Guys, lets go back on start...
I something missed. The rule added was to allow or deny?
if it was deny then it could be something for testing.
On the other hand if it was allow, then I would be very worried.
Printable View
Guys, lets go back on start...
I something missed. The rule added was to allow or deny?
if it was deny then it could be something for testing.
On the other hand if it was allow, then I would be very worried.
ikalo it was added to "allow" this perticular IP to establish connection on any port by any adapter.
I wouldn't worry to much, the IP you supplied me and Tiger does trace back to Symantec so I believe you are in contact with them. The bigger question now seems to be why? Now I like Symantec (sorry Tiger ;) ) but even I would draw the line at them installing a rule into my firewall(s) which allows them to contact the machine. Like I said, I'll let my Tech Rep dig into it and we'll see what falls out of this. :confused:
Cheers:
DjM:
Yeah, a hate it....
allow in xxx.xxx.xxx.xxx any -> any any
on any security device stinks enough to scare vultures off a gut wagon, IMO.
I can't wait to hear their excuse *cough* I mean reason..... ;)
i dont mind symantec connection to my IP till it stays within my eye-sight. but DjM this is stupid. norton firewall has no log entry (while windows ICF has it). the windows log also says the connection was established and then closed where is this in the norton's firewall. while i was reading that support document at symantec's site it said symantec's "TAMPERPROOF" technology you not let windows security consol access norton anti virus status etc. but atleast they can tell their firewall logs what to write and what not to write. the point that i am trying to make is here is that i had heard a conversation of microsoft's chief security officer on SP2 get questioned about zonelabs firewall to turn on and off windows firewall..... now this means even a script can do this... same here even a script can edit or erase logs... thats a security concern.. anyway why does norton want to connect to my messanger and iexplorer i mean what do they need from these application... rather an unclear picture here..
hey i have a very important question here that i think we all missed......
"EVEN AFTER BLOCKING THE CONNECTION BY ALTERING THE RULE. WHO KNOW IF ITS REALLY BLOCKED.. I MEAN THE ALERTS COULD BE JUST TO GIVE A VISUAL TREAT TO MY EYES?????"" WHAT DO YOU THINK??
ill get back with my windows ICF logs'
I fully agree.
is anyone checked with symantec if that IP is their...
Also, it is rather strange that you got e-mail stating that you are urged to aply that particular update. Why I smel phish here???
ikalo i would like to clarify 2 things with you. if you see post no 33 you will see that DjM has clearly said that the IP does belong to symantec and my friend i did not get a mail it was online on their support website. also to let all of you know there has been no connections by that IP in todays windows ICF log. if there is any other information i can provide please tell me.
I was running through this thread, so I guess I missed that.
Anyway, it is somehow odd to me. I was using personal firewalls like norton, zonealram and tiny. But when I learned basic stuff about filtering tcp/ip and firewall configuration I realised that those don't offer maximum flexibility.
Then I found deerfield VisNetic firewall. That is real firewall that can protect whole private network because it filters all trafic on computer that is internet gateway.
If you know enough about TCP/IP and what app use what ports it is the best thing. Because by default all is stealth. You open ports that you need. It even has wizard that helps you configure everything. After you set it up, there is no updates needed... you can let it run forever. Just check log from time to time to see if anything odd is happening...
And the price is less than 50$.
There is one good thing also if you use it on network. you can do everything remotely.
The installation is some 20 MB (5 MB for remote admin util that is free).
Check it out if you want. I have found it on www.download.com it has 15 days trial period...
OK, here's what I got back from my Tech. The IP address you gave me is actually Symantec's online security check. If at any point in time, you have run the online security check, your firewall would have prompted you to create a rule to let the check run. The rule would look exactly like the one you posted here. The rule could have been created months ago or just recently, but he assured me that Symantec would never open a hole like that (they would be out of business pretty quick). It is safe for you to delete the rule, but if your run another online security check, it will be recreated.
Does this make sense to you? He also mention, you should be able to get support from Symantec because you own the product, so if you have any other questions or problems, you should give them a call.
Cheers: