Newbie queries Norton Internet Security 2004 automatic con..

Archived from groups: comp.security.firewalls (More info?)

I have recently purchased and installed Norton Internet Security 2004.
I was previously using Zone Alarm but had no anti-virus software and
thought it was time I got better protected, so thought that a combined
package would cause me less administrative hassle. I am running
Windows 98.

I have disabled the Automatic Live Update but something in the
programs that it sets running on my PC keeps trying to dial out to the
internet. No matter how many times I hit "Cancel" on the dial-up
connecion box, it keeps coming back up. Eventually I let it connect
but I couldn't see where it was trying to get to. After downloading
about 200-300k over the connection, it stopped and I could disconnect
without it complaining. I have had to do this about 2-3 times over the
past couple of days. And no, this is not coming from any spyware - I
have Ad-Aware & Spy Bot and neither found anything to complain about.
I think it may be coming from some component called ccApp which is run
on startup.

I have disabled everything I can find in the configuration options
that is called "Automatic" and removed the (disabled) Live Update task
from the scheduler.

Since installing the product, I seem to be constantly at its demand
and it's taking over my life and my PC. I thought it was supposed to
make my life easier?

Any advice gratefully received.

TIA

Liz D
4 answers Last reply
More about newbie queries norton internet security 2004 automatic
  1. Archived from groups: comp.security.firewalls (More info?)

    Hi Liz,

    It may be when you first install it you want to do a Update for NIS and NAV.
    But most likely it is your Registration and it does the Live Update
    anyway as part of the registration process.
    You should have a checkbox to stop it from registering.

    Also I'm not that up on NIS 2004 as I have NIS 1.0 but you should put a
    Block All TCP/UDP Rule either direction at the end of your Rules List
    when you are not using Rules Assistant.
    And when you are using RA you should set that Rule to Ignore but still
    to Log.

    Sometimes UDP's drop through the Rules List and the Log doesn't always
    show if they were Blocked or Allowed.
    NIS is AtGuard and that was a Must Rule but NIS tells you the same thing
    in the Help Files but in so many words and you really got to dig to find it.

    Look under "Rules Assistant", "Unused port blocking" and "Implicit
    Block" in the Help Files.

    Not sure if they changed that for your Version of NIS but you might want
    to check on it anyway.
    Think it was stupid of them not to include that up front.
    BTW I like my NIS 1.0 and have no intention of changing it.

    It's a good Rules Base Program where you have an App Based before I believe.

    Kevin
  2. Archived from groups: comp.security.firewalls (More info?)

    "!:?)" <"!:?)"@*.com> wrote in message news:<vidPc.163136$OB3.55674@bgtnsc05-news.ops.worldnet.att.net>...
    > Hi Liz,
    >
    > It may be when you first install it you want to do a Update for NIS and NAV.
    > But most likely it is your Registration and it does the Live Update
    > anyway as part of the registration process.
    > You should have a checkbox to stop it from registering.
    >
    > Also I'm not that up on NIS 2004 as I have NIS 1.0 but you should put a
    > Block All TCP/UDP Rule either direction at the end of your Rules List
    > when you are not using Rules Assistant.
    > And when you are using RA you should set that Rule to Ignore but still
    > to Log.
    >
    > Sometimes UDP's drop through the Rules List and the Log doesn't always
    > show if they were Blocked or Allowed.
    > NIS is AtGuard and that was a Must Rule but NIS tells you the same thing
    > in the Help Files but in so many words and you really got to dig to find it.
    >
    > Look under "Rules Assistant", "Unused port blocking" and "Implicit
    > Block" in the Help Files.
    >
    > Not sure if they changed that for your Version of NIS but you might want
    > to check on it anyway.
    > Think it was stupid of them not to include that up front.
    > BTW I like my NIS 1.0 and have no intention of changing it.
    >
    > It's a good Rules Base Program where you have an App Based before I believe.
    >
    > Kevin


    Hi Kevin

    Thanks for the feedback.

    NIS 2004 seems to be App based rather than rules based. I have turned
    off "Automatic Program Control" in the Personal Firewall options and
    it hasn't tried to dial out since then, so this may have caught it.

    I have added a "Monitor" rule under the "Advanced" options for
    TCP/UDP. I'm not sure I would know what to do with any information,
    but I might be able to use it to figure out what it is doing.

    I ran a Live Update manually after installing and registering the
    product and downloaded about 10MB of updates, which took over an hour
    on a dial-up modem. It currently wants me to download about 25MB for
    a "Norton Internet Security URL Update", which I'm going to have to be
    really convinced I need to do before I agree to download it. I can't
    believe anyone actually lets the program do this automatically - it
    would tie up my computer permamently running endless updates if I let
    it.

