Hi, folks. I am humbly requesting your help with a question that has been driving me crazy for years.

I have a clean install of Windows 2000 with Norton System Works and Personal Firewall. I did one successful Live Update, but the second LU failed, complaining that it couldn't connect to the internet (LU 1814, I think).

The conection is being blocked by the firewall. The event log says:
"No logged-in account. Default action is to "block".

This crops up every so often, and I have researched it to death and have been unable to find out what it means (and therefore what to do about it). I do not explicitly "log in" to any Norton product, but I seem to recall reading somewhere that there is some sort of login process going on behind the scenes.

I also have a vague recollection of clearing out some data file, but that may have been to solve a different issue. Can't find my notes.

I created an outbound TCP firewall "permit" rule specifically for the Live Update URL, and that worked. The next day it didn't work.

I assumed that all internet access was being blocked, but I later I discovered that ping and the web browser are working (haven't tried email yet). Perhaps it's just a Live Update problem.

I don't get it. Can anyone shed any light on this?

Thanks,
Ted

Found this http://www.derkeiler.com/Newsgroups/comp.security.firewalls/2003-05/0722.html
Does it relate?
Didn't read it and understand in detail, but it looks related.

See also http://castlecops.com/check99201next.html

Found this http://www.derkeiler.com/Newsgroups/comp.security.firewalls/2003-05/0722.html
Does it relate?
Didn't read it and understand in detail, but it looks related.Thanks very much. I don't have time right now to read it in detail either. It is related (same message), but the first thing he says is:

"that particular message should only occur with NIS 2002
(v 4.0.x), not with NPF 2002".

Contrary to his assertion, what I (and my friend both) have is NPF 2002. Might be worth my trying to email the guy who posted those answers.

See also http://castlecops.com/check99201next.htmllol, how funny, that's *my* thread. I had a feeling I had posted on this topic before but couldn't remember when. And the previous thread was about problems with the same friend's computer. He seems to get that message, but I don't think I ever have had that problem on mine.

Thanks,
Ted

At
Norton Personal Firewall 2002 4.0 Search (http://service1.symantec.com/SUPPORT/sunset-c2002kb.nsf/672c231f89ff479085256ee600556cc3)
Found
NPF Event Log shows blocked communications (http://service1.symantec.com/SUPPORT/sunset-c2002kb.nsf/672c231f89ff479085256ee600556cc3/3ee613189b7db84385256ede00518dfb?OpenDocument&src=bar_sch_nam)

LiveUpdate cannot connect to the Internet or to a LiveUpdate server (http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/2005050311260713?Open&src=bar_sch_nam&docid=2002082616293813&nsf=sharedtech.nsf&view=7e7f15291a25d938882567e50048a048&dtype=&prod=&ver=&osv=&osv_lvl=)

At:
"Section 2: Disable firewalls and ad blocking software
Certain programs can block LiveUpdate Internet connections."

Yes, I know exactly what program is preventing access to Live Update. It's the Norton Personal Firewall. If I disable the firewall, Live Update works.

But I don't *wanna* disable the firewall! That lets in nasty stuff, which is what happened before, which is why my friend gave me his computer to straighten out. It was Trojan-ed to death.

Symantec says if the firewall blocked something, there is an identifiable system-wide rule (which I could presumably change). But that is not true in this case.

There are also rules which govern internet access from each installed program. I suppose I could take a closer look at the rules for the various parts of Live Update. I think the default for all of them is "Automatic", which I probably shouldn't trust.

Thanks for your patience.

To test LiveUpdate

* Run LiveUpdate and download the available update.
o If you successfully run LiveUpdate, then configure your firewall to allow a LiveUpdate connection. For instruction on how to configure your firewall, read Settings needed to configure your firewall for LiveUpdate (http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/2002041115083313?Open&src=bar_sch_nam&docid=2005050311260713&nsf=sharedtech.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=), then enable your firewall. You are done with this document.
o If you could not run LiveUpdate, then enable your firewall and go on to "To disable the your computer's ad blocking."

Thanks again. I will double-check the firewall settings for allowing that particular program (Live Update) to access the internet.

But I really don't think this is a problem specific to Live Update (despite the fact that at this moment, web access is working and LU is not). It's a general firewall authentication problem. Last time, Live Update worked fine and it was email that wasn't working.

Thanks for pointing me to my old thread; it refreshed my memory. The only halfway sensible thing I found on the Symantec Knowledge Base suggests deleting Nisum.dat. This seems to be a file of user accounts. Apparently older versions of Norton (and NIS 2002) had user log-in accounts. My NPF 2002 does not, but is liable to mistakenly think it does if it sees that file.

I don't remember if I tried that, or if it solved the problem. But I think so.

You see,
You are the real expert on this problem.
But when I say something "stupid" and/or beside the point, and you have to explain it to me, it helps clarify the issues in your mind.

I do that with my wife.
She will ask an apparently "stupid" question [which isn't really so silly as it seems] and in the process of me explaining the details, progress is made. :D

lol, I don't know about being an "expert", but I do long for the days when I knew very little (on these forums as well as in my day job), because I could ask anybody anything, and they were likely to know more than I did. That's not true anymore.

I am slowly learning not to question anything my wife says. She is usually right.

