Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Norton PF 2002 configuring over and over...

Reply
Thread Tools

Norton PF 2002 configuring over and over...

 
 
Chuk Goodin
Guest
Posts: n/a
 
      05-17-2004
Lately whenever I go on the internet, I notice a huge slowdown on my PC.
So we checked the running processes and some other status things, and it
turns out that our Norton Personal Firewall 2002 is getting a "Firewall
configuration updated" message 2-4 times per second! It used to only do
that once a day. Our Win98 machine is doing it too (the main PC is XP Pro
and we're sharing a DSL connection).

LiveUpdate still works, we don't have any viruses (the Symantec automatic
support said that we had MyDoom, but the removal tool didn't find it), and
things like ICQ and PuTTy still seem to work fine. If we don't have an IE
window open, everything is slow.

Has anyone heard of this before? Is it just Norton's way of forcing an
upgrade? Our subscription is still valid.

--
chuk
 
Reply With Quote
 
 
 
 
mike@mechanic.com
Guest
Posts: n/a
 
      05-17-2004
On Mon, 17 May 2004 17:29:24 +0000 (UTC), http://www.velocityreviews.com/forums/(E-Mail Removed) (Chuk Goodin)
brought the following to our attention:

>Lately whenever I go on the internet, I notice a huge slowdown on my PC.
>So we checked the running processes and some other status things, and it
>turns out that our Norton Personal Firewall 2002 is getting a "Firewall
>configuration updated" message 2-4 times per second! It used to only do
>that once a day. Our Win98 machine is doing it too (the main PC is XP Pro
>and we're sharing a DSL connection).

As of WED 05-12 LiveUpdates.. NPF and it's associated routines have
been VERY troublesome. One of the things that happened.. was the Win2k
Wkstn slowed noticeably. Checking in Task Manager.. a Norton routine
(perhaps redirector) was hogging one of the CPU's (50% on a dual-Xeon)

Soon another update came out.. like the same day or the NEXT day for
redirector. Ther are STILL issues when browsing like.. IE gets stuck
in a localhost (127. ) loop and cannot be recovered short of a reboot.

Often the NFW will repeatedly ask for permissions which no reply will
satisfy. Then Win2k will bluescreen. Very annoying!!

>
>LiveUpdate still works, we don't have any viruses (the Symantec automatic
>support said that we had MyDoom, but the removal tool didn't find it), and
>things like ICQ and PuTTy still seem to work fine. If we don't have an IE
>window open, everything is slow.
>
>Has anyone heard of this before? Is it just Norton's way of forcing an
>upgrade? Our subscription is still valid.


I wondered that as well.. so I uninstalled NPF and reinstalled from
the CD.. then did about three simultaneous LiveUpdates. It has
malfunctioned JUST ONCE since then.. and not in the last 1-2 days.

One More ALICE.. and I'm yankin' it and going with ZA or SyGate!!


-Mike

 
Reply With Quote
 
 
 
 
Joseph V. Morris
Guest
Posts: n/a
 
      05-17-2004
Chuck,

It's all over the place. You can find it being discussed at Computer Cops,
at Wilders Security Forums and at the DSLR/BBR Security Forum. Seems like
the LiveUpdate of 12 May (or maybe one thereafter) blew the socks off
NIS/NPF 2002 (but people using NIS/NPF 2003 or 2004 appear to be okay).

If you're bored, you can always try reading through the thread at
http://www.dslreports.com/forum/rema...8995~mode=flat (start about six
posts in). <g>

Firewall rules appear to be okay as do the basic configuration settings.
Looks like one of the downloaded components is causing NIS/NPF 2002 to
'burp'. There's a bit of suspicion that they inadvertently stuffed a
NIS/NPF 2003/2004 update into the update for NIS/NPF 2002. No word (yet) on
a fix for the fix.

Could be something they did to get a response out the door in short time in
response to the eEYE vulnerabilities which also impact NIS/NPF 2002.
(There's exploit code out for this now, so it sort of leaves people between
a rock and a hard place.)

