Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious Norton Internet Security Logs - HELP


  • Please log in to reply
8 replies to this topic

#1 Scott Stoef

Scott Stoef

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 03 March 2011 - 06:18 PM

I'm running Norton Internet Security on two of home computers (laptop and desktop) on a wireless home network (XBox 360 and Blu-Ray share wireless connection). I've been noticing that is is taking longer and longer to log into windows and open any application. So I ran Norton AV and it came back clean except for a few cookies which it deleted. However upon inspection of the recent activity on my machines it appears my competers are infected or someone has hacked into or out of my firewall (hopefully not both). When I called Norton they said to run their Power Eraser, but once again nothing came up. I exported the recent history logs to .txt files if you need me to attach those.

I then decided to run Spybot and it discovered both machines were infected with "WISHBONE". Spybot was able to clean it off both machines and is now coming back clean, but my logs still have suspicious activity. I just downloaded and ran Malwarebytes, but once again it found nothing. I also ran TDSSKiller and it came back with no problems found as well. So what is the next step to find out if I actually have a problem with one of my machines or my firewall security?

Here is the Malwarebytes log file:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5947

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/3/2011 5:58:02 PM
mbam-log-2011-03-03 (17-58-02).txt

Scan type: Full scan (C:\|H:\|)
Objects scanned: 299416
Time elapsed: 38 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Scott Stoef, 03 March 2011 - 06:22 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:17 PM

Posted 03 March 2011 - 09:22 PM

Hello, go into your Control Panel and see if there's a Wishbone Tool bar/ If so temove it.

Now do an online scan please.

Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 04 March 2011 - 04:00 PM

Well I ran the ESET on both machines and they both came back with no errors found. I also tried to uninstall the Wishbone toolbar but there was nothing there on either computer.

Could it be possible what I'm seeing in my history is actually "normal"? It is either that or I have a deeply rooted problem.

So what are the next steps to try?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:17 PM

Posted 06 March 2011 - 07:35 PM

Sorry had too do away a couple days. Look at it in Norton is the wishbone in a System Volume file?
Something like C:\system volume information\ ........
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 07 March 2011 - 10:43 AM

Actually there was no sign of Wishbone in Norton at all. Spybot was the tool that found it for me and it was in 5 places and I think they were all registry files if I remember correctly.

Is there a good way to attach my Norton history files so you can see the areas where I am concerned? Or I just just post them right into a reply if that would work better for you.

Thanks again for all of your help!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:17 PM

Posted 07 March 2011 - 11:08 AM

We can only copy/ paste here in AII,so do that.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 07 March 2011 - 10:46 PM

Here is the information from my Norton history. What you will see is several things for "Teredo Tunneling" and "Atheros AR9285 Wireless Network Adapter and is no longer being protected". When I look at the entire history as a whole it sure seems like something is going on.

Hopefully this will help. Using a D-Link DIR-655 wireless router. Thanks!

Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action
3/1/2011 8:42 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action
3/1/2011 5:07 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action


