HELP! NIS Alerts are driving me INSANE!!!

Does anyone know how or if you can turn off the danged alerts in Norton Internet Security??? I keep getting Program Control Alerts with remote systems trying to access my computer... and I can't find a way to set a flat block and turn off the alerts. I found the intrustion alert panel and have turned them off, but it hasn't done anything about the program control alerts. I swear I get 4-5 a MINUTE! I can't accomplish anything.... HELP!!!!

I must've been nuts to install this thing!

Shannon

 

http://service1.symantec.com/SUPPOR...88256cf40073b1cc?OpenDocument&src=bar_sch_nam

 

That only tells me how to remove the program...

However I am not trying to uninstall NIS, I just want to shut down the alerts that keep popping up all the time. Anyone have a better suggestion?

Thanks,
Shannon

 

Guess I'm Someone help me out here.
Does the Symantec Intruder Alert (ITA) do more then alerts?

 

Not a Norton user, but maybe this page will have something useful. (maybe add rules to stop the alerts???)
http://service1.symantec.com/SUPPOR...ws 98/Me/2000/XP&src=sg&pcode=nis&svy=&csm=no

 

shenanigins
Are you getting anything like this?
http://service1.symantec.com/SUPPOR...ws 2000/Me/98/XP&src=sg&pcode=nis&svy=&csm=no
Step #4 maybe what you're looking for.

Dave

I'm not either but like yourself willing to try to find fix

 

When you double click the little green globe in the "Notification Area ", on the left you will see "alerting level ". When you click there, you have the option to move the slider up and down. This does not change the level of protection, just how many pop up alerts you will receive.

If you are using XP, turn on the ICF on your OS partition. It reduces the amount of work Norton has to do, significantly.

Johanna
A Norton User since 2001

 

Hi Johanna, I was under the impression that NIS wouldn't tolorate ICF - I think I got that from you. Have you since found out that is system
specific?

For the original Poster, ICF is easily turned off if NIS doesn't play well w/ ICF in any case.

Regards - Charles

 

CharlesVar,
I have to toggle it on and off quite a bit. I can't do file transfers through ICQ, for example, with the ICF on. For ordinary surfing, email, NIS and ICF will play nicely. When you get into remote desktops, shared files, file transfers, and some online AV scans, ICF needs to be shut down.

Johanna

 

Thanks Johanna, good to know. As you can tell, not an NIS user.

Regards - Charles

 

Norton will incessantly prompt with "A remote computer is attempting to access your computer" if you set the alerting level to "high" without your ICF on. Then it rates the risk and wants you to create a rule. A program trying to access the net will spur a different dialog box, with the name of the program and the risk level, and once you set these rules, they are silently used everafter.

Svchost.exe wants to access the net everytime I boot the comp, and almost everytime I open WE. I have allowed it, and refused it, and see no performance differences either way. My personal opinion is that it is set to call home to gather statistics and maybe so that MS has a way to pull the plug on millions of comps if they so desire???? Not that I'm paranoid, or anything...

Johanna

 

Johanna - does it at least tell you the PID of the svchost.exe session that wants to call out?

I just did a tasklist /svc on my system and got the following (I removed all the others from the list to reduce clutter) and I can certainly see a few things running in the 688 PID that might have a legit reason.

Code:

Image Name                   PID Services                                     
========================= ====== =============================================
svchost.exe                  600 DcomLaunch, TermService                      
svchost.exe                  652 RpcSs                                        
svchost.exe                  688 AudioSrv, Browser, CryptSvc, Dhcp, dmserver, 
                                 ERSvc, EventSystem, helpsvc, lanmanserver,   
                                 lanmanworkstation, Netman, Nla, RasMan,      
                                 Schedule, seclogon, SENS, SharedAccess,      
                                 ShellHWDetection, TapiSrv, Themes, TrkWks,   
                                 W32Time, winmgmt, wscsvc, wuauserv, WZCSVC   
svchost.exe                  732 Dnscache                                     
svchost.exe                  784 LmHosts, RemoteRegistry, SSDPSRV, WebClient  
svchost.exe                 1464 stisvc

 

Newt, My tasklist is very similar, but I have Norton blocking that MS Generic Host for Win32 services.

You know more about this than me- how does XP work w/o it?

Johanna

 

For any who have sorta lost the bubble here,
MS Generic Host for Win32 services = svchost.exe and you can get a little more detail from Here.

Johanna - the short answer to your question is that if things work OK for you with all the stuff blocked, you can safely leave it that way.

The longer answer is that for many situations, if you block all the MS Generic Host for Win32 services you cripple the PC so if you are dealing with other systems, be very cautious.

For a home setup (stand-alone or small LAN) and for most peer/workgroup networks, you can stop any of those from talking to the outside world. On a domain or if any one needs to do some of the specialized tasks (DHCP, SSDP, browser and others), a blanket block will make them unable to work.

