• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos1 Stats

Firewall and odd detections after Firefox update

It seems Firefox just updated. Norton detected "updater.exe" as a download and cleared it, stating it was from Firefox. Ever since, Norton shows repeatedly "initial firewall rules update failed" and "Norton Community Watch Feedback". There are also two suspicious things marked in the history as:

Statistical submission: suspicious.cloud9 exonerated

Statistical submission: xul.dll

Am I infected (Norton scan picks up nothing) or is this a Firefox conflict? I'd like to add that the browsers are running extremely slowly as soon as updater.exe from Firefox showed up.

Replies

Kudos0

Re: Firewall and odd detections after Firefox update

As normal for FF update... Users have reported same... 

Norton Community Watch submissions are not malware detections.
Norton Community Watch is a feature that submits files of interest to Symantec for analysis in order to improve Norton's ability to detect threats correctly,  NCW plays no role in the day-to-day security of your computer, and the submission entries should not be viewed as an indication of any malware on your machine.  (credit SOJ)

NCW is simply reporting to Symantec what Norton sees on your machine.

No worries

Do you use Toolbar.  Is Toolbar OK.   Try an extra FF refresh and system reboot...
FF 38.0.1 was available to internal updater a few days ago...

Kudos0

Re: Firewall and odd detections after Firefox update

Thanks. Unfortunately, all browsers (FF, Chrome) are working extremely, extremely slowly even after rebooting 24 hrs later. Websites are loading way slow to utilize the toolbars. The same errors are in the history, as well as some notes stating that Firefox was allowed to access network resources and a new Firewall setting was made for Firefox. Still nothing picked up as malicious on the system, and I'm quite certain its still the FF conflict/error.

Kudos0

Re: Firewall and odd detections after Firefox update

Hello

Others have been complaining that FF38 has been working very slowly since FF 38 was released and it's no better with 38.0.1 unfortunately.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Firewall and odd detections after Firefox update

It seems everything is back to normal after a while. Norton's history finally shows that firewall rules were updated. Although, I think all the update failure and successful update have a "custom" action description. Is this something to worry about?

Kudos0

Re: Firewall and odd detections after Firefox update

Hello

I have noticed some custom rules in my firewall also that I have wondered about. Everything seems to be working though and I have the all protected and green checkmark in the Norton Logo, so I figure all is ok.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Firewall and odd detections after Firefox update

Thanks. I'm guessing that Firefox attempting to configure itself after updates may be prompting the "custom" classification, what do you think?

Kudos0

Re: Firewall and odd detections after Firefox update

Hello

You could delete the entries in the firewall for Firefox and let Firefox create new rules for itself. Since Firefox changes so often, perhaps the firewall can't keep up with it.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Firewall and odd detections after Firefox update

Thanks. Firefox actually did that itself and eventually everything worked again as previously stated. The only query I've left is why some firewall changes are custom, even though I agree that probably nothing is wrong.

Kudos0

Re: Firewall and odd detections after Firefox update

bjm_:


(1) Norton Community Watch submissions are not malware detections. 
Norton Community Watch is a feature that submits files of interest to Symantec for analysis in order to improve Norton's ability to detect threats correctly,  NCW plays no role in the day-to-day security of your computer, and the submission entries should not be viewed as an indication of any malware on your machine.  (credit SOJ)(/1)

(2) NCW is simply reporting to Symantec what Norton sees on your machine. (/2)

(1) And? Why "exonerated"?

(2) It isn't just "sees on....", because there is word "exonerated". It isn't False Positive, but why "exonerated"? It is new file, there is trust digital signature=>NCW must inherit reputation information for avoid False Positive detect (Ws.Rep.1, for example). I often saw this information about "exonerated" even onto old files, when I did full scan my PC.  It interesting. Norton history contains such information with Susp.Cloud.7.F, Susp.Cloud.5, SAPE.. etc (other proactive static detections, except Ws.Rep.1). May be, Norton thus control precision for proactive technologies (PTs) (static detection). If file is clean (local white list(Live Update)+trust reputation (NCW)*) and PTs tries detect this file (*don't give do it) - Report about it (submission=HEX data?...) send to NCW. 

Kudos0

Re: Firewall and odd detections after Firefox update

CorvusCorax47:

(1) And? Why "exonerated"?

Statistical submissions are all about refining detection criteria to reduce the number of false positives.  New legitimate files may have some characteristics resembling those of suspected malicious files.  When Norton exonerates a file, it is removing it from the list of suspicious files that might otherwise be detected as Suspicious.Cloud or some other malware.

Kudos0

Re: Firewall and odd detections after Firefox update

SendOfJive:
CorvusCorax47:

(1) And? Why "exonerated"?

Statistical submissions are all about refining detection criteria to reduce the number of false positives.  New legitimate files may have some characteristics resembling those of suspected malicious files.  When Norton exonerates a file, it is removing it from the list of suspicious files that might otherwise be detected as Suspicious.Cloud or some other malware.

If those files can be detected - all ok, because there are White List(local) and NCW(Insight-"trust" reputation(*)), which protect from False Positives and this submissions Norton can don't  send, because there isn't meaning (there will not False Positive detection, if Norton will have information from(*)). So, I assumed, that such submissions help do proactive technologies more precision (specialists - developers see such telemetry and improve algorithms of proactive technologies). 

Kudos0

Re: Firewall and odd detections after Firefox update

Hi tigerluver,

I am also interesting in 'exonerated', can you please show me a screen about the scan history?

Thanks,

Kudos0

Re: Firewall and odd detections after Firefox update

It wasn't found by a scan, but rather just showed up in the general actions history soon after the Firefox automatic update exactly as the text in my first post. I'll see if its still there in the logs.

This thread is closed from further comment. Please visit the forum to start a new thread.