PG 3 Beta Kill Norton Internet Security 2004

Discussion in 'ProcessGuard' started by siliconman01, Sep 20, 2004.

Thread Status:
Not open for further replies.
  1. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Beta 3 does not permit Norton Internet Security 2004 to load and run. NAV 2004 loads okay; however, NIS 2004 (the firewall component) will not load and shows that Internet Security is OFF. I have checked all the various modules of NIS 2004/NAV 2004 as I had them in PG V2.0.

    PG V2 worked fine with NIS 2004. The only way I can get NIS 2004 to load is to disable Protection in PG 3.0 Beta.

    I fiddled with it all day and cannot make this Beta work properly with NIS 2004. So I am going back to PG V2. :oops:
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi siliconman01, PG3 handles Global Hooks in a different way to V2, it may be worth your while removing the General Block Global Hooks and seeing if Norton runs OK then.
    I am not a Norton user though. Hopefully other Norton users may have some other ideas.

    Pilli
     
  3. MEGAFREAK

    MEGAFREAK Registered Member

    Joined:
    Jul 8, 2003
    Posts:
    51
    outch, seems like in the real world, if you are totally safe you have no more fun :D and the contact to the outside world is very reduced
     
  4. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    I removed all the General Protection Options in PG 3 Beta and just left Protection Enable. NIS 2004 still would not load. Like I said NAV 2004 loads and "seems" to run properly; its the firewall part of NIS 2004 that will not load.

    I switched back to V2 and all is working properly with all protection options enabled. :(

    Hopefully Jason can find what is causing this conflict with Norton.
     
  5. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Is there any window alerts at all siliconman, or does it simply stop working? Can you confirm whether or not it is just the EXE componet of the firewall which doesn't load, rather than the driver/service also?
     
  6. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    The firewall component of NIS 2004 simply fails to start up. The icon (green/blue globe) does not appear in the systray. If I manually start the NIS GUI for the firewall, the SECURITY component in NIS says that it is OFF which means that firewall is not active or running.

    When rebooting, there are no alerts or anything that NIS has not started up. The icon just does not appear in the systray. PG 3 logging does not report any abnormal blocking of any element in NIS.

    The antivirus component icon does show up in the systray and shows that NAV is active. However, on system shutdown, CCAPP reports an error as the system is shutting. The error window flashes by so quickly I cannot read the error. So I'm not really sure that NAV is working either.

    I am back on PG V2 so that NIS 2004/NAV 2004 will function normally.

    BTW, I am running Windows XP-SP2 Home Edition, 1.5 gbyte DRAM, Pentium IV, 2.6 ghertz. Dell Dimension 8200.
     
  7. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Hi :) . Hey, Siliconman01, maybe this remark is stupid, I don't know :doubt: , but are you sure that you added the "Symantec Shared" exe files in your protection list too ?? o_O There are some files from the NIS firewall, in that ( ccproxy.exe, etc... ) .
    I hope your issue will be solved ;) , I wanted to give a try with this beta, but your thread prevented me !! :eek: , I'm running NIS 2004 too.

    Cheers ;)
     
  8. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Yes, I did included the Shared executables. All of them and gave them full access options.
     
  9. ReGen

    ReGen Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    61
    Location:
    Scotland UK
    I also had the same problem with NIS refusing to correctly start-up, having just installed PG3.
    This happened over 3 or 4 reboots with ‘learning mode’ switched on.

    I then removed ‘Termination’ and ‘Modification’ protection from all NIS related items in the protection list, and rebooted. NIS started up OK. I then started adding ‘Termination’ and ‘Modification’ back to several NIS files at a time and rebooting. NIS always started OK. I’m now back to full protection, learning mode disabled and NIS always runs up correctly.

    Weird!!! o_O
     
  10. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Yes, Indeed, strange anomaly.

    I've revved up to NIS 2005 as of 22-Sep-04 and am debating whether to try PG 3 Beta again or wait until the next Beta release. Sure liked what I saw with PG 3 overall. :D

    I'm just a bit tired of new software crashing things and not WADin' right at the moment. :doubt: I've been on the phone with my brother working him through a complete rebuild of his Dell after AdAware SE Plus Build 1.04 completely demolished his system on installation. Could not even work in SAFE Mode....wiped out executable paths and did other damage to the registry...could not get to system restore :p After about 48 hours of long distance phone calls/charges we have finally got him totally back to normal operation. Did take the opportunity to rev him up from ME to XP-SP2 which was something we had been discussing for a few months. And of course AdAware Build 1.05 went in too and is still a bit buggy. :rolleyes:

    But anyhow. Do want to see PG 3 get up and running reliably because I feel it is the POWER HOUSE of security innovation and definitely liked what I saw as compared to PG 2 :) So I'll probably jump on the next PG 3 Beta release...assuming there will be another.
     
