Author Topic: Bogus Symantec Firewall ADBLOCK Settings  (Read 9617 times)

0 Members and 1 Guest are viewing this topic.

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Bogus Symantec Firewall ADBLOCK Settings
« on: August 29, 2006, 01:46:33 PM »
this is about the ADBLOCK part of the SYMANTEC FIREWALL.
...i just noticed that there were several BAD settings in there, that i DEFINITELY DIDN'T make on my own.

i set the firewall ADBLOCK to block ALL sites for popups. but THESE domains had somehow set their sites up to be ALLOWED to give me popups:
soundweb.com, tiscali.fr, www.tiscsali.co.uk
THIS site was set somehow set up to show me popups AND to "permit scripts" --
smile.co.uk

 * anybody know anything about these co's, or how they did this...?

i don't have any infections, and haven't for quite a while.

i'm also curious about why i have such a large number of domains added to ADBLOCK (presumably by symantec) that have DEFAULT settings.

these domains are supposed to've been added by me or symantec, but OBVIOUSLY some -- like soundweb.com and tiscali -- were probably added (or TWEAKED) by the companies themselves.

i did some testing, and there's NO BENEFIT to add a domain to adblock, if it's set to Defaults -- as MANY of mine are.

WHAT I MEAN:
one of my adblock rules is to block images coming from a url that has "/ads/" in it. well, the FIREWALL blocks ALL instances of that -- regardless of whether the domain's been added to my block list or NOT.  (LandZDown ISN'T in my list, but if you had images in an ADS directory, they wouldn't show to me... )

so -- what's with my large list of added domains, all set to DEFAULT...? those default settings are used for EVERY page i come across.

...weird.







Offline Totro

  • LandzDown Team
  • Hero Member
  • *****
  • Posts: 517
  • Cogito ergo sum ...
    • View Profile
Re: Bogus Symantec Firewall ADBLOCK Settings
« Reply #1 on: September 07, 2006, 05:55:51 AM »
Hi babyoh   :)

From my experience in years past - when I used NIS/NAV (2003 version);- it used to set defaults for known (to them) "safe" sites. With the option of you being able to tighten the security for any site that you personally wished to.

As far as I know Tiscali, both in the UK & France, is a reputable ISP.

But, from memory, the Adblock part of NIS/Nav used to, for me - block anything - from any site that was deemed to be an "Ad",  by using either key "words"  like "Ad" as part of the re-direct link or simply by commonly used "banner" sizes of adverts.

Setting up Symantec firewalls is, from experience, a rather complicated procedure - however - I found that if you persevere with it - it is pretty good - once you set up all the "rules".

I don't have any experience of "smile.co.uk" but again - as far as I know Tiscali is OK.

Wait for others to reply though, because I have not used NIS/NAV since the 2003 version - there may be others on the forum who have more experience with Symantec's later products.

Also - tell us what What version of Symantec product are you using?

Cheers, Totro  :thumbsup:

Panic slowly...

Brought to you from the land down-under...

ASAP (Member) Alliance of Security Analysis Professionals

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Bogus Symantec Firewall ADBLOCK Settings
« Reply #2 on: September 07, 2006, 08:50:28 PM »
totro,
hi. thanks for replying.
i'm using SYMANTEC FIREWALL 2006.
i noticed A FEW domains had "okayed" themselves in my FIREWALL for POPUPS: microsoft, symantec, soundweb.com, tiscali.fr, www.tiscsali.co.uk
(this one had okayed itself for SCRIPTS - smile.co.uk)
* of course, microsoft and symantec probably NEED popups enabled... BUT, no idea where the others came from.
* But, from memory, the Adblock part of NIS/Nav used to, for me - block anything - from any site that was deemed to be an "Ad",  by using either key "words"  like "Ad" as part of the re-direct link or simply by commonly used "banner" sizes of adverts.

- that's pretty much how it seems to be working now, for all domains... EXCEPT the ones that are added, with a new set of RULES. for instance, right now i could add NEWSITE.COM, and set the FIREWALL ADBLOCKER to "block scripts" but "ALLOW POPUPS" from that domain... or whatever.

