CPF and Norton Antivirus question

system · September 29, 2006, 3:02am

My Norton Antivirus logs are full of warnings about CPF, Here’s a sample:

9/28/06 10:49:46 PM,Unauthorized access logged,SymProtectEvent Details:
Time: 9/28/06 10:49:46 PM
Actor: C:\Program Files\Comodo\Firewall\cmdagent.exe (PID=1756)
Target: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (PID=1088)
Action: Unauthorized access
Reaction: Unauthorized access stopped

www.symantec.com\par
9/28/06 10:49:46 PM,Unauthorized access logged,SymProtectEvent Details:
Time: 9/28/06 10:49:46 PM
Actor: C:\Program Files\Comodo\Firewall\cmdagent.exe (PID=1756)
Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (PID=1116)
Action: Unauthorized access
Reaction: Unauthorized access stopped

www.symantec.com\par
9/28/06 10:49:46 PM,Unauthorized access logged,SymProtectEvent Details:
Time: 9/28/06 10:49:46 PM
Actor: C:\Program Files\Comodo\Firewall\cmdagent.exe (PID=1756)
Target: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (PID=1292)
Action: Unauthorized access
Reaction: Unauthorized access stopped

www.symantec.com\par
9/28/06 10:49:46 PM,Unauthorized access logged,SymProtectEvent Details:
Time: 9/28/06 10:49:46 PM
Actor: C:\Program Files\Comodo\Firewall\cmdagent.exe (PID=1756)
Target: C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (PID=1732)
Action: Unauthorized access
Reaction: Unauthorized access stopped

www.symantec.com\par
9/28/06 10:49:46 PM,Unauthorized access logged,SymProtectEvent Details:
Time: 9/28/06 10:49:46 PM
Actor: C:\Program Files\Comodo\Firewall\cmdagent.exe (PID=1756)
Target: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (PID=1088)
Action: Unauthorized access
Reaction: Unauthorized access stopped

www.symantec.com\par
9/28/06 10:49:46 PM,Unauthorized access logged,SymProtectEvent Details:
Time: 9/28/06 10:49:46 PM
Actor: C:\Program Files\Comodo\Firewall\cmdagent.exe (PID=1756)
Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (PID=1116)
Action: Unauthorized access
Reaction: Unauthorized access stopped

My question is, Should I turn off protection for NAV so CPF can learn about it or just ignore these log entries.

system · September 29, 2006, 4:12am

Hi Marc,

If I understand, actually it seems it would be the other way around I would think. Norton is finding CPF as a problem. Norton would have to learn or perhaps have CPF put into SAFE app list. Most sites that host running process information have cmdagent.exe as safe. I think Symantec needs to enter some safe apps.

Hope this helps,

Paul

Rotty · September 29, 2006, 4:25am

It looks like the CPF process is trying to access the symantec processes which would have anti-hacker protection, maybe add all of the allerted symantec process to CPF’s trusted list so it won’t try to hook the symantec processes.

cheers, rotty

system · September 29, 2006, 5:42am

Thanks Paul and Rotty,

I think I’ll turn off protection in NAV for a couple of days and see what happens. I forgot to mention that this only happens after a boot, I thought that maybe CPF was scanning NAV to add its components to the component monitor. I’ll let ya know what happens.