Solved

Norton Internet Security Program Control Pop ups

Posted on 2004-10-29
15,438 Views
Last Modified: 2013-11-16
My PC was becoming unusable due to Norton IS bombarding me with Program Control warnings "A remote system is attempting to access your computer".

I've tried the application help, the symantec web site (with no luck) and also some other Q and A sites - there seems to people with the same problem, but none of the suggestions work. I've tried all the suggestions on this site - there was a similar question, but I think they were using the professional version of the software, mine's just plain and simple Norton IS 2004 - but none of them work.

The only suggestion that sort of helped and enables me to use my PC is to move the pop up window to the bottom of my screen and not respond to the messages. However I suspect that this is causing problems with the software and maybe slowing down my PC (but maybe I'm paranoid). It also takes me roughly 1 hour to close down all the alerts at the end of the week when I shut down my PC!

I really can't understand how you are expected to use the software in this state - there must be an answer, but I've trawled everywhere. One person who asked Norton (at some cost alledgedly) was told (alledgedly)it was a feature of the software and he/she should be glad he was warned. I did try sending an e-mail to Symantec but over a week later I have recieved no reply.

I see the question about removing the firewall part of Norton IS and it seems that this is not possible without also removing the antivirus software.  I could replace the firewall with a copy of McAffee I am entitled to via AOL but I would have to pay for another virus checker.

I hope someone can help.

0
Question by:Louverril
    34 Comments
     
    LVL 6

    Assisted Solution

    by:knoxj81
    louverril,  =0

    Depending if these "Attacks" are from a few IPS or numerous IPs you could be infected with a trojan or even be vulnerable to an exploit. In this case you would have numerous people that are running scans on the trojans port(s) or on the exploit port(s) this would cause great frustration. So lets go over a few steps to  make sure you are as secure as you can be without having a hardware firewall.

    I believe you should unload your Norton products, and We'll go over some great antivirus software as well as firewall protection. Good news is, both have FREE products if you choose not to spend money!

    First I would run windows updates and install all CRITICAL patches. Now, I would run a scan at http://housecall.trendmicro.com/housecall/start_corp.asp . Even though you have a virus scanner I would run this online scan to test the reliability of your current scanner. If nothing else this will help your decision on weather you want to stay with your current protection or not.

    Anti Virus Protection:
    Kaspersky Antivirus 5.0 (new version) http://www.kaspersky.com/personal
    This program is the best by far. It updates every 3 hours, scans web browser scripts also.
    I've tested many other virus scanners through the years and this is by far the best to me.

    AVG is also a great virus scanner (more for home user) not to mention they have a wonderful FREE edition.
    http://www.grisoft.com/us/us_dwnl_free.php

    Next step, unless your a HUGE fan of Norton Internet Security, I would concider giving Sygate a try...I say give a try because they have a free version you can use for home use. I think you'll like this firewall for the fact you can do very little configuration as well be "stealth" on most port scan. This will dramatically cut down on the popups you're recieving from Norton. As well as the option to permit or block the traffic you want and won't bug you again.

    Sygate Standard(free) edition can be found: http://smb.sygate.com/products/spf_standard.htm

    Final Step, I would install some protection against adaware/spyware/malware that comes bundling in all kinds of software packages. I would use all three of these programs for they all serve a different, yet important purpose in internet security.

    AD-AWARE - www.lavasoftusa.com
    If you can afford it by the PRO version, the extra feature AD-WATCH is well worth it for it monitors your registry and notifies you of any changes made allowing you to ALLOW or REJECT the request on the fly. If you don't want to buy this download the free version for adaware scanning purposes and use the RegistryProt to monitor your registry for changes.

    RegistryProt 2.0 - http://www.diamondcs.com.au/index.php?page=regprot
    This is a free program to monitor all changes to registry. This is a must in security for you windows machine. Big help in eliminating spyware, Trojans, backdoors, etc..

    BHO Demon - www.majorgeeks.com/download3550.html  (mirrored)
    This is a must now-a-days if your running Internet Explorer! BHO is used in a lot of the recent IE exploits as well as keyloggers. Windows XP SP2 offers something along these lines, but why trust M$.