Category: Firewall - Network and Connections
Date & Time,Risk,Activity,Status,Recommended Action,Category,Gateway IP Address,Gateway Physical Address,Subnet Identifier
3/2/2011 7:56 PM,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:24ed:12f1:e7f2:ff3b).",Detected,No Action Required,Firewall - Network and Connections,,,
3/2/2011 7:56 PM,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::24ed:12f1:e7f2:ff3b%15).",Detected,No Action Required,Firewall - Network and Connections,,,
3/2/2011 7:56 PM,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::4137:9e76:4cb:12f1:9d23:caef).",Detected,No Action Required,Firewall - Network and Connections,,,
3/2/2011 7:56 PM,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::4cb:12f1:9d23:caef%15).",Detected,No Action Required,Firewall - Network and Connections,,,
3/2/2011 7:55 PM,Info,Connected to a protected network. (::0),Protected,No Action Required,,::0,,
3/2/2011 7:55 PM,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:4cb:12f1:9d23:caef).",Detected,No Action Required,Firewall - Network and Connections,,,
3/2/2011 7:55 PM,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::4cb:12f1:9d23:caef%15).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 10:16 PM,Info,"IP address has disappeared from adapter Atheros AR9285 Wireless Network Adapter and is no longer being protected (IP address: 192.168.0.249).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 10:16 PM,Info,"IP address has disappeared from adapter Atheros AR9285 Wireless Network Adapter and is no longer being protected (IP address: fe80::645f:b29a:ba9a:c4a9%11).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 9:23 PM,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::4137:9e76:4cb:12f1:9d23:caef).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 9:23 PM,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::4cb:12f1:9d23:caef%15).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 8:14 PM,Info,"Protecting your connection to a newly detected network on adapter \"Atheros AR9285 Wireless Network Adapter\" (IP address: 192.168.0.249).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 8:14 PM,Info,Connected to a protected network. (::0),Protected,No Action Required,,::0,,
3/1/2011 8:14 PM,Info,Connected to a shared network. (00 24 01 76 03 9D),Shared,No Action Required,,,00 24 01 76 03 9D,
3/1/2011 8:14 PM,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:4cb:12f1:9d23:caef).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 8:14 PM,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::4cb:12f1:9d23:caef%15).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 8:14 PM,Info,"Protecting your connection to a newly detected network on adapter \"Atheros AR9285 Wireless Network Adapter\" (IP address: fe80::645f:b29a:ba9a:c4a9%11).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 8:14 PM,Info,"IP address has disappeared from adapter Atheros AR9285 Wireless Network Adapter and is no longer being protected (IP address: 192.168.0.249).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 8:14 PM,Info,"IP address has disappeared from adapter Atheros AR9285 Wireless Network Adapter and is no longer being protected (IP address: fe80::645f:b29a:ba9a:c4a9%11).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 8:06 PM,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::4137:9e76:4cb:12f1:9d23:caef).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 8:06 PM,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::4cb:12f1:9d23:caef%15).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 6:44 PM,Info,"Protecting your connection to a newly detected network on adapter \"Atheros AR9285 Wireless Network Adapter\" (IP address: 192.168.0.249).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 6:43 PM,Info,Connected to a protected network. (::0),Protected,No Action Required,,::0,,
3/1/2011 6:43 PM,Info,Connected to a shared network. (00 24 01 76 03 9D),Shared,No Action Required,,,00 24 01 76 03 9D,
3/1/2011 6:43 PM,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:4cb:12f1:9d23:caef).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 6:43 PM,Info,"Protecting your connection to a newly detected network on adapter \"Atheros AR9285 Wireless Network Adapter\" (IP address: fe80::645f:b29a:ba9a:c4a9%11).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 6:43 PM,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::4cb:12f1:9d23:caef%15).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 6:43 PM,Info,"IP address has disappeared from adapter Atheros AR9285 Wireless Network Adapter and is no longer being protected (IP address: 192.168.0.249).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 6:43 PM,Info,"IP address has disappeared from adapter Atheros AR9285 Wireless Network Adapter and is no longer being protected (IP address: fe80::645f:b29a:ba9a:c4a9%11).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 6:07 PM,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::4137:9e76:4cb:12f1:9d23:caef).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 6:07 PM,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::4cb:12f1:9d23:caef%15).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 5:42 PM,Info,Connected to a protected network. (::0),Protected,No Action Required,,::0,,
3/1/2011 5:42 PM,Info,"Protecting your connection to a newly detected network on adapter \"Atheros AR9285 Wireless Network Adapter\" (IP address: 192.168.0.249).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 5:42 PM,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:4cb:12f1:9d23:caef).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 5:42 PM,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::4cb:12f1:9d23:caef%15).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 5:42 PM,Info,"Protecting your connection to a newly detected network on adapter \"Atheros AR9285 Wireless Network Adapter\" (IP address: fe80::645f:b29a:ba9a:c4a9%11).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 5:42 PM,Info,"IP address has disappeared from adapter Atheros AR9285 Wireless Network Adapter and is no longer being protected (IP address: 192.168.0.249).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 5:42 PM,Info,"IP address has disappeared from adapter Atheros AR9285 Wireless Network Adapter and is no longer being protected (IP address: fe80::645f:b29a:ba9a:c4a9%11).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 5:39 PM,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::4137:9e76:4cb:12f1:9d23:caef).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 5:39 PM,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::4cb:12f1:9d23:caef%15).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 3:56 PM,Info,Connected to a protected network. (::0),Protected,No Action Required,,::0,,
3/1/2011 3:56 PM,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:4cb:12f1:9d23:caef).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 3:56 PM,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::4cb:12f1:9d23:caef%15).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 6:20 AM,Info,Connected to a protected network. (::0),Protected,No Action Required,,::0,,
3/1/2011 6:20 AM,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:4cb:12f1:9d23:caef).",Detected,No Action Required,Firewall - Network and Connections,,,
3/1/2011 6:20 AM,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::4cb:12f1:9d23:caef%15).",Detected,No Action Required,Firewall - Network and Connections,,,