    BTW I downloaded some Windows 98 patches the other day as I thought I
    should bring everything up to date, and the dialling out problems
    started after this. Do you think this might have caused some
    incompatibility with NIS 2004? (Though they were pretty old patches,
    some dating back to 2001).

    Thanks for the info

    Liz D
  3. Archived from groups: comp.security.firewalls (More info?)

    liz_davidson_nz@hotmail.com (Liz D) wrote in
    news:55f01bc2.0408012004.18fbc6ae@posting.google.com:

    > I ran a Live Update manually after installing and registering the
    > product and downloaded about 10MB of updates, which took over an hour
    > on a dial-up modem. It currently wants me to download about 25MB for
    > a "Norton Internet Security URL Update", which I'm going to have to be
    > really convinced I need to do before I agree to download it.

    This is the list of sites to block for parental control. If you're not
    using that feature, you don't need them.

    > I can't
    > believe anyone actually lets the program do this automatically - it
    > would tie up my computer permamently running endless updates if I let
    > it.

    Yes, updating Norton products after installing can be a real pain. I once
    downloaded all the updates at once (some 30MB) only to have the first,
    smallest update crash and having to download it all again. After that, I
    downloaded things in pieces, with reboots between. What a pain!

    --
    Clark G
    * take away the em's to reply
  4. Archived from groups: comp.security.firewalls (More info?)

    Hi,

    Liz D wrote:

    > Hi Kevin
    >
    > Thanks for the feedback.
    >
    > NIS 2004 seems to be App based rather than rules based. I have turned
    > off "Automatic Program Control" in the Personal Firewall options and
    > it hasn't tried to dial out since then, so this may have caught it.

    Good glad you solved that.

    > I have added a "Monitor" rule under the "Advanced" options for
    > TCP/UDP. I'm not sure I would know what to do with any information,
    > but I might be able to use it to figure out what it is doing.

    In my NIS 1.0 I have Categories like NIS Secure Sites ect...
    Some Categories can not be placed below others like NIS System Keeping
    can not be put under NIS Medium Protection that is last.
    And others Like General and Web Browsers do not matter what order but
    can not be placed below any NIS Categories except NIS Secure Sites that
    can be put anywhere above the other NIS Categories.

    After you apply and close the window with the Firewall Rules you will
    see the Rule has moved in the list later when you check it if the
    Category was not set correctly.

    The Monitor Rule should be placed at the end of your Rules List so it
    will hit all the other Rules first.
    When it doesn't have a matching Rule it will hit that Monitor or Log
    Rule and write to the log.
    In the Log you should see that Rule and the next should say "User
    Permit/Block", "Unused port blocking" and "Implicit
    > Block"
    If it doesn't then it dropped through without logging what action was
    taken and is usually a UDP.
    (It does catch UDP but I've seen them drop through too.)
    I believe it is still blocked but doesn't log it for some reason.

    It will also give you a way to update your Trojan List when you go to
    the Symantic Test Site and let them probe for the latest Trojans.
    Look through the Log after and look for those Logged Monitor Rule for a
    list of Ports and if TCP or UDP it probed.
    You can then make your own Rules for those new Trojans.
    If you still subscribe to NIS Updates you won't have to do that :)

    >
    > I ran a Live Update manually after installing and registering the
    > product and downloaded about 10MB of updates, which took over an hour
    > on a dial-up modem. It currently wants me to download about 25MB for
    > a "Norton Internet Security URL Update", which I'm going to have to be
    > really convinced I need to do before I agree to download it. I can't
    > believe anyone actually lets the program do this automatically - it
    > would tie up my computer permamently running endless updates if I let
    > it.

    If you have kids then you may want to download those URL's but if not
    you can turn that feature off or uncheck the URL part of the upgrades
    each time.

    >
    > BTW I downloaded some Windows 98 patches the other day as I thought I
    > should bring everything up to date, and the dialling out problems
    > started after this. Do you think this might have caused some
    > incompatibility with NIS 2004? (Though they were pretty old patches,
    > some dating back to 2001).

    Good job.
    And if you have criticial update use it to alert you of the update but
    use the START BUTTON and then Windows Update to be sure it's not a
    Hacked Popup.

    Also MS NEVER sends Upgrades or Patches by Email and any you see are
    Viruses that include a real looking Website and URL thats has a minor
    misspelling to fool you.
    Always use your Start Button to Update Windows and use the Criticial
    Update as a notice that there is a new update is there for you only.

    >
    > Thanks for the info
    >
    > Liz D

    Any time, hope it helps.

    Kevin
Ask a new question

Read More

Firewalls Internet Security Norton Networking