    That should be enough to keep you busy for a few hours, but just incase you want some reading to do for your own research let me provide you with a few of my favorite links/reference:

    http://isc.sans.org/index.php?off=diary -Everyday info on the latest exploits/virus/security issues.
    http://eeye.com - perfect for advisories and the best security software.
    www.majorgeeks.com - Every program a nerd could think of!!
    www.sygate.com – Great Software firewall.
    www.kaspersky.com – Best AV on the market.
    www.lavasoftusa.com – Best spyware removal program.
    http://www.grisoft.com – Wonderful FREE AV.


    Good luck & keep me posted,

    Jorden
    Tech-Security
    0
     
    LVL 65

    Assisted Solution

    by:SheharyaarSaahil
    Louverril are u talking abt Norton alerts ??
    if Yes then in its Security Center's options, the settings can be set to lowest to keep it "Shut up" !!

    Or are u saying that u have already done it and still u cannot get it to work ??
    if yes then can u plzz try this, open ur Start>Run>msconfig>Services
    and tick Hide Microsoft Services, now u shud seem some Norton services listed there
    plzz write them down and post them here, let me see if u can disable that service from there to stop these alerts !!

    Also, can u plzz tell me, that this behaviour is from very beginning or have just started bugging u ??
    Post Back :)
    0
     

    Author Comment

    by:Louverril
    The personal firewall level has been set to low as suggested elsewhere but this makes no difference.

    These pop ups have gradually increased as I used the software. I had a few at the beginning but not the level I have now. NB I have ran Spybot and a full virus scan (with uptodate definitions).

    I couln't get the list the way you described msconfig was not recognised however I tried something else (services.msc /s) and got a list including the following all with a description of symantec.

    Symantec Core LC
    Symantec event manager
    Symantec Netwroks Drivers Service
    Symantec Network Proxy
    Symantec Password Validation
    Symantec Settings Manager
    SymWMI service

    all were listed as started apart from the password validation and WMI service.
    0
     
    LVL 18

    Assisted Solution

    by:luv2smile
    I assume this is your 2000 computer you are talking about in your other post that is NOT patched.

    I would be very concerned that all those alerts are due to all the vulernabilies in your system due to you not being updated on your patches.

    An unpatched computer will be compromised in probably the FIRST 20 minutes of being connected to the internet. You have a firewall so not everything may be getting thru (but I would still be concerned that your system is infected due to being unpatched)....but these warnings are probably telling you that these exploits you have are being used to try to attack your system.
    0
     
    LVL 18

    Assisted Solution

    by:luv2smile
    So in other words, your firewall is probably doing its job and letting you know when your system is under attack.....your system is probably highly under attack due to the fact that you are WAY WAY WAY behind on patches.
    0
     

    Author Comment

    by:Louverril
    Point noted luv2smile.

    I'm too tired to  contemplate SP4 tonight. However I promise I will look at drivers, system back ups, potential lost /annoyed customer,  the level of my savings for a new PC etc... asap.

    If it is possible with this message board, I'll let you know how I got on (presuming I still can!).

    Thanks
    0
     
    LVL 18

    Expert Comment

    by:luv2smile
    Just curious, what service pack is your machine running?
    0
     
    LVL 7

    Assisted Solution

    by:Focusyn
    I don't have the latest version of NIS, but I do have the 2002 or 2003 version, and although the auto-run installer would not do the antivirus without the firewall, there were individual .MSI installer packages for each included program.  I was able to remove the entire program, then right click and install the antivirus .msi to install only the antivirus software successfully.
    0
     
    LVL 65

    Assisted Solution

    by:SheharyaarSaahil
    >> Symantec event manager

    Untick this one, and restart and now check if same alertings ??
    0
     
    LVL 18

    Expert Comment

    by:luv2smile
    You can go to add/remove programs in the control panel and from there you can choose to delete only certain parts of of NIS. I've done this to remove the antivirus part, but keep the firewall.
    0
     
    LVL 18

    Expert Comment

    by:luv2smile
    Of course I wouldn't advise removing the firewall until you have another one installed.
    0
     

    Author Comment

    by:Louverril
    Luvtosmile - it's SP1 (from memory - I've forgotten how to check) Don't laugh.
    0
     

    Author Comment

    by:Louverril
    Thanks all  for the suggestions - theres a lot to try there. I must get something to eat. See you tomorrow.
    0
     
    LVL 18

    Assisted Solution

    by:luv2smile
    I'm sorry, but I just have to cringe thinking about the risk of running a computer with windows 2000 SP1.....

    I still say your first stepp HAS GOT TO BE getting your system patched...good luck!
    0
     
    LVL 6

    Assisted Solution

    by:knoxj81
    As I stated at the beginning, to run windows update and install all critical updates.

    Also, I wouldn't waste your time with Norton. But don't take my word for it:

    http://www.eeye.com/html/research/advisories/index.html  - here you will see some of the exploits against Symantec (Norton) products.

    http://www.securityfocus.com/bid/vendor/  - and select "Symantec" from the Vendor list, to see a lot more exploits found on symantec.

    This is why I recommend different security products. You might not want to invest a hour of work. But in the end you won't have to be scrambling for answers or dealing with tons of annoying popup messages that mean nothing. Take the time to properly lock down your system knowing you made the right decision and all of you personal information is safe.

    SheharyaarSaahil's advise on lower security settings isn't the best idea, if your going to goto all the trouble of disabling services, I think concidering a new product would be a smarter choice. Howerver, if your heart is set on Norton, then ignore this please!  =]

    Good luck louverril & please advise!

    Jorden
    tech-security
    0
     
    LVL 18

    Assisted Solution

    by:luv2smile
    The main problem is that this person had a bad experience with installing a patch and has since NOT installed ANY patches (this is information from another post).

    I have been trying to convince them that they MUST install the latest patches in order to be more secure.....but they are still leary.....

    Maybe someone else can offer some examples of what can happen even if you have a firewall if your system has not been patched....
    0
     
    LVL 10

    Assisted Solution

    by:woodendude
    You want to turnm on automatic programm control, open the norton window, highlight firewall, bottom right go to configure and under prigrams tab, check "turn on automatic programm control"
    0
     

    Author Comment

    by:Louverril
    Have installed SP4. No probelms with that!!! Re-installed Norton because I was denied access to turn Intruder detection back on (somehow it had been turned off...) The reinstall fixed it for a while then the detection was turned off while I was getting the updates for Norton. I cannot turn it back on - no matter who I'm logged on as.

    Not sure If I'm protected with the Detection off (but the firewall on)? Just got a security alert for WinCrash trojan. Don't know whether Norton was just telling me or blocking it.

    Before the alert. I've updated and run spybot but it found nothing . Getting a bit panicy now.

    There is an update from Norton for Intrusion Detection that won't download when running Liveupdate. Get error LU1845 which is a subscription error - but all the other updates came down OK.

    Scarted of connecting to the internet logged on as administrator to get some more Windows updates.

    0
     
    LVL 6

    Assisted Solution

    by:knoxj81
    Louverril,

    If your not able to turn on "Intrusion Detection" and you you received a notice of "WinCrash trojan." I would definitly say your infected with the backdoor. Now-a-days virus will disable the sercurity settings that will prevent them form using remote access to your PC. Being that Norton is soo popular is seems that it is targeted and used as a feature in a lot of trojans. Also since you can't update Norton using liveupdate, this is commonly used in newer trojans to keep a status of "undetected." If you can't update, then you can't detect it.

    I would uninstall Norton Products and download AVG and Sygate, install those run updates and full scan. Its a 30-60 minute process.

    Note: before uninstalling Norton, be sure to download the products first.

    AVG:
    http://www.grisoft.com/us/us_dwnl_free.php

    Sygate:
    http://smb.sygate.com/products/spf_standard.htm

    Let me know if you have any questions or concerns regarding these processes.

