Re: Norton PF 2002 configuring over and over...

From: Joseph V. Morris (jvmorris_at_erols.com)
Date: 05/17/04 

Date: Mon, 17 May 2004 15:16:37 -0400

Chuck,

It's all over the place. You can find it being discussed at Computer Cops,
at Wilders Security Forums and at the DSLR/BBR Security Forum. Seems like
the LiveUpdate of 12 May (or maybe one thereafter) blew the socks off
NIS/NPF 2002 (but people using NIS/NPF 2003 or 2004 appear to be okay).

If you're bored, you can always try reading through the thread at
http://www.dslreports.com/forum/remark,10248995~mode=flat (start about six
posts in). <g>

Firewall rules appear to be okay as do the basic configuration settings.
Looks like one of the downloaded components is causing NIS/NPF 2002 to
'burp'. There's a bit of suspicion that they inadvertently stuffed a
NIS/NPF 2003/2004 update into the update for NIS/NPF 2002. No word (yet) on
a fix for the fix. :-(

Could be something they did to get a response out the door in short time in
response to the eEYE vulnerabilities which also impact NIS/NPF 2002.
(There's exploit code out for this now, so it sort of leaves people between
a rock and a hard place.)

I presume what you're seeing looks similar to the following?

Firewall Event Log
17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
17/05/2004 03:14:31 Owner Firewall configuration updated: 64 rules
17/05/2004 03:14:30 Owner Firewall configuration updated: 64 rules
17/05/2004 03:14:28 Not Logged In Firewall configuration updated: 64 rules
17/05/2004 03:14:26 Not Logged In NDIS filtering is enabled

(That's for an XP box with NIS User Accounts enabled.)