Category: Firewall - Activities
Date & Time,Risk,Activity,Status,Recommended Action,Category,Program Name,Program Path,Default Action,Action Taken,Local Computer,Traffic Description
3/2/2011 7:55 PM,Info,Firewall configuration updated: 142 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
3/2/2011 7:55 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/2/2011 7:55 PM,Info,Firewall rules were automatically created for Services and Controller app.,Protected,No Action Required,,Services and Controller app,C:\Windows\System32\services.exe,No Action Required,Automatically create rules,"::0, 49157","Inbound TCP, Port 49157"
3/2/2011 7:55 PM,Info,Firewall rules were automatically created for Services and Controller app.,Protected,No Action Required,,Services and Controller app,C:\Windows\System32\services.exe,No Action Required,Automatically create rules,"0.0.0.0, 49157","Inbound TCP, Port 49157"
3/1/2011 10:45 PM,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 9:25 PM,Info,Firewall configuration updated: 142 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 9:25 PM,Info,Firewall configuration updated: 140 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 9:25 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 9:25 PM,Info,Firewall rules were automatically created for Services and Controller app.,Protected,No Action Required,,Services and Controller app,C:\Windows\System32\services.exe,No Action Required,Automatically create rules,"0.0.0.0, 49158","Inbound TCP, Port 49158"
3/1/2011 9:25 PM,Info,Firewall rules were automatically created for Local Security Authority Process.,Protected,No Action Required,,Local Security Authority Process,C:\Windows\System32\lsass.exe,No Action Required,Automatically create rules,"::0, 49155","Inbound TCP, Port 49155"
3/1/2011 9:25 PM,Info,Firewall rules were automatically created for Local Security Authority Process.,Protected,No Action Required,,Local Security Authority Process,C:\Windows\System32\lsass.exe,No Action Required,Automatically create rules,"0.0.0.0, 49155","Inbound TCP, Port 49155"
3/1/2011 9:23 PM,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 9:07 PM,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 9:06 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 9:06 PM,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 9:05 PM,Info,Firewall configuration updated: 138 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 9:05 PM,Info,Firewall rules were automatically created for Consent UI for administrative applications.,Protected,No Action Required,,Consent UI for administrative applications,C:\Windows\System32\consent.exe,No Action Required,Automatically create rules,"192.168.0.249, 55902","Outbound TCP, www-http"
3/1/2011 9:05 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 9:03 PM,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 9:02 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 9:01 PM,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 8:33 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 8:27 PM,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 8:14 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 7:47 PM,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 7:39 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 7:38 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 7:27 PM,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 7:05 PM,Info,Firewall configuration updated: 136 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 7:05 PM,Info,Firewall rules were automatically created for Spooler SubSystem App.,Protected,No Action Required,,Spooler SubSystem App,C:\Windows\System32\spoolsv.exe,No Action Required,Automatically create rules,"192.168.0.249, 52917","Outbound UDP, Port 161"
3/1/2011 7:00 PM,Info,Firewall configuration updated: 136 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 7:00 PM,Info,Firewall rules were automatically created for Spooler SubSystem App.,Protected,No Action Required,,Spooler SubSystem App,C:\Windows\System32\spoolsv.exe,No Action Required,Automatically create rules,"192.168.0.249, 52766","Outbound TCP, Port 515"
3/1/2011 7:00 PM,Info,Firewall configuration updated: 135 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 7:00 PM,Info,Firewall rules were automatically created for Spooler SubSystem App.,Protected,No Action Required,,Spooler SubSystem App,C:\Windows\System32\spoolsv.exe,No Action Required,Automatically create rules,"192.168.0.249, 52645","Inbound UDP, Port 52645"
3/1/2011 7:00 PM,Info,Firewall configuration updated: 134 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 7:00 PM,Info,Firewall rules were automatically created for Spooler SubSystem App.,Protected,No Action Required,,Spooler SubSystem App,C:\Windows\System32\spoolsv.exe,No Action Required,Automatically create rules,"192.168.0.249, 52645","Outbound UDP, Port 3289"
3/1/2011 7:00 PM,Info,Firewall rules were automatically created for Spooler SubSystem App.,Protected,No Action Required,,Spooler SubSystem App,C:\Windows\System32\spoolsv.exe,No Action Required,Automatically create rules,"192.168.0.249, 62138","Outbound UDP, Port 3289"
3/1/2011 6:44 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 6:43 PM,Info,"Rule \"Default Block SSDP\" blocked (192.168.0.1, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 6:43 PM,Info,"Rule \"Default Block SSDP\" blocked (192.168.0.1, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 6:43 PM,Info,"Inbound UDP packet allowed. Local address, service is (192.168.0.249, Port (56125) ).",Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 5:45 PM,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 4:50 PM,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 4:37 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 4:07 PM,Info,Firewall configuration updated: 132 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 3:57 PM,Info,You created firewall rules to manage how FlashUtil10m_ActiveX accesses your network resources.,Custom,No Action Required,,FlashUtil10m_ActiveX,C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe,No Action Required,User configured rules,"192.168.0.249, 49173","Outbound TCP, www-http"
3/1/2011 3:56 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 6:33 AM,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
3/1/2011 6:27 AM,Info,You created firewall rules to manage how Host Process for Windows Tasks accesses your network resources.,Custom,No Action Required,,Host Process for Windows Tasks,C:\Windows\System32\taskhost.exe,No Action Required,User configured rules,"192.168.0.249, 49557","Outbound TCP, www-http"
3/1/2011 6:22 AM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,Category
3/2/2011 7:55 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention
3/2/2011 7:55 PM,Info,Intrusion Prevention Engine version: 4.8.0.20 Definitions Set version: 20110301.001,Detected,No Action Required,Intrusion Prevention
3/2/2011 7:55 PM,Info,Intrusion Prevention is monitoring 1507 signatures. Driver version: 9.5.2.11,Detected,No Action Required,Intrusion Prevention
3/1/2011 8:28 PM,Info,Intrusion Prevention Engine version: 4.8.0.20 Definitions Set version: 20110301.001,Detected,No Action Required,Intrusion Prevention
3/1/2011 8:28 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention
3/1/2011 8:28 PM,Info,Intrusion Prevention is monitoring 1507 signatures. Driver version: 9.5.2.11,Detected,No Action Required,Intrusion Prevention
3/1/2011 3:55 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention
3/1/2011 3:55 PM,Info,Intrusion Prevention Engine version: 4.8.0.20 Definitions Set version: 20110228.002,Detected,No Action Required,Intrusion Prevention
3/1/2011 3:55 PM,Info,Intrusion Prevention is monitoring 1503 signatures. Driver version: 9.5.2.11,Detected,No Action Required,Intrusion Prevention
3/1/2011 6:31 AM,Info,Intrusion Prevention Engine version: 4.8.0.20 Definitions Set version: 20110228.002,Detected,No Action Required,Intrusion Prevention
3/1/2011 6:31 AM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention
3/1/2011 6:31 AM,Info,Intrusion Prevention is monitoring 1503 signatures. Driver version: 9.5.2.11,Detected,No Action Required,Intrusion Prevention
3/1/2011 6:20 AM,Info,Intrusion Prevention is monitoring 1503 signatures. Driver version: 9.5.2.11,Detected,No Action Required,Intrusion Prevention
3/1/2011 6:20 AM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention
3/1/2011 6:20 AM,Info,Intrusion Prevention Engine version: 4.8.0.20 Definitions Set version: 20110225.001,Detected,No Action Required,Intrusion Prevention