    Jorden
    0
     
    LVL 65

    Assisted Solution

    by:SheharyaarSaahil
    hmmmmm if Norton is reporting abt WinCrash Trojan, then u must have these symptoms also >> http://securityresponse.symantec.com/avcenter/venc/data/backdoor.wincrash.html

    haev u :-?
    0
     
    LVL 6

    Assisted Solution

    by:knoxj81
    obviously symptoms:
    - "I was denied access to turn Intruder detection back on (somehow it had been turned off...)"
    - "Norton for Intrusion Detection that won't download when running Liveupdate"

    The important detail here is it's reporting the virus as already there. Detection rate is important, it leads to prevention. Higher quality virus scanners need to be able to prevent this viruses from running on your system, not just telling you your infected. How Norton didn't detect it to prevent infection is beyond me. This virus we are discussing is  old and should have been prevented from executing. Its time to step up and enjoy the safty other vendors can offer you.

    Awaiting your response,

    Jorden
    Tech-Security
    0
     

    Author Comment

    by:Louverril
    OK Thanks for the suggestions. The current status is as follows:

    Win 2000 - all current security patches applied
    Norton IS all latest updates applied except intrusion detection (get error lu1845)
    Am unable to turn intrusion detection on ("falied to save setting. Please verify that your windows account is not restricted") - even when logged on as administrator
    Firewall set to highest security ("block everything until you allow it)
    Norton IS log shows Wincrash trojan (ref earlier posting) and netbus trojan were blocked. I had recieved a "security alert", ref posting above - didn't know if this meant it had been blocked.
    Virus system scan finds no problems
    Virus Autoprotect is on
    Up to date Spybot scan reveals no problems (immunised)
    I log onto the interent as a user  (except for live update - have to be on as Administrator).

    I believe I'm quite well protected (on a temporary basis) with the above settings - what do you think??

    In order to cure the problem with intrusion detection Symantec advise that I uninstall manually - following instructions found when you enter 2004020314035036 in the search on thier website - to COMPLETELY remove product before reinstalling.

    I think that the original problem may (and I mean may) not have been a security threat but caused by an update to the NIS software (via live update). REASONING: I noticed when I re-installed Norton the first time that you have no choice but to locate some of the files in "Program Files". I have two operating systems on my PC (a fix to get round the problems caused last year applying the MS service pack - see other closed posting!!)). I was advised when I created the second OS to call the program files folder something different (same partition), so I called it "program files new". I think that one of the Norton updates might be getting confused with software running on the other operating system???

    Although its tempting to just scrap NIS, I want to solve this. I propose to follow symantecs advice but making sure that all symantec stuff is also completey removed from the second OS.  

    Any comments?
    0
     
    LVL 6

    Assisted Solution

    by:knoxj81
    Louverril,

    Can you successfully run Norton Antivirus live update w/o errors?

    As far the trojans being a past, I believe that for the fact that the Wincrash virus is from 2000. netbus is old too. Maybe you were infected and the ports are still open on your computer...If that is the case ANY firewall will block attempts to access those ports.

    Wanting to resolve the original issue with Norton is a good idea, for the fact its important to know the issue at hand and how to fix it. If not for now, for future reference as well.

    My opinion on switching firewall is strictly my preference. I have used and tested many firewalls and just believe if you want a software firewall you want the best, hassle free( if such thing) possible.

    The only thing that really bothers me is the fact intrusion detection won't even load. I don't belive the 2 OS's are a factor, for the reason that you've performed a fresh install with Norton, which should have settle any past issues, which it didn't.

    In this cause, since you want Norton, I would play around with a few of the programs I listed just to enforce a little more security and monitor with using little system resouces. Programs like; BHO Demon, RegProt.

    I would also advise everyone to check out isc.sans.org daily diary to check out the latest in security threats. If you decided you like the site I would check out http://www.labreatechnologies.com/ISCAlert.zip . This program monitors overall internet threats.