  11. ReGen

    ReGen Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    61
    Location:
    Scotland UK
    I agree!

    After booting up first thing this morning NIS was once again disabled. But one reboot later it was working fine and the reboot after that. I had a similar problem with PG2 in that NIS failed to boot about 5% of the time usually after working in a different account to the norm, then rebooting back into my main account.

    But running PG is worth the odd pain every now and again!

    But apart from the NIS problem and the other well reported bugs, PG3 is running very smoothly and was extremely easy to setup when compared with PG2. I also had no problems logging out / into my various accounts. Looking Good!!!
     
  12. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,300
    Location:
    South Wales, UK
    Hi there :rolleyes:

    Is there definitive prescription for getting the Firewall component of NIS2004 working with PG v3? I have tried the workaround described by ReGen but it didn't work for me..............or atleast I think that I followed the advice but cannot be sure I reset the Termination & Modification options for the right elements of the Firewall.

    Until this is fixed by those excellent people at DCS (assuming that it can be and it is not just NIS being 'difficult') if anyone has the list of components that need to be so treated I would be grateful if they would post them in this thread?

    As previously said, apart from this 'issue' all else looks good with the Beta at present.

    Thanks in advance.



    Baldrick :D
     
  13. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Baldrick,
    DCS will do all they can to ensure compatibility to Windows but it begs the question, will Norton? :)
     
  14. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    I certainly hope this does not turn into a p*ssin' match between Symantec and DCS. Unfortunately on my box, Norton will stay because it is my tried and true firewall and antivirus program. :rolleyes:

    If PG2 was taught to play well with NIS, the PG3 should be trainable too. :eek:
     
  15. dog

    dog Guest

    Hi All, ;)

    I've been experiencing the same problem with PG 3 and NPF 2004 ... I only noticed this thread this morning. I have tried the same solutions as mentioned above ... but a last if PG protection is enabled, with no options enabled and in learning mode, NPF still fails to load. The only other tidbit of info I'll add ... is curiously enough ... if you try to edit/config the firewall after a failed load ... you get the system message that you do not have enough system rights to access the settings (although on an admin. acct.). There are No error msgs, and nothing in the PG log, and with the failed load of the firewall, and with the inability to manual start it (re:system rights) there is no active logging ... the only oddity I can see from the system log, is that NPF indicates on a failed boot up is ... "No User Logged In". I've checked this several times to confirm this is only recorded on the failed start up. I hope this info is of some help Jason.

    TIA, ;)

    dog - *puppy*
     
  16. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Yes it is odd but, I guess, reasonable as multi user services must start just prior to login to work on all accounts.

    I am sure that Jason is looking into these things and I know from running the latest private beta that many issues have already been resolved. :)
     
  17. ReGen

    ReGen Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    61
    Location:
    Scotland UK
    *** Image now removed ***

    The above shows the settings I'm currently using for NIS. All the items listed were added in learning mode - I've currently not added anything else manually. Both NAV and NPF still run up OK since I had the initial problem. I haven't played around with the settings much since, just in case NPF stops working again! The setting are probably well OTT but with all of the NIS problems reported above, I'm just happy it's working at all!
     
    Last edited: Sep 29, 2004
  18. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Thanks for that ReGen, I will be surprised if any of those listed processes require Terminate privileges. I guess it will take a while to fine tune the flags for Norton :)
     
  19. ReGen

    ReGen Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    61
    Location:
    Scotland UK
    I'm sure you're right Pilli. But unfortunately like everyone else above, having set PG3 up as per PG2 with finely tuned allows - NPF would not start. So when it sprung back to life for no apparent reason having played around a bit - I decided to leave exactly 'as is'. :)

    I'll experiment again with the next update. ;)
     
  20. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,300
    Location:
    South Wales, UK
    Hi ReGen :D

    Many thanks for sharing the information on what works for you re. PG3 & NIS2004. I will certainly try it and see whether it works on my PC.

    I for one certainly agree with siliconman01 re. hoping that this isn't the start of a "p*ssin' match between Symantec and DCS". That would be a shame as NIS is a tried and trusted friend (despite what others may say) and PG2 has grown to be the same. They have both worked faultlessly, together, to provide protection. I just hope that this will eventually be the same with NIS and PG3 (it is strange that there is this problem, although it is probably due to the attempt to process inject, that I understand is now used by PG3, conflicting with NIS's tamper proof protection functionality. This functionality is the current cause of minor problems with the new SP2 WIndows Security Centre Reporting function).

