should be aware of for security threats etc.... Also everytime I turn my computer on the Norton Internet Security balloon pops up and tells me "my computer might be at risk...Norton is disabled"....when I check Norton is turned ON...Can I stop this balloon from popping up or will it affect something else as well....Thanx so much... |
cybergran (9452) | ||
| 415498 | 2005-12-24 08:10:00 | The trouble with looking at internet firewall security logs is that it makes you paranoid. :p It is not uncommon to get various alerts from incoming traffic and some of this can be considered *normal* internet traffic noise. The main thing is your firewall is doing its job and blocking anything considered suspicious. If you suddenly had a heap of alerts from the same IP or trying to access the same port, then I would have a closer look, but apart from that you don't have to worry about most of the alerts. Outgoing traffic is more suspicious. Your internet capable programs such as email client and browser need full access to the internet in order to function. One of the alerts #6 you asked about is an example of that. SMTP is the mail server protocol that your ISP uses for your outgoing emails. Be very careful of what other programs require internet access. If you are not sure whether to allow it or not, google for information to make sure it is safe to allow this. A process that suddenly and persistantly seeks permission to access the internet can indicate a trojan or virus present on the machine. Also everytime I turn my computer on the Norton Internet Security balloon pops up and tells me "my computer might be at risk...Norton is disabled"....when I check Norton is turned ON...Can I stop this balloon from popping up or will it affect something else as well....This is normal on XP machines with SP2 installed. The XP Security Centre cannot detect the status of your Norton's Antivirus therefore gives this warning. Norton has designed their product so that third-party applications cannot access the status of their program (for security reasons). You can find more information here (service1.symantec.com). I'm not sure if you can manually change the report option within Norton. |
Jen (38) | ||
| 415499 | 2005-12-27 03:35:00 | :) Hello Jen...Thank you very much for your helpful information....I will check out item no 6 when I arrive home....Hope you have a very Happy New Year.... | cybergran (9452) | ||
| 415500 | 2005-12-27 04:01:00 | Depending on which version of NIS you have, (like 2003), the XP Security Centre wont recognise the firewall / AV if the WMI update hasnt been installed (thru Liveupdate). I think with NIS 2006, the WMI update installs as part of the install. So, the Security Centre should pick up the firewall / AV after u install NIS 2006. If you want disable the balloons for good, go here (www.kellys-korner-xp.com) and click on number 11 / disable all. Download this file, and double click on it. If u want, I would find out where the ip address comes from in #5. And report them. |
Speedy Gonzales (78) | ||
| 415501 | 2005-12-27 09:40:00 | :waughh: Hi Speedy Gonzales... I have Norton Internet Security Suite 2005...I do live updates daily...Please explain what WMI update hasn't been installed thru live update...means....How can I find out what the IP address is for #5....can I google it? thanx so much for your reply...Hope you have a very happy new year.... | cybergran (9452) | ||
| 415502 | 2005-12-27 19:08:00 | The WMI update/s for NIS tell XP's security centre (hopefully), what firewall / anti-virus is installed . If your Liveupdate shows no more updates, I wouldnt worry about it . Usually if NIS reports a hacker (as in # 5), you can click on that ip address, and cick on Yes . It'll then bring up a map of the world and tell you where that ip address originated from . . . . |
Speedy Gonzales (78) | ||
| 415503 | 2005-12-28 08:29:00 | :p Hi speedy gonzales...thanks for your input...yes the live update shows nothing more to update....thanks for the tip about the IP too I will try that when I log off...have a Very Happy New Year.... | cybergran (9452) | ||
| 1 | |||||