    One last reference is, McAfee Avert Portal, which is a wonderful reference site for viruses.
    http://myavert.avertlabs.com/myavert/default.aspx?index=1

    Please advise if you have questions or concerns,

    Jorden
    tech-security
    0
     

    Author Comment

    by:Louverril
    Live update runs OK - EXCEPT it will not download an intrusion detection update.

    What do you mean that the "ports are still open on your computer" This sounds bad, but you say any firewall will block them? NB: The virus scan has never found any viruses on my compter so I don't think I was ever infected (?)

    Also maybe I'm only protected again old trojans - i.e. ones that NIS has the signatures for? Or will the firewall itself protect against all of them. I'M UNCLEAR WHAT NIS INTRUSION DETECTION does above what the firewall does - does it block extra things or is it's function just to tell you what was blocked, and if thats the case what told me the two trojans were blocked, when intrusion detection isn't running?. I don't understand.

    Symantec say that using the Control Panel remove program does not remove all traces of NIS. The instructions they give to remove it manually are certainly comprehensive. I reckon it will take a long time esp. as when I reinstall it I have to get all the updates down again. I reckon about 5 hours. My PC takes ages to reboot.

    If it doesn't work I'll...........

    So if any one has any more advice PLEASE let me have it, before I start tomorrow morning.

    Thanks.

    0
     
    LVL 65

    Assisted Solution

    by:SheharyaarSaahil
    >> falied to save setting. Please verify that your windows account is not restricted

    Are u using only once account from very beginning.... have u ever tried creating a new user account and check there for this problem :-?
    0
     
    LVL 6

    Accepted Solution

    by:
    When I say "ports are still open" meaning its from a past trojan or virus... This isn't for sure, but I know I CAN'T be hit with an attack on a trojan port, because 1) I dont have those ports open. 2) my sygate firewall stealths the ports I do have open...

    If your concerned about the ports you can run a port scan at: http://scan.sygate.com , it'll show what you have open and closed or even stealth. I would do their trojan port scan as well, to see what trojan ports you might have open.

    Intrusion Detection, is great! However, a little on the weak side through Norton. It has to be updated with signatures to be affective against internet attacks. In your case it works hand-in-hand with your firewall. Intrusion detection monitors all the traffic for specific attacks and then your firewall uses the rules created to deal with the traffic, block, allow. Since Intrusion Detection isnt running, your firewall is telling you that an ip address on a specific port tried to access your network and was blocked. The problem here is that the attacked even saw the port open.

    Check for security vulnerabilities:
    Microsoft Baseline Security Analyzer V1.2.1
    http://www.microsoft.com/technet/security/tools/mbsahome.mspx#EDAA

    Once you try and uninstall a program, I would use the following programs to insure proper removal of the applications. Also, these programs will help keep your computer running nice.

    CCleaner - http://www.majorgeeks.com/download.php?det=4191
    This program will insure you that all traces are left behind once you complete your install.

    RegCleaner - http://www.majorgeeks.com/download.php?det=460
    This program will remove any missing or invalid registry entries as well as perform a complete backup of changes you made.

    Also:
    If what your saying is your going to remove Norton and reinstall the program again, I would have to say be sure to run those 2 programs above before installing Norton again, but after removing it. Also, if its going to take 5 hours to do this process, you might concider switching firewall walls to one less troublesome? The choice is yours! Either way good luck and keep us posted!

    Good Luck,

    Jorden
    tech-security


    0
     

    Author Comment

    by:Louverril

    Thanks verty much Knoxj81 for this information and explanation. I feel better now that at least the firewall seems to be blocking attacks. I can type more slowly!!!

    I ran all the Sygate checks (Quick, Stealth and Trojan) and they are OK. All ports were blocked. The only thing that could be found was my IP address.

    I haven't done the MS one but I will.

    I think the two trojans may have been a hang over from before I applied the 2000 security updates. Somehow they knew where I was even thought the ports are now blocked? I dont know.

    SheharyaarSaahil - yes I tried adding other accounts - unrestricted Administrator accounts. The strange thing is that the original instal of NIS put some of the files under the doucments andsetting sfor the account I used to install it. This is another reason why I am suspicious of the two OS's on my system causing a problem.