Category: Identity
Date & Time,Risk,Activity,Status,Recommended Action
3/1/2011 8:31 PM,Info,Using Antiphishing definitions version 20110302.001,Detected,No Action Required
3/1/2011 8:28 PM,Info,Antiphishing definitions version 20110302.001 downloaded,Detected,No Action Required
3/1/2011 5:53 PM,Info,Using Antiphishing definitions version 20110301.008,Detected,No Action Required
3/1/2011 5:52 PM,Info,Antiphishing definitions version 20110301.008 downloaded,Detected,No Action Required
3/1/2011 4:26 PM,Info,Using Antiphishing definitions version 20110301.007,Detected,No Action Required
3/1/2011 4:06 PM,Info,Antiphishing definitions version 20110301.007 downloaded,Detected,No Action Required
3/1/2011 6:30 AM,Info,Antiphishing definitions version 20110301.003 downloaded,Detected,No Action Required

Category: Norton Product Tamper Protection
Date & Time,Risk,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Target PID,Action,Reaction,Terminal Session
3/1/2011 9:30 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 9:30 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,4364,C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\cltlmh.exe,3288,Access Process Data,Unauthorized access blocked,
3/1/2011 9:29 PM,Medium,Unauthorized access blocked (Access Thread Data),Blocked,No Action Required,"Tuesday, March 01, 2011 9:29 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,516,C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\hsplayer.exe,4764,Access Thread Data,Unauthorized access blocked,
3/1/2011 9:15 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 9:15 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,6536,C:\Program Files (x86)\Norton Security Suite\Engine64\4.3.0.5\buvss.exe,6048,Access Process Data,Unauthorized access blocked,
3/1/2011 8:31 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 8:31 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,1096,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,3304,Access Process Data,Unauthorized access blocked,
3/1/2011 8:26 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 8:26 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,1644,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,296,Access Process Data,Unauthorized access blocked,
3/1/2011 8:21 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 8:21 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,668,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,3868,Access Process Data,Unauthorized access blocked,
3/1/2011 8:14 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 8:14 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,3332,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,6192,Access Process Data,Unauthorized access blocked,
3/1/2011 8:06 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 8:06 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,5896,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,3692,Access Process Data,Unauthorized access blocked,
3/1/2011 8:01 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 8:01 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,7140,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,6960,Access Process Data,Unauthorized access blocked,
3/1/2011 7:56 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 7:56 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,5540,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,6156,Access Process Data,Unauthorized access blocked,
3/1/2011 7:51 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 7:51 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,4796,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,6480,Access Process Data,Unauthorized access blocked,
3/1/2011 7:46 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 7:46 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,5424,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,7064,Access Process Data,Unauthorized access blocked,
3/1/2011 7:41 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 7:41 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,6352,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,6484,Access Process Data,Unauthorized access blocked,
3/1/2011 7:36 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 7:36 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,4340,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,2604,Access Process Data,Unauthorized access blocked,
3/1/2011 7:31 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 7:31 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,3516,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,5348,Access Process Data,Unauthorized access blocked,
3/1/2011 7:26 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 7:26 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,3524,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,6740,Access Process Data,Unauthorized access blocked,
3/1/2011 7:21 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 7:21 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,264,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,3280,Access Process Data,Unauthorized access blocked,
3/1/2011 7:16 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 7:16 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,5780,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,3676,Access Process Data,Unauthorized access blocked,
3/1/2011 7:11 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 7:11 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,5588,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,5784,Access Process Data,Unauthorized access blocked,
3/1/2011 7:06 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 7:06 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,3496,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,6976,Access Process Data,Unauthorized access blocked,
3/1/2011 7:01 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 7:01 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,5040,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,5728,Access Process Data,Unauthorized access blocked,
3/1/2011 6:56 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 6:56 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,4996,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,5904,Access Process Data,Unauthorized access blocked,
3/1/2011 6:51 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 6:51 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,3532,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,3736,Access Process Data,Unauthorized access blocked,
3/1/2011 6:46 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 6:46 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,1112,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,3232,Access Process Data,Unauthorized access blocked,
3/1/2011 6:43 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 6:43 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,6652,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,3020,Access Process Data,Unauthorized access blocked,
3/1/2011 6:06 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 6:06 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,3364,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,3280,Access Process Data,Unauthorized access blocked,
3/1/2011 6:01 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 6:01 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,7020,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,984,Access Process Data,Unauthorized access blocked,
