Need Help configuring NIS 2004 firewall

[ghoti]

I am running Norton Inernet Security 2004, and I have a heckuva time configuring the firewall rules because a large part of the time I cannot tell which applications I should be allowing to access the internet, which are optional (but best NOT allowed, e.g., MSN Messenger), and which are worms, or otherwise detrimental/ dangerous.

The alert comes up telling me this or that program and this or that module is trying to access the internet, and what do I want to do about it.

Another example: I got an alert that some computer outside was wanting to 'sound' (I forget the exact term the alert used) my Port #7 (I think it was), and the alert recommended that I allow this (it said low risk -- there was no virus). What was that about? I have no idea how to respond to these.

Any advice, please?

 

[ghoti]

I realize NIS isn't everyone's choice, but I've got it and would like to at least give it a try!

Anyone?

 

[LiLithTecH]

The old saying is, "when in doubt, don't let it out".

There is really no reason for a sound file access the net.
NIS, ZA, etc..., try to alert if it even thinks it should with
a lot of False Positives.

Adobe Acrobat Reader 6 always asks to access the net, but is
a good example of a False Positive as it does not.

 

[bsobel]

There is really no reason for a sound file access the net.
NIS, ZA, etc..., try to alert if it even thinks it should with
a lot of False Positives.

I think he's refering to an echo request, not a wav file The alerts in NIS give you the risk factor, you can pretty reliably use that as an indicator of what to do. If you don't recongnize the application doing the request, say no, you can always allow it later (ask here or google the name to see what it is)

Adobe Acrobat Reader 6 always asks to access the net, but is
a good example of a False Positive as it does not.

Yes it does, it checks for updates all the time.

Bill

 

[ghoti]

Thanks LT.
Thanks Bill.

 

[LiLithTecH]

Originally posted by: bsobel

Adobe Acrobat Reader 6 always asks to access the net, but is
a good example of a False Positive as it does not.

Yes it does, it checks for updates all the time.

Bill

Not to nickpick but it will request access even if the AUTO UPDATE, Online Help is disabled.

 

[Sondra]

I don't know what to tell Norton Internet Security, either. C:Windows\System32\scrgrd.exe keeps wanting to access the Internet and Norton keeps saying it's High Risk, block it. I do, and it keeps coming back, so I try to hide it in the corner.

I just blocked it again and it went away for a minute, but C:\Windows\System32\svchost.exe came right up. Norton said it's Low Risk, permit it, so I did, but then scrgrd came up again--over and over. This is extremely annoying, and I have no idea what the correct answers are.

Now I've gotten an alert from Antivirus that C:\Windows\System32\scrgrd.exe is (or is infected with) a virus, w32.Spybot.Worm and it can't be repaired.

This is really a mess.

 

[bsobel]

Originally posted by: Sondra
I don't know what to tell Norton Internet Security, either. C:Windows\System32\scrgrd.exe keeps wanting to access the Internet and Norton keeps saying it's High Risk, block it. I do, and it keeps coming back, so I try to hide it in the corner.

I just blocked it again and it went away for a minute, but C:\Windows\System32\svchost.exe came right up. Norton said it's Low Risk, permit it, so I did, but then scrgrd came up again--over and over. This is extremely annoying, and I have no idea what the correct answers are.

Now I've gotten an alert from Antivirus that C:\Windows\System32\scrgrd.exe is (or is infected with) a virus, w32.Spybot.Worm and it can't be repaired.

This is really a mess.

I don't get what the mess is, your machine is infected. Have NAV delete the file and move on...

Bill

 

[Sondra]

Norton can't delete it, in safe mode or otherwise.

Even after I get rid of it, I'll still have the problem of Internet Security asking me what to permit and what to block all the time, and I don't know the answers.

 

[nlieber]

Sondra,

Try going to www.broadbandreports.com and looking in the security forum. It has a thread on what to do if you are infected. It also has several links to adware/spyware removal tools.

Hope it helps and if you already knew this just go to the next post

Good luck

 

[Sondra]

Thanks, nlieber, for letting me know about broadbandreports.com. What I think I'll do is get a new C drive and reformat the current one and make it a slave or a backup drive. At a computer shop, I was told this worm can hide even when you think you've destroyed it and come out later--but it's OK if it's not the system drive.