A specific example would be W32Time:

On a Win2K/2003 Active Directory domain all the members need to have exactly the same system time (to within a second or less) or else bad things happen. For them, W32Time and synching from a single machine is essential. For a classic NT4 domain, it is nice to keep the times fairly close. For a SOHO peer/workgroup LAN, all the machines mostly need to agree what day it is. For a stand-alone PC, it usually doesn't matter if they know the correct year.

The above being said, I do not block any of the svchost items from full, unrestricted access to wherever they want to talk and it has not seemed to cause me any problems. Older Linksys router with NAT but no hardware firewall and ICS as my only internal firewall.

 

Norton Rant at the End...

Newt,
Thank you for the explanation. I have always been curious about svchost and WHY it wants to phone home constantly. (The tattletale Norton globe might tell too much, maybe?) This is a single user, single system- not part of any network. Like I said earlier, I have created Norton rules to permit svchost, and to block it, and see no difference either way. NIS will allow it by default, with the auto program feature, because it is a trusted connection. I always give svchost default permission on other computers. I synch time with the World Timeserver, because, you know, as a mom, I have to be on an EXACT schedule! LOL

Since I don't need the features that svchost provides, I see no reason for it to connect. Each connection is another "vulnerablity ". For fun, I just scanned for internet enabled applications on this computer with Norton. I came up with 277. There are 25 rules to permit internet access, and 9 of those are Symantec. OE, IE & Symantec (Oh, and doggone Weatherbug!) are the only things set to "automatic" except for a few frequently used, trusted programs set to "permit all ". I noticed a couple in there marked block, so they must have tried to connect, at some point, and been refused. Why should Word call home because I want to type a letter? Why should Adobe Acrobat & Photoshop have to "check for an update" when I open the program? No. I take enough risks surfing and reading my mail. I don't need all these apps using my bandwidth and reporting or changing who knows what! I do not want to open the newspaper in the morning and see "The reason your computer will not boot today is because an exploit was found in (fill in the blank) and with a cable connection, I'm always online.
********************************************************
There are a lot of Norton detractors on the BBS. Some of the points they make are valid. Norton is bloated. Norton infiltrates every part of your computer, and you are at its mercy if it goes south. Their customer service consists of "Uninstall-reinstall-run Live Update ", and little else. Norton is darn near impossible to uninstall without a reformat, and leaves the registry a mess.

Norton is bloated (with today's hardware, who cares?), it does go everywhere (it has to, to do its job) and you have to place your faith in Symantec to use Norton. If you don't let it default, you are asking for trouble! Norton has never let me down security wise. Perhaps I've been lucky? I've never used Symantec support because any problems have been resolved using their website information. After an initial install, directly after XP, on my own computer, I have not had to uninstall or reinstall Norton. I have had to on other computers, and I agree, it is tricky, but it can be done.

Norton is easy to configure, and can handle custom designations and rules, Norton is prompt with updates and responses to security threats, and it logs all events efficiently, for troubleshooting. Norton Utilities has become redundant, with XP now established as the primary Windows OS. But NIS is reliable protection, and easy to support when the phone rings, which it seldom does when one of "my" comps is using it after I installed it. For the average user, it does its job quietly in the background, and doesn't interfere with legitimate traffic. The support phone calls I get from my mom are not ever about Norton, because I configured it and set a password that she doesn't even know, so she can't change any of the settings. So, because it's my mother I am talking about, I hate to say Norton is "computer idiot proof ", but you can draw your own conclusions.

JMO, YMMV, of course!

 

I think Johanna hit Shannon's problem (and mine) on the head right here... BUT no one finished the thought or provided info for a fix.

On my W2K box, I constantly receive "A remote computer is attempting to access your computer" alerts. The alerts are from all ranges of IPs and inbound to all sorts of port numbers. My goal is to block all outside-my-home-network connections and invoke "no-show" on the alerts.

Do you know of a way to handle this in Norton (NIS 2004)?

 

Post 7

I said how to turn the alerts off in Post #7. That works in NIS 02 & 03. I don't have an 04 here, but I'm pretty sure it's the same, or close to it. Look in the index for alert level or alert notification. Or, simply turn the security setting up to high or med high. I also mentioned that using the ICF cuts down on the alerts, because the attempts never make it to Norton in the first place.

I agree, the alerts can be annoying, especially when your cursor is set to "snap to ". Grrr... but as long as your event logs are enabled, you don't need to be told of every possible threat that Norton is going to block by default anyway.

HTH
Johanna

 

Johanna,
THANKS for the reply... but post #7 applies to NIS '02 & '03 - not NIS2004 (or at least not that I can find). Also, ICF is not available in Win2K, which is what I use on my Internet box.