The Symantec configuration details are given at:
http://service1.symantec.com/SUPPORT/nip.nsf/docid/2003120510272036?Open&src=sg&docid=2003120409222336&nsf=nip.nsf&view=46f26a2d6dafb0a788256bc7005c3fa3&dtype=&prod=&ver=&osv=&osv_lvl=

If difficulty in deciding how to configure a web aware application just remove the rule (or rules) completely. Then, the next time that application wants to run, it will prompt you whether to allow it or not.

Mystery solved ... somewhat.
You see, you are the real expert on this problem.I don't *think* so. Once again I have been pigheaded and afflicted with tunnel vision.

Deleting nisum.dat didn't help.

Then as promised (although against my ha-ha "better judgement"), I focused on "Internet Access Control" in NPF, the place that determines what the firewall is supposed to do when each application tries to access the internet.

Then I carefully read the detail of the event log blocking message and noted the actual path and program name that was trying to get through the firewall. I don't have it in front of me now, but I think it was something like "c:\Program Files\Symantec\LUComserver_6_2.exe".

The problem with Norton is it's not just one big monolithic glob, but a whole collection of applications, listed by a generic name. And sometimes it's not clear to the lay person which one is which. I tried to find a "properties" in the application list to tell me which actual path/program goes with which generic name, but couldn't.

So I tried to do an add for LUComserver_6_2.exe, expecting it to complain about a duplicate, and ... lo and behold ... it worked! And the problem went away !!

So Live Update was MISSING from the internet access application list !! grrrrrrr.

And my conclusion is forced to be:

That message in the event log "no logged-in account. Default action is to block communications" is my NPF's way of saying "hey dummy, you forgot to add this program to the application list in Internet Access Control".



If difficulty in deciding how to configure a web aware application just remove the rule (or rules) completely. Then, the next time that application wants to run, it will prompt you whether to allow it or not.Yes, Paul, this is exactly what I expected too, but it didn't happen that way. The Alert Tracker showed that the program was trying to access the internet, and then it just died. Each application reacted in its own way but they all did what they would do if the Ethernet cable had fallen out of the back.

For some reason, the automatic application scan when I installed NPF on my friend's computer didn't pick up all the pieces of Norton. This explains why we had the problem on his computer but never on mine, I guess.

Thanks for your patience. grrrr, can't believe now much time I wasted on this.

"no logged-in account. Default action is to block communications"
Now that you explain all of that, the above makes much more sense. :)
The meaning I take is that:
Because LiveUpdate is not listed [has no logged-in account] to be allowed access to the web, and...
Because the program is CONFIGURED that the default action is to BLOCK [rather than ask permission as my ZoneAlarm is configured],
then...
Your program got blocked.
Makes sense doesn't it?
Can you configure NPF to ask permission whether to allow access?
When my ZoneAlarm asks, there's a tick-box to tell it not to ask again, but always implement that given answer.

"no logged-in account. Default action is to block communications"
Now that you explain all of that, the above makes much more sense. :)lol, maybe to *you* it does .....

The meaning I take is that:
Because LiveUpdate is not listed [has no logged-in account] to be allowed access to the web, and...But it's an application program, not an "account" !!!! There are no accounts or logins in my Norton software. I hate messages that don't say what they mean.

Can you configure NPF to ask permission whether to allow access?Not that I know of. But I've been wrong before. Very recently.

Thanks

"But it's an application program, not an "account" !!!!"
My guess is that the makers of the software think about things in a certain way.
They consider that each application [when it is registered or listed] is given an "account" with NPF. It is a "client" application, and it has an account.
And each client application's account is to be handled according to certain pre-configured rules.
For example, it might be automatically given access to the internet, or automatically blocked, or the user might be asked what is to be done and that answer would determine its treatment.
The language used is in accordance with a "metaphor" being used.
These metaphors are used all the time in Windows.
e.g. The "Desktop" isn't really a physical desktop, only a metaphorical one.
e.g. "Folders", "Cut & Paste", "Drag 'n Drop" are metaphors.

"Not that I know of. But I've been wrong before. Very recently."
During installation of ZoneAlarm I configured it to ask permission to block or allow access. It's brilliant, works well. These are called "New Program Alerts" I believe.

QUOTE
"New Program alert
New Program alerts enable you to set access permission for program that has not asked for Internet Zone or Trusted Zone access before. If you click Allow, the program is allowed access. If you click Deny, the program is denied access.

Why these alerts occur
New Program alerts occur when a program on your computer tries to initiate a connection with a computer in the Internet Zone or Trusted Zone, and that program has not already received access permission from you.

As you begin to work with Zone Labs security software, you will probably see one or more New Program Alerts.

What you should do
Click Allow or Deny in the alert pop-up after answering these questions:

Did you just launch a program or process that would reasonably require permission? If so, it's probably safe to click Allow. If not, continue.
Do you recognize the name of the program in the Alert pop-up? If so, does it make sense for the program to need permission? If so, it's probably safe to click Allow. If not, or if you're not sure, continue."

It's weird that I've never run across this before. I've used NPF for many years. Always in the past, when setting up NPF, it does a scan to locate all the programs that might want to access the Internet and add them to the list. On my friend's machine, it somehow seems to have missed one.

Was the problem program [which one is it?] in place when NPF was being installed?

Or was it installed later?

Was the problem program [which one is it?] in place when NPF was being installed? Or was it installed later?The problem program in this case was Norton Live Update. That's what's weird.

So NPF is blocking its own updating program?

Well, I suppose that isn't so silly.
After all, some nast mighty disguise itself as that to get past the normal firewall checks.
So NPF gives no "special privileges" to anything and even its own updater has to go through the firewall.
Sounds good. :)