... something (possibly symantec) had added a bunch of domains, with NO addtional rules. which makes no sense. since SOMEWEBITE.COM/ADS will have it's images blocked WHETHER IT'S SPECIFICALLY ADDED TO ADBLOCK DOMAINS OR NOT (-- i have a rule that blocks ANYTHING from */ads... i tested it... it works GREAT... i'm just curious where these domains came from.)

when i websurf, the FIREWALL occasionally asks me: DO YOU WANT TO HAVE THE RULES FOR THIS DOMAIN SET AUTOMATICALLY? or whatever the wording is. it's possible tiscali, smile.co.uk etc got added that way. (though, i did visit the sites, and didn't recognize them at all.)

* it's just mysterious.
 :blink:

if i NEED to, i set things to TEMPORARILY allow popups, etc. which is why the tiscali thing is so strange.

i haven't had any infections (outside of a few tracking cookies), since i installed the 2006 FIREWALL.... But, my 1st reaction, was to think some malware had readjusted my settings...
 :confused:





Offline Brynn

  • Sr. Member
  • ****
  • Posts: 424
    • View Profile
Re: Bogus Symantec Firewall ADBLOCK Settings
« Reply #3 on: September 09, 2006, 07:48:22 PM »
As you may recall, I used the Norton Firewall for several years, and really loved the ad blocking feature.  It does come with many domains which upon installation, have already been configured, and not just for ads, but other web content as well.  I didn't understand the reasons for many of the settings either, and contacted Symantec tech support.  They evaded my question (big surprise) and simply said that I could configure them any way I saw fit.

I did not want to Remove any of the preconfigured domains, since I did not know them, had never visited them, and didn't know if they were safe or not.  So I configured them all to block everything, as is my paranoid habit.  (I set the defaults to block all web content.)  This would mean that should I ever visit those domains, certain features may not work.  Kind of a headache, but it forced me to seriously considered and research the safety of each domain, at such time as I may need them, rather than try to intuit or blindly guess....and as well, rather than trust Norton/Symantec to magicly (sp?) know my own personal needs and preferences.

So I never found out what were Symantec's reasons for the pre-configured settings.  But I don't think I ever visited any of those domains, in the end, either.  I wish I could answer your questions, as I had the same questions, but unfortunately such is life with a Norton product!
"To sin by silence when they should protest makes cowards of men." - Abraham Lincoln

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Bogus Symantec Firewall ADBLOCK Settings
« Reply #4 on: September 11, 2006, 12:48:19 AM »
thanks, brynn.  :flowers:
as is my paranoid habit.  (I set the defaults to block all web content.)
ME TOO! LOL
 :Win73:
well, the symantec mystery DEEPENS...
today i noticed a NEW thing that's been added to my symantec ADBLOCK list.
mobile.tiscali.it
 -- related to the other "tiscali" entries, but it's NOT for FR (France) or the UK (United Kingdom) : it's for ITALY.

it's listed as using most of my DEFAULT settings -- but it's OKAYED itself for POPUPS!

i'm assuming this is either symantec deciding on my settings for me, or that tiscali has some trick, and THEY'RE doing it.

 - it's possible i missed this setting the last time i checked Aug 29, but i was pretty thorough.

actually, in a way, this is a GOOD thing: it's giving me a roadmap of what to BLOCK. (i just have to remember what i've blocked, if i'm ever having trouble getting content from those domains.)

still: STRANGE.
curious where these ALLOW POPUP settings originate...

  :confused:

Offline Brynn

  • Sr. Member
  • ****
  • Posts: 424
    • View Profile
Re: Bogus Symantec Firewall ADBLOCK Settings
« Reply #5 on: September 11, 2006, 09:00:29 AM »
I'm not positive about this, but I used to find new domains from time to time, too.  I always thought they were being added via updates.
"To sin by silence when they should protest makes cowards of men." - Abraham Lincoln