    Well, I am off to try out the settings.

    Best regards



    Baldrick :rolleyes:
     
  21. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Baldrick wrote:
    Process Guard only uses a .dll injection when "Securely Handle Windows Closure" is enabled for a process.

    I do not want to start a slanging match with Norton either but if there are anomalies with Norton and SP2 then they need to be addressed by Norton.

    DCS is addressing any issues with PG and SP2 that was my point. :)

    Pilli
     
  22. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,300
    Location:
    South Wales, UK
    Hi Pilli :rolleyes:

    Thanks for the clarification on the process injection. I suppose that my confusion is due to the lack of help text explaining the way that PG3 works (only to be expected given it is at the public beta stage).

    In terms of NIS & SP2 I understand from the Symantec website that they plan to issue a patch shortly, via LiveUpdate, to deal with the 'issue' relating to the fact that the new Windows Security Center cannot identify the status of the relvant NIS components, ie, FW & AV statuses.

    In terms of my other comment about my hope that what appears to be an issue with the set-up of NIS under PG3 will be quickly resolved, I just find it strange that NIS was on my PC before I installed PG2 and when I installed PG2 the 'failure to load' never occurred, not even once, whereas it occurred immediately when PG3 was installed. The only change in the overall equation is the version of PG. Now, it may be that ReGen's settings, that where kindly shared in this thread, are the solution. And if that is the case then so be it but as was pointed out elsewhere they seem a bit 'extreme', and I cannot help but return to the very different behaviour exhibted by NIS when confronted by the two versions of PG. Something must not be right somewhere.

    I appreciate that those excellent people at DCS are doing their utmost to give us an even better product than PG2 (which is damn good) and that that it will take time. So I am sure that all concerned out here in user land will be patient, await the next public beta or even release candidate (if there is to be one) and trust that DCS can ultimately resolve this issue.........as they always have seemed to be able to do.

    Best regards




    Baldrick :D
     
  23. SvS

    SvS Security Expert

    Joined:
    Aug 28, 2004
    Posts:
    57
    Baldrick,

    The patch you're talking about was released via LiveUpdate 1 1/2 month ago, you have to run LiveUpdate twice to get the relevant product updates and something called "Norton WMI Master Patch". After this the symwsc.exe (as in ReGen's screenshot will appear).
     
  24. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,300
    Location:
    South Wales, UK
    Hi SvS :rolleyes:

    Thanks for the information, and I believe that you are correct. However, the infomation on Symantec's website is somewhat confusing in that they state, in response to the following question:

    "Why does the Windows Security Center say that the status of my Norton security product is "unknown"?"

    that

    "Your Norton security products contain tamper protection features that prevent malicious code from determining their status. This tamper protection also prevents the Windows Security Center from determining the status of your Norton security products.

    Symantec plans to deliver a correction that will allow the Windows Security Center to correctly identify the status of your Symantec 2004 security products and give you the option of configuring how Norton security products and the Windows Security Center alerts you.

    The update is projected to be available by LiveUpdate in late September/early October."

    Original document can be found here:

    http://service1.symantec.com/SUPPOR...ws 98/Me/2000/XP&src=sg&pcode=nis&svy=&csm=no

    Well, it appears that they have managed to release something earlier than published, but not all users appear to have been able to get hold of it as I have a friend whose copy of NPF & NAV still do not register in the WSC, despite running LiveUpdate numerous times.

    Best regards



    Baldrick :D
     
  25. ReGen

    ReGen Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    61
    Location:
    Scotland UK
    OK! I decided to adjust settings again. So I’ve now removed the following:

    Terminate protected applications
    Modify protected applications
    Install Drivers/services

    For all my NIS files.
    Rebooted. NIS failed to load. Rebooted again, and NIS is running OK.

    So that doesn’t really help anyone. Maybe the fact NPF will run on my computer, has got something to do with the update I received for NIS integration with SP2’s security centre, which for some reason – even though I received it VIA Liveupdate over a month ago, has yet to be released. Strange! :p But if siliconman01 had received the same update, yet still had problems though, it would still leave everyone in the dark. :doubt:

    Hopefully other NIS users will jump in and report problems / successes running it with PG3. :ninja:
     
Thread Status:
Not open for further replies.