Newbie queries Norton Internet Security 2004 automatic connection

Hi Kevin

Thanks for the feedback.

NIS 2004 seems to be App based rather than rules based. I have turned off "Automatic Program Control" in the Personal Firewall options and it hasn't tried to dial out since then, so this may have caught it.

I have added a "Monitor" rule under the "Advanced" options for TCP/UDP. I'm not sure I would know what to do with any information, but I might be able to use it to figure out what it is doing.

I ran a Live Update manually after installing and registering the product and downloaded about 10MB of updates, which took over an hour on a dial-up modem. It currently wants me to download about 25MB for a "Norton Internet Security URL Update", which I'm going to have to be really convinced I need to do before I agree to download it. I can't believe anyone actually lets the program do this automatically - it would tie up my computer permamently running endless updates if I let it.

BTW I downloaded some Windows 98 patches the other day as I thought I should bring everything up to date, and the dialling out problems started after this. Do you think this might have caused some incompatibility with NIS 2004? (Though they were pretty old patches, some dating back to 2001).

Thanks for the info

Liz D

Hi Liz,

It may be when you first install it you want to do a Update for NIS and NAV. But most likely it is your Registration and it does the Live Update anyway as part of the registration process. You should have a checkbox to stop it from registering.

Also I'm not that up on NIS 2004 as I have NIS 1.0 but you should put a Block All TCP/UDP Rule either direction at the end of your Rules List when you are not using Rules Assistant. And when you are using RA you should set that Rule to Ignore but still to Log.

Sometimes UDP's drop through the Rules List and the Log doesn't always show if they were Blocked or Allowed. NIS is AtGuard and that was a Must Rule but NIS tells you the same thing in the Help Files but in so many words and you really got to dig to find it.

Look under "Rules Assistant", "Unused port blocking" and "Implicit Block" in the Help Files.

Not sure if they changed that for your Version of NIS but you might want to check on it anyway. Think it was stupid of them not to include that up front. BTW I like my NIS 1.0 and have no intention of changing it.

It's a good Rules Base Program where you have an App Based before I believe.

Kevin

liz_davidson snipped-for-privacy@hotmail.com (Liz D) wrote in news: snipped-for-privacy@posting.google.com:

This is the list of sites to block for parental control. If you're not using that feature, you don't need them.

Yes, updating Norton products after installing can be a real pain. I once downloaded all the updates at once (some 30MB) only to have the first, smallest update crash and having to download it all again. After that, I downloaded things in pieces, with reboots between. What a pain!

Good glad you solved that.

In my NIS 1.0 I have Categories like NIS Secure Sites ect... Some Categories can not be placed below others like NIS System Keeping can not be put under NIS Medium Protection that is last. And others Like General and Web Browsers do not matter what order but can not be placed below any NIS Categories except NIS Secure Sites that can be put anywhere above the other NIS Categories.

After you apply and close the window with the Firewall Rules you will see the Rule has moved in the list later when you check it if the Category was not set correctly.

The Monitor Rule should be placed at the end of your Rules List so it will hit all the other Rules first. When it doesn't have a matching Rule it will hit that Monitor or Log Rule and write to the log. In the Log you should see that Rule and the next should say "User Permit/Block", "Unused port blocking" and "Implicit > Block" If it doesn't then it dropped through without logging what action was taken and is usually a UDP. (It does catch UDP but I've seen them drop through too.) I believe it is still blocked but doesn't log it for some reason.

It will also give you a way to update your Trojan List when you go to the Symantic Test Site and let them probe for the latest Trojans. Look through the Log after and look for those Logged Monitor Rule for a list of Ports and if TCP or UDP it probed. You can then make your own Rules for those new Trojans. If you still subscribe to NIS Updates you won't have to do that :)

If you have kids then you may want to download those URL's but if not you can turn that feature off or uncheck the URL part of the upgrades each time.

Good job. And if you have criticial update use it to alert you of the update but use the START BUTTON and then Windows Update to be sure it's not a Hacked Popup.

Also MS NEVER sends Upgrades or Patches by Email and any you see are Viruses that include a real looking Website and URL thats has a minor misspelling to fool you. Always use your Start Button to Update Windows and use the Criticial Update as a notice that there is a new update is there for you only.

Any time, hope it helps.

Kevin