Symantec Client Firewall blocks winlogon
Posted on 2004-08-20
I have Symantec Client Firewall 5.1 running on Win XP SP2. It's coming up with the following threat warning:
winlogon.exe is attempting to access the Internet
At 18:58 on 19/08/04 the following communication was detected:
Protocol: TCP (Outbound)
Remote Address: ncte.ie (169.254.95.115): ldap (389)
Local Address: Service port 1183
The application file could not be found. There is no autoconfiguration data for this application. This application does not have a digital signature or the digital signature is invalid.
I am concerned about this because I was not at the machine at the time referenced and I do not recognise the IP (although ncte.ie is my domain).
I have 3 copies of winlogon.exe on my machine, one in C:\Windows\system32 and 2 in the following folders:
Each around 502kb.
The firewall has mostly the default settings.
I'd appreciate any help. Thanks.