    Will let you know how I get on with the re-install.

    Thanks
    0
     
    LVL 6

    Assisted Solution

    by:knoxj81
    No problem, let us know how it goes!!  =]
    0
     

    Author Comment

    by:Louverril
    Well what fun I have had.

    I went ahead and tried to remove NIS (again). Rather than follow the instructions for manual removal I thought I'd try a control panel removal first and then clean up with the manual instructions.

    Result - my whole OS is totally messed up! 75% of the programs just disappeared, including AOL, spybot, MS Office etc... Some remained like Ahead Nero. I am using an older version of AOL that was installed on the other OS (running from this OS...)

    Honesty all I did was remove NIS in Add/Remove programs and restart. Either NIS really just doesn't like 2 OS  anymore - I've been running it that way since Feb this year - or I had a virus that the latest NAV signatures couldn't spot, or ???

    Anyway the whole things unstable. I've decided to reinstall the system from scratch.

    I have:

    the original sony product back up/recovery disks for this laptop
    the windows 2000 upgrade disk
    Windows SP4

    I thought Id just shove them in one after the other followed by the application disks - luckily I have MOST of them.

    ANY ADVICE ON RESTORING THE SYSTEM - I've never done this before (not since DOS and Win 3.1 anyway!!!). I suppose I to shouldn't try format the hard disk, just put the recovery disk in??  

    Should I start a new posting - I'm new to this website?

    (In the meantime I installed mcaffee firewall (because I had it) and got AVG running as you advised).



    0
     
    LVL 65

    Assisted Solution

    by:SheharyaarSaahil
    >> the original sony product back up/recovery disks for this laptop

    Use them, boot with the recovery cd and it will format the hard drive and will restore the factory settings for this system !!
    but remember formatting means,,,, all data will be erased, so make a good backup of ur important data first :)
    0
     

    Author Comment

    by:Louverril
    All data backed up - luckily the external USB CD r/w still works.
    0
     
    LVL 6

    Assisted Solution

    by:knoxj81
    Louverril,

    Also, if you do decide to use the recovery disk, be sure to have the latest virus definitions for AVG and SP4 installed before plugging that machine online. And as soon as you plug it into the internet, be sure to run WINDOWS UPDATES first and install ALL CRITICAL UPDATES.

    You also have the choice to just backup your files, format your drive, and install windows 2000 by itself without restoring all the junk that comes in restore cd's. Especially if your wanting to run 2 different OS's. This way once you format and put in the win2k cd, you just delete all partitions then create 2 different partitions NTFS (unless your install linux or different OS). Once the 2 partitions are created you can install windows 2k on one of the partitions and then you'll have another partition ready for your next OS.

    Please advise if you have further questions!  =]

    Good Luck,

    Jorden


    NOTE: Syagte is better than McAfee (my opinion).
    0
     

    Author Comment

    by:Louverril
    My last comment letting you know what happened seems to have disappeared. I also hope I did the points thing OK. I tried to just divide the points up between the people but I had to divide them amongst all the responses - I tried to do this and achieve the same number of points (had to get the calculater out....) Anyway all these assisted answers have come up. Hope I haven't upset anybody. Thanks to you all...

    Anyway, just incase you're interested, after sometime I managed to get the system back. It took ages becuase of having to put Win 98 on first and then Win 2k knocking out several drivers. Ended up re-installing NIS - because I've paid for it. Not very happy with NIS - it stopped me getting a virus or whatever but it totally wrecked my PC when I tried to uninstall/ It also went wobbly when I re-installed it on the rebuiilt PC for a whilke but corrected itself.

    I'll certainly consider another product when my subscription is due.

    Thanks again.

    0
     
    LVL 10

    Expert Comment

    by:woodendude
    Just glad to hear you're up and running again. Norton has turned off quite a few people. I seem to be one of the luckier ones, I've had no more trouble then I have using any other AV.

    Thanks!
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
    I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now