I presume what you're seeing looks similar to the following?

Firewall Event Log
17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
17/05/2004 03:14:30 Owner Firewall configuration updated: 64 rules
17/05/2004 03:14:28 Not Logged In Firewall configuration updated: 64 rules
17/05/2004 03:14:26 Not Logged In NDIS filtering is enabled

(That's for an XP box with NIS User Accounts enabled.)


 
Reply With Quote
 
Chuk Goodin
Guest
Posts: n/a
 
      05-17-2004
On Mon, 17 May 2004 15:16, "Joseph V. Morris" <(E-Mail Removed)> wrote:
>If you're bored, you can always try reading through the thread at
>http://www.dslreports.com/forum/rema...8995~mode=flat (start about six
>posts in). <g>


Thanks, I'll look at that.

>I presume what you're seeing looks similar to the following?

[snip example]

Yep, that's it exactly. It's hogging cycles and RAM like crazy, too.

Thanks a lot for the quick responses -- Google and Symantec's "support"
(such as it is for 1.5 year old programs) were getting me nowhere.



--
chuk
 
Reply With Quote
 
mike@mechanic.com
Guest
Posts: n/a
 
      05-17-2004
On Mon, 17 May 2004 15:16:37 -0400, "Joseph V. Morris"
<(E-Mail Removed)> brought the following to our attention:

>Chuck,
>
>It's all over the place. You can find it being discussed at Computer Cops,
>at Wilders Security Forums and at the DSLR/BBR Security Forum. Seems like
>the LiveUpdate of 12 May (or maybe one thereafter) blew the socks off
>NIS/NPF 2002 (but people using NIS/NPF 2003 or 2004 appear to be okay).
>
>If you're bored, you can always try reading through the thread at
>http://www.dslreports.com/forum/rema...8995~mode=flat


YES.. that's exactly what it's doing.. hogging CPU.. repeatedly asks
for the same PERMISSION over-and-over.. not satisfied with ANY reply
to a `permission'.. getting stuck in a localhost type loop.. requires
a reboot to remedy.. and also bluescreens frequently!! Pretty
serious situation. I uninstalled using the INSTALL CD menu.. then
reinstalled and did about three LU's. Has since been behaving..
somewhat that is!!

-Mike

>(start about six posts in). <g>
>
>Firewall rules appear to be okay as do the basic configuration settings.
>Looks like one of the downloaded components is causing NIS/NPF 2002 to
>'burp'. There's a bit of suspicion that they inadvertently stuffed a
>NIS/NPF 2003/2004 update into the update for NIS/NPF 2002. No word (yet) on
>a fix for the fix.
>
>Could be something they did to get a response out the door in short time in
>response to the eEYE vulnerabilities which also impact NIS/NPF 2002.
>(There's exploit code out for this now, so it sort of leaves people between
>a rock and a hard place.)
>
>I presume what you're seeing looks similar to the following?
>
>Firewall Event Log
>17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
>17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
>17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
>17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
>17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
>17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
>17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
>17/05/2004 03:14:30 Owner Firewall configuration updated: 64 rules
>17/05/2004 03:14:28 Not Logged In Firewall configuration updated: 64 rules
>17/05/2004 03:14:26 Not Logged In NDIS filtering is enabled
>
>(That's for an XP box with NIS User Accounts enabled.)
>


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VOIP over VPN over TCP over WAP over 3G Theo Markettos UK VOIP 2 02-14-2008 03:27 PM
Diagnostic programs 2004 - 2002, SolarWinds 2002 Broadband Engineer's Edition, SolarWinds Orion Network Performance Monitor, other ! te2 Computer Support 1 09-02-2004 07:29 PM
ICQ and Norton Personal Firewall 2002 bjones Computer Support 2 12-13-2003 07:28 PM
Norton Anti-Virus 2002. How Can i have emails scanned on entry to my inbox Look in my eyes and you'll find me Computer Support 4 08-31-2003 10:58 PM



Advertisments