3/1/2011 5:56 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 5:56 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,868,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,5240,Access Process Data,Unauthorized access blocked,
3/1/2011 5:51 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 5:51 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,6560,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,5212,Access Process Data,Unauthorized access blocked,
3/1/2011 5:46 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 5:46 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,6404,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,4868,Access Process Data,Unauthorized access blocked,
3/1/2011 5:42 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 5:42 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,5444,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,6052,Access Process Data,Unauthorized access blocked,
3/1/2011 5:36 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 5:36 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,4364,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,6320,Access Process Data,Unauthorized access blocked,
3/1/2011 5:31 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 5:31 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,2848,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,1308,Access Process Data,Unauthorized access blocked,
3/1/2011 5:26 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 5:26 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,2732,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,6408,Access Process Data,Unauthorized access blocked,
3/1/2011 5:21 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 5:21 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,7152,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,6952,Access Process Data,Unauthorized access blocked,
3/1/2011 5:16 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 5:16 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,3596,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,868,Access Process Data,Unauthorized access blocked,
3/1/2011 5:11 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 5:11 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,3816,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,6972,Access Process Data,Unauthorized access blocked,
3/1/2011 5:06 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 5:06 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,5608,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,5128,Access Process Data,Unauthorized access blocked,
3/1/2011 5:01 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 5:01 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,2312,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,6516,Access Process Data,Unauthorized access blocked,
3/1/2011 4:56 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 4:56 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,5448,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,5672,Access Process Data,Unauthorized access blocked,
3/1/2011 4:51 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 4:51 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,5088,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,584,Access Process Data,Unauthorized access blocked,
3/1/2011 4:46 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 4:46 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,6924,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,5816,Access Process Data,Unauthorized access blocked,
3/1/2011 4:41 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 4:41 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,6768,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,6776,Access Process Data,Unauthorized access blocked,
3/1/2011 4:36 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 4:36 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,3924,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,3804,Access Process Data,Unauthorized access blocked,
3/1/2011 4:35 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 4:35 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,4196,C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\scanners\npd\.CLT2010.exe,1348,Access Process Data,Unauthorized access blocked,1
3/1/2011 4:35 PM,Medium,Unauthorized access blocked (Access Thread Data),Blocked,No Action Required,"Tuesday, March 01, 2011 4:35 PM",C:\WINDOWS\SYSTEM32\SERVICES.EXE,504,C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\hsplayer.exe,3704,Access Thread Data,Unauthorized access blocked,
3/1/2011 4:34 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 4:34 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,2336,C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\scanners\npd\.CLT2010.exe,3720,Access Process Data,Unauthorized access blocked,1
3/1/2011 4:31 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 4:31 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,2240,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,1180,Access Process Data,Unauthorized access blocked,
3/1/2011 4:26 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 4:26 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,1700,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,4980,Access Process Data,Unauthorized access blocked,
3/1/2011 4:21 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 4:21 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,4180,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,4908,Access Process Data,Unauthorized access blocked,
3/1/2011 4:16 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 4:16 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,5016,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,2064,Access Process Data,Unauthorized access blocked,
3/1/2011 4:11 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 4:11 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,2148,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,1212,Access Process Data,Unauthorized access blocked,
3/1/2011 4:06 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 4:06 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,4508,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,4428,Access Process Data,Unauthorized access blocked,
3/1/2011 4:01 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 4:01 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,4244,C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\cltlmh.exe,3808,Access Process Data,Unauthorized access blocked,
3/1/2011 4:01 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 4:01 PM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,4832,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,4044,Access Process Data,Unauthorized access blocked,
3/1/2011 6:30 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 6:30 AM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,636,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,1320,Access Process Data,Unauthorized access blocked,
3/1/2011 6:25 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 6:25 AM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,3504,C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\cltlmh.exe,596,Access Process Data,Unauthorized access blocked,
3/1/2011 6:25 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,"Tuesday, March 01, 2011 6:25 AM",C:\WINDOWS\SYSTEM32\CONHOST.EXE,3472,C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\tampmon.exe,3724,Access Process Data,Unauthorized access blocked,

#8 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 14 March 2011 - 08:30 AM

Well I did some research on the Teredo Tunneling Pseudo-Interface and it looks like it may be legit. To find out for sure I uninstalled the driver, but when I reboot my computer the stupid thing keeps coming back. Any idea what is causing this? I also haven't heard back from BOOPME on the log I attached so hopefully someone can let me know if I have a problem or not because I need to start working on my taxes! :o)

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,392 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:17 PM

Posted 15 March 2011 - 07:56 AM

Not many folks here use Norton Internet Security here at BC. Most of your log is informational, no action required and related to NIS's Firewall. The activities section essentially addresses updates to rules for Services, Configuration, if a user is logged in, etc related to the Firewall. The Category: Intrusion Prevention tells you this feature is enabled, the engine version and that it is monitoring signatures. Category: Identity tells you what Antiphishing definitions version is being downloaded/used. The Category: Norton Product Tamper Protection tells you the firewall is blocking processes. Many NIS users do not understand this feature as evident from this discussion thread.

The Category: Firewall - Network and Connections section is detecting Teredo Tunneling Pseudo-Interface as a new adapter. Teredo tunneling is a method of tunneling Internet Protocol version 6 (IPV6) traffic over an Internet Protocol version 4 (IPV4) network and is able to work from behind network address translation (NAT) devices such as routers. For more detailed information on how this protocol works, please refer to Teredo: Tunneling IPv6 over UDP through Network Address Translations.

If you have specific questions about each area in this log, you should ask at the Norton Community Norton Internet Security. It's their product and they can more adequately address and explain any questions you have if no other NIS user replies to this topic.

Edited by quietman7, 15 March 2011 - 07:58 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users