Symantec Security Check

technophobe · May 14, 2007, 3:03pm

With Comodo I decided to try the Symantec security check and apparently got these following failures.

ICMP Ping open

23 Telnet open

80 HTTP open

On the Trojan test it reported, 1025 Unused Windows Service Block open.

I went back to Gibson Research and did their tests again; according to the results the same ports are perfectly stealthed. It is interesting that when I used Symantec Internet Security in the past, it used to pass with flying colours on Symantec’s tests. Maybe I am being cynical, lol, has anybody else tried their check. If these ports are a genuine problem is their anyway in Comodo I can correct that, or at least how can I be sure?

Dave

grampa · May 14, 2007, 3:13pm

Hey Dave,

Yes, I tried the Symantec as well as the grc test and passed both with no problems at all.
Maybe we should provide the links so more people can try and give their feedback.
Symantec: security.symantec.com
GRC: www.grc.com
I’m sorry I have no idea what to do to solve your problem.
However, you should disable the Telnet service (if you don’t need it) - a well known security risk.
Hope that helps until someone can actually tell you what’s going on.
Cheers,
grampa.

Wilpower · May 14, 2007, 3:16pm

Hi technophobe> I just completed the Symantec Security Check and the results were 100% STEALTH. (R)
OS Windows XP Pro. SP2
Just the way one wants it.
Hope your concern is resolved. (:KWL)

kail · May 14, 2007, 3:19pm

Hi Dave

CFP may be responsible for the ICMP Ping. Check your Network Monitor rules & you should see an ICMP Out Echo Request. To stop that (some games & P2P apps need this) then either delete that rule or move it to below your final block & log rule.

The other 2… 23 & 80 plus the 2 different results…I suspect you have a router, routers often use these ports. A router might also allow an Ping as well. Router needs changing. You also need to be aware that your software firewall (CFP) is only going to see what the hardware firewall/NAT in the router allows it to. So, when testing at something like GRC your actually testing your router unless the router is instructed otherwise (DMZ).

grampa · May 14, 2007, 3:33pm

Hiya,

The ICMP out Echo request rule is the 2nd from the top in my NM (still have the defaults as I’m neither a gamer nor am I connected via LAN nor whatever)
However, no problems here, i.e. perfectly stealthed.
So it should really be related to your router.
Here’s what another “guru” said - just to back up what “guru” kail’s just written:
(I really mean it. You are “gurus”!)

With online tests, any hardware between your computer and the test site is what is being scanned. In other words, if you have a router, the router is being scanned.

To be found here: https://forums.comodo.com/index.php/topic,8702.msg63023.html#msg63023 Cheers, grampa.

technophobe · May 14, 2007, 3:37pm

Thanks grampa and wilpower at least I now know that I should be getting the all clear at Symantec. I have XP Home SP2, I don’t seem to have Telnet listed in my services.

Hi kail definitely no router, but I will check the other point you raise in CFP. Thanks all for your help.

Thanks for the further input grampa.

Dave

kail · May 14, 2007, 3:42pm

Dave

What is your Internet connection?

technophobe · May 14, 2007, 3:58pm

Hi again kail, I am still on dialup with internal modem.

Dave

kail · May 14, 2007, 4:09pm

Does CFP show anything connected (Activity tab - Connections) on ports 23 or 80? I do wish CFP would show listening connections.

Also does CFPs Log show any entires around the time of the Symantec scan?

I can’t explain why the GRC & Symantec scans gave you different results, unless Symantec’s scan selected the wrong IP? Some ISPs do try to hide their users. I’m on GPRS Dial-Up & my ISP hides me. Neither Symantec or GRC can even determine my correct IP.

technophobe · May 14, 2007, 4:40pm

Hi kail, I tried the Symantec check again, there is a diference on some of the last 4 ports that are listed, first time they were not registered as stealthed but just closed, now those are registered as stealthed. The other ports that were open are still showing open. CFP does register activity while the scan is on and blocks some actions. Can find no reference to ports 23 or 80 in connections.

I get the following from Symantec before doing the scan but regardless of what it says it still goes ahead and does the scan. What is blocking the information they want I am not sure other than possibly CFP.

This information is insufficient to continue with Symantec Security Check. Your computer may be running software that blocks the user-agent HTTP header. The user-agent header provides basic information about your system and browser. This is usually caused by running software that blocks user-agent.

Dave