Norton 360 Being Circumvented

Discussion in 'other firewalls' started by fixmyholes, Jan 1, 2012.

Thread Status:
Not open for further replies.
  1. fixmyholes

    fixmyholes Registered Member

    Joined:
    Jan 1, 2012
    Posts:
    4
    Location:
    us
    ‘Microsoft Windows 7 Control Panel > System and Security > Windows Firewall > Advanced Settings > Inbound Rules’ lists several enabled exceptions which allow traffic from public networks or all networks. This is despite the computer’s firewall “settings being managed by vendor application Norton 360.”

    The ‘program exceptions’ at issue seem unnecessary and were made by crapware silently included with applications I installed. It is unknown whether the ‘system exceptions’ were made also by the crapware or by the system. At least some of the exceptions are not listed in Norton 360 firewall rules.

    Microsoft Baseline Security Analyzer scans report that the exception holes are real and a security risk (esp. true because it is a laptop I travel with).

    Not knowing each change that has been made, how does one efficiently resolve this problem; i.e., reversing only firewall holes made by applications during installation which bypass the security suite and are instead directly in the operating system? Please let me know. I have been unable to get useful info elsewhere on this.
     
  2. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    Welcome to Wilders Security Forums fixmyholes!

    Only one firewall should be monitoring the system. Disable the Windows Firewall.

    Delete all of the Inbound Exception Rules in the Windows Firewall that have been flaged by the Microsoft Baseline
    Security Analyzer and any Inbound Exception Rules that you are uncomfortable with and disable the Windows Firewall.

    Delete all the Inbound Rules in Norton 360 that have been flaged by the Microsoft Baseline Security Analyzer and any
    Inbound Rules that you are uncomfortable with.

    When those Inbound Connections are again requested/attempted Norton 360 should apply appropriate firewall ruling.
    If you disagree with the Norton 360 firewall ruling, modify the firewall rule to your liking.

    Update Windows through Microsoft Update and set Windows Automatic Updates in Control Panel to: Automatic
    This action will download and install any security patches/updates/VULNERABILITIES that are not directly addressed
    through Microsoft Update as Critical Updates.

    EDIT: All public networks should be ruled as 'Untrusted' no file and printer sharing.


    HKEY1952
     
    Last edited: Jan 2, 2012
  3. fixmyholes

    fixmyholes Registered Member

    Joined:
    Jan 1, 2012
    Posts:
    4
    Location:
    us
    Not helpful, here. (1) The state of the Windows Firewall is "being managed by vendor application Norton 360;" e.g., Windows Firewall 'on & off switch' is disabled. (2) MBSA results indicate security holes, but do not provide sufficient detail as to what combination of exception rules should be disabled.

    My question remains unresolved.
     
  4. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    There can be changes made to the settings in the Windows firewall even after Norton is installed, but none of the Windows firewall settings ever come into effect. Norton's firewall is the one doing all the filtering; everything in the Windows firewall rules is completly ignored as long as Norton is installed.
     
  5. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    Norton 360 has it's own firewall. You should disable windows firewall.
     
  6. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    Norton automatically disables the Windows firewall. These changes to the Windows firewall happen anyway.
     
  7. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,127
    Location:
    USA
    If you click into Advanced Settings you can access the inbound/outbound rules lists in the Windows Firewall even though it's disabled/managed by the Norton Firewall.
     
  8. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    Then delete all the firewall rules in Windows Firewall both inbound rules and outbound rules, then,
    Disable the Windows Firewall. then,

    Reset Norton 360 Firewall Rules globally by restoring the default firewall rules in Norton 360.
    This can be accomplished by navigating to:
    Settings\Firewall Protection\General Settings Tab\Reset

    As an final note, deleting any firewall rules is no big issue, those firewall rules will be re-created the very next
    time those events occur. Norton 360 is the simplist and most reliable set it and forget it firewall. Again, if you
    dissagree with any Norton 360 firewall ruling, edit and modify the firewall rule to your liking.

    Also make sure that all public networks are ruled as 'Untrusted' no file and printer sharing.
    Update Microsoft Windows through Microsoft Update and Enable Automatic Updates for Microsoft Windows in Control Panel.

    The resolution to your question/problem has been given to you.


    Modifying or restoring the default firewall rules in Norton 360 by Symantec:
    https://www-secure.symantec.com/nor...25082908EN&product=home&version=1&pvid=f-home


    HKEY1952
     
  9. fixmyholes

    fixmyholes Registered Member

    Joined:
    Jan 1, 2012
    Posts:
    4
    Location:
    us
    I discovered the ‘Microsoft Windows 7 Control Panel > System and Security > Windows Firewall > Allowed Programs’ tab. It was sufficiently informative to enable me to resolve efficiently my immediate concerns.

    Regarding the relationship between the settings listed there and Norton 360, based on manual and automated changes to those settings, on the related ability/inability of certain programs to send or receive traffic, and on other observations, I have reason to doubt certain of the assertions by others in this thread, at least in respect to my copy of Windows 7.

    In addition, based on my observations, I do not believe the Norton 360 Firewall is as robust as it should or could be. Norton related information on the Matousec website seems to me to support this view that Symantec could to do some more work on improving its Norton Firewall component.
     
  10. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    Good thing your observations are wrong then. The Norton firewall completely overrides any rules in the Windows firewall. Simple test: create an allow rule for, say, your browser in Windows firewall. Then create a deny rule for the same executable in Norton. Guess which rule is the one used?
     
  11. fixmyholes

    fixmyholes Registered Member

    Joined:
    Jan 1, 2012
    Posts:
    4
    Location:
    us
    Victek123, thanks.
     
  12. ALiasEX

    ALiasEX Registered Member

    Joined:
    Mar 30, 2010
    Posts:
    240
    Matousec tests are more HIPS related than firewall related.
     
Thread Status:
Not open for further replies.