tell me what are all these SSDP packets captured. i know this is not the topic of this thread but if anyone may help.
Printable View
tell me what are all these SSDP packets captured. i know this is not the topic of this thread but if anyone may help.
Can you cut & paste the rule you found and post it here? You can block out the IP address if you want.
Cheers:
Hey DjM i know that, but i dont know why
1. symantec wants to connect ot my pc,
2. this is more important why does the firm want to connect to MSN messanger, Yahoo Messanger, Explorer and why doesn't norton have any record of the connection while windows ICF log had.
No No, you misunderstood me. :p I would like to see the rule as it's defined in the firewall. This would give me more to search the Platinum knowledge base with. If you don't want to post the IP address listed in the rule just block it out (e.g. xxx.xxx.xxx.xxx)Quote:
Originally posted here by ByTeWrangler
Hey DjM i know that, but i dont know why
1. symantec wants to connect ot my pc,
2. this is more important why does the firm want to connect to MSN messanger, Yahoo Messanger, Explorer and why doesn't norton have any record of the connection while windows ICF log had.
Cheers:
Hey, sorry for the dumb reply, well here is the rule
InBound TCP address:xxx.xxx.xxx.xxx
Direction : Inbound
Computer: Specific
Adapter : Any
communication : Any
Protocol : TCP
here is what i have added, Creat an log entry and notify by a security alert
Thanks mate. Unfortunately this did not help my search very much. Can you give me the link on Symantec where it told you to download the new rules? I am going to open a support ticket and ask them (Symantec) straight out what this rule is and why it's there (by default). They are usually pretty good at getting back to me, but I might not get an answer on this one for a couple of days. I'll get back to you when I get something out of Symantec.Quote:
Originally posted here by ByTeWrangler
Hey, sorry for the dumb reply, well here is the rule
InBound TCP address:xxx.xxx.xxx.xxx
Direction : Inbound
Computer: Specific
Adapter : Any
communication : Any
Protocol : TCP
here is what i have added, Creat an log entry and notify by a security alert
Cheers:
Sure, no problem will wait till then. but some things you should you know, this is not a rule by default it was created after an update that symantec urged its users to apply. this may be the ones symantec is talking here = http://www.symantec.com/techsupp/sp2/faq.html#3
MY FRIEND THE LINK IS CHANGED IT WAS ON SUPPORT PAGE BUT NOW THIS IS THE UPDATED LINK AND NEW DOCUMENT I HAVEN'T READ IT BUT I AM... TELL YOU WHAT I REMEMBER ONE LINE FROM THE OLD DOCUMENT SAYING "SYMANTEC USERS ARE REQUESTED TO APPLY THERE (NORTON) UPDATES BEFORE DOWNLOADING SP2"
after i applied these updates. the next morning i again got some more new updates but this time Liveupdate poped up and dialoug box saying run liveupdate again to get more updates. at this time this rule was created.
anyway will get back to you. one more thing the alerts have decreased now.
Not teaching to suck eggs, but:-
You sure that was from Symantec????????Quote:
an update that symantec urged its users to apply
OK, screw the support ticket. I have a phone call into my Symantec Tech Support rep. I'll let him dig into why this rule was added and why it's required.Quote:
Originally posted here by ByTeWrangler
Sure, no problem will wait till then. but some things you should you know, this is not a rule by default it was created after an update that symantec urged its users to apply. this may be the ones symantec is talking here = http://www.symantec.com/techsupp/sp2/faq.html#3
MY FRIEND THE LINK IS CHANGED IT WAS ON SUPPORT PAGE BUT NOW THIS IS THE UPDATED LINK AND NEW DOCUMENT I HAVEN'T READ IT BUT I AM... TELL YOU WHAT I REMEMBER ONE LINE FROM THE OLD DOCUMENT SAYING "SYMANTEC USERS ARE REQUESTED TO APPLY THERE (NORTON) UPDATES BEFORE DOWNLOADING SP2"
after i applied these updates. the next morning i again got some more new updates but this time Liveupdate poped up and dialoug box saying run liveupdate again to get more updates. at this time this rule was created.
anyway will get back to you. one more thing the alerts have decreased now.
I'll get back to you. :cool:
i surely hope the update was from Symantec. I did not use the express liveupdate technology in that it verify's and displays that the digital signatures were authantic. i dont know what both of you are trying to say but are you talking about TCP connection spying and injection commands in it. ?