Networking Software

Norton “Internet Worm Protection”

Norton AntiVirus has this strange omission I just can’t figure out. For some reason “Internet Worm Protection” won’t allow for creating a connection to a PPTP VPN. Not very helpful if you have to connect to one of the many VPN’s out there that use this protocol.

First a little primer on making a PPTP connection . You essentially need two ports open, 1723/TCP, and IP Protocol 47 (GRE). Ok, this is pretty basic stuff. We can do that ;). Well in the little wizard Norton provides, to create a rule you have the following choices for protocol: TCP, UDP, TCP/UDP, ICMP, ICMPv6, All (pointless). No way to select GRE.

So the only way I’ve found to connect to a PPTP VPN thus far is simply to disable either just Internet Worm Protection, or disable Norton AV.

It’s rather odd that something like this is not supported. A search on Google didn’t turn up an answer. Symantec’s tech support database didn’t turn up anything helpful either.

I would have expected something like this to function without a hitch. I’m very surprised to see this requires any intervention, and even more surprised to see that even with intervention there’s still no way to get it working.

27 replies on “Norton “Internet Worm Protection””

The only way we(a helpdesk) have found is to disable it as well for pptp vpn connections , and make sure you re enable the windows firewall. Even messing with all the incoming and outgoing rules does not work. There seems to be a flaw with this version of norton. Why does anyone even run this bloatware garbage?

I dug on this one for a while until I figured out what was going on. My system also used a Verizon Air-card that complicated things (OK, not really, but I didnt help…)

What’s even better, when you create the rules, you cannot select inbound, outbound, or both. Well you CAN, but it will always end up back on inbound no-matter what you do. even if you just go from one tab on the rule, and back, it will revert.

Also it seems creating a stupid rule of ‘allow everything’ doesnt sllow connection either.

Didnt Like Norton before, this isnt impressing me ONE BIT!

Basically poured 3 days into finding this bug on a customer’s machine πŸ™

Just been onto Nortons technical team chatting on instant messenger, and explