Symantec Internet Security 2006 & Windows Defender (beta 2)

[Guest]

Since a few weeks I am using Windows Defender. I have also installed on my
system Internet Security 2006 and infrequently check their logfiles.

I discovered that in the Symantec Resource Protector logfile very frequently
warnings are listed which almost all of them have a reference to Windows
Defender. This seems a bit odd. I hope that MS somehow will address this. For
convenience I have attached a relevant sample from the logfile.

4-4-2006 8:27:14,Niet-geautoriseerde toegang
gerapporteerd,"Gebeurtenisdetails voor SymProtect: Tijd: 4-4-2006 8:27:14
Acteur: C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE (PID=1152) Doel:
C:\Program Files\Common Files\Symantec Shared\CCLGVIEW.EXE Actie:
Niet-geautoriseerde toegang Reactie: Niet-geautoriseerde toegang beëindigd
http://www.symantec.nl"
4-4-2006 8:27:14,Niet-geautoriseerde toegang
gerapporteerd,"Gebeurtenisdetails voor SymProtect: Tijd: 4-4-2006 8:27:14
Acteur: C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE (PID=1152) Doel:
C:\Program Files\Common Files\Symantec Shared\CCLGVIEW.EXE Actie:
Niet-geautoriseerde toegang Reactie: Niet-geautoriseerde toegang beëindigd
http://www.symantec.nl"
4-4-2006 8:27:04,Niet-geautoriseerde toegang
gerapporteerd,"Gebeurtenisdetails voor SymProtect: Tijd: 4-4-2006 8:27:04
Acteur: C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE (PID=1152) Doel:
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.EXE Actie:
Niet-geautoriseerde toegang Reactie: Niet-geautoriseerde toegang beëindigd
http://www.symantec.nl"
4-4-2006 8:27:04,Niet-geautoriseerde toegang
gerapporteerd,"Gebeurtenisdetails voor SymProtect: Tijd: 4-4-2006 8:27:04
Acteur: C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE (PID=1152) Doel:
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.EXE Actie:
Niet-geautoriseerde toegang Reactie: Niet-geautoriseerde toegang beëindigd
http://www.symantec.nl"
4-4-2006 8:25:59,Niet-geautoriseerde toegang
gerapporteerd,"Gebeurtenisdetails voor SymProtect: Tijd: 4-4-2006 8:25:59
Acteur: C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE (PID=1152) Doel:
C:\Program Files\Norton Internet Security\URLUPDAT.EXE Actie:
Niet-geautoriseerde toegang Reactie: Niet-geautoriseerde toegang beëindigd
http://www.symantec.nl"
4-4-2006 8:25:59,Niet-geautoriseerde toegang
gerapporteerd,"Gebeurtenisdetails voor SymProtect: Tijd: 4-4-2006 8:25:59
Acteur: C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE (PID=1152) Doel:
C:\Program Files\Norton Internet Security\URLUPDAT.EXE Actie:
Niet-geautoriseerde toegang Reactie: Niet-geautoriseerde toegang beëindigd
http://www.symantec.nl"
4-4-2006 8:25:49,Niet-geautoriseerde toegang
gerapporteerd,"Gebeurtenisdetails voor SymProtect: Tijd: 4-4-2006 8:25:49
Acteur: C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE (PID=1152) Doel:
C:\Program Files\Norton Internet Security\ALEUPDAT.EXE Actie:
Niet-geautoriseerde toegang Reactie: Niet-geautoriseerde toegang beëindigd
http://www.symantec.nl"
4-4-2006 8:25:49,Niet-geautoriseerde toegang
gerapporteerd,"Gebeurtenisdetails voor SymProtect: Tijd: 4-4-2006 8:25:49
Acteur: C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE (PID=1152) Doel:
C:\Program Files\Norton Internet Security\ALEUPDAT.EXE Actie:
Niet-geautoriseerde toegang Reactie: Niet-geautoriseerde toegang beëindigd
http://www.symantec.nl"
4-4-2006 8:25:14,Niet-geautoriseerde toegang
gerapporteerd,"Gebeurtenisdetails voor SymProtect: Tijd: 4-4-2006 8:25:14
Acteur: C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE (PID=1152) Doel:
C:\Program Files\Symantec\LiveUpdate\LuComServer_2_7.EXE Actie:
Niet-geautoriseerde toegang Reactie: Niet-geautoriseerde toegang beëindigd
http://www.symantec.nl"
4-4-2006 8:25:14,Niet-geautoriseerde toegang
gerapporteerd,"Gebeurtenisdetails voor SymProtect: Tijd: 4-4-2006 8:25:14
Acteur: C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE (PID=1152) Doel:
C:\Program Files\Symantec\LiveUpdate\LuComServer_2_7.EXE Actie:
Niet-geautoriseerde toegang Reactie: Niet-geautoriseerde toegang beëindigd
http://www.symantec.nl"
4-4-2006 8:25:14,Niet-geautoriseerde toegang
gerapporteerd,"Gebeurtenisdetails voor SymProtect: Tijd: 4-4-2006 8:25:14
Acteur: C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE (PID=1152) Doel:
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE Actie: Niet-geautoriseerde
toegang Reactie: Niet-geautoriseerde toegang beëindigd
http://www.symantec.nl"
4-4-2006 8:25:14,Niet-geautoriseerde toegang
gerapporteerd,"Gebeurtenisdetails voor SymProtect: Tijd: 4-4-2006 8:25:14
Acteur: C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE (PID=1152) Doel:
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE Actie: Niet-geautoriseerde
toegang Reactie: Niet-geautoriseerde toegang beëindigd
http://www.symantec.nl"
4-4-2006 8:25:04,Niet-geautoriseerde toegang
gerapporteerd,"Gebeurtenisdetails voor SymProtect: Tijd: 4-4-2006 8:25:04
Acteur: C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE (PID=1152) Doel:
C:\Program Files\Common Files\Symantec Shared\NMain.exe Actie:
Niet-geautoriseerde toegang Reactie: Niet-geautoriseerde toegang beëindigd
http://www.symantec.nl"

 

[plun]

Hi

Ask yourself why you also are running Windows Defender ?

NIS 2006 includes much more then WD, better definitions, better
removals
beacuse NIS 2006 includes a module for "security risks".

If you was running NIS 2005 it was completely different beacuse it has
no protection.

http://securityresponse.symantec.com/

No meaning to "staple" real time protection with several shields.

regards
plun

 

[Guest]

Hi,
you have the same problem that I have with Norton Antivirus 2005; I have
posted about it in "Application compatibility."
I expect a solution soon from Microsoft.

 

[Guest]

I have Norton SystemWorks 2005 Professional installed on one of the
computers. I was under the impression that Norton protects itself from
modification and the entries in the logfiles represents access attempts by
other programs. So Windows Defender should appear in the log everytime you
run a full scan. However, there appear to be entries from other programs
that have no business snooping around. Those are the entries that disturb me.

 

[plun]

Hi

If you are running NIS 2005 you have no "security risk" protection
as Symantec calls them and then you need for example Defender OR
Spysweeper OR Counterspy. Just one of them for RTP spyware protection.

You can then use others for manual scannings.

Nevertheless all users must make a choice about different RTP
protections, no meaning to "staple" them !

NIS2006 security risk module is much better then WD. IMHO

I am using TrendMicros PC Cillin with a really bad spyware recognition
TM wants all users to buy TMs Antispyware program..... instead
I´m using WD. And thats enough, for manual scannings I´m using
Ewido and Adaware.

Every security vendor will now include everything within one
complete package.

For example Spysweeper and Counterspy must probably find a partner with
antivirus protection and sell a complete package.

Something to think about

regards
plun

 

[Guest]

hi huub , i am from belgium and have the same problem with a dutch norton
antivirus 2006 and norton firewall 2006 , same logs as you .

only thing you can do is to turn of the real-time protection off from
defender ( and use it like a on-demand scanner )and hope microsoft will solve
quickly the interference between defender real-time protection and sysmantec
resource protector..

you can also turn off the symantec resource protection , and leave defender
real-time on , but i will not recommend that to do...

 

[ANONYMOUS]

Why should "MS somehow will address this." It is Norton/Symantec who
should address this. It is their software that is misdiagnosing MS
software. Don't forget, MS's product is likely to hit Symantec's bottom
line when Defender becomes de-facto industry standard and given away
free!!! Do you know Netscape which used to charge when it was first
release way back in early 90s? Then came another browser called
Internet Explorer given away free and surprise surprise netscape also
became free!!

Can you translate what the message says for my information please.

Thanks.

 

[Guest]

this is not true i think , the real-time protection from defender is
interacting with the symantec resource protector , not the other way around !

 

[plun]

Hi

Please contact Symantec support about this issue.

Let Symantec and Microsft handle these "tickets" between them directly.

If you are running NIS 2006 you already has a much better protection
then Windows Defender gives. No meaning to run WD.

If you are running NIS 2005 ask Symantec support how to get the
module for "security risks".

http://securityresponse.symantec.com/avcenter/security_risks/

If Symantec wants money for this module and you don´t want to pay
MS and Symantec must make a "deal" about WD and it´s behavior.

So this is a "dirty" situation....... damned money. (and One Care)



regards
plun

 

[Guest]

they are handling it , microsoft is investigating.... and symantec says there
are no nown issues , they say that agianst me , and also to microsoft
so.....troubles for the moment and yes maybe i shut remove defender , i run
norton antivirus 2006 and norton firewall 2006...

 

[plun]

Hi joris

Ask Symantec support if this module is included within NAV 2006 ?

http://securityresponse.symantec.com/avcenter/security_risks/

Otherwise they must solve this or you get the security risk module for
free.

regards
plun

 

[Guest]

yes that's included in norton 2006 , not in the 2005, but that solves not the
problem defender-norton interaction....
and a second opinion from defender is always nice...

 

[plun]

Hi again

Symantecs definitions, removals and kbs about threats are much better.

No need for Windows Defender.....IMHO.

It is not nice to "staple" real time protection on each other, only
problems.

I you don´t thrust Symantec you probably must choose another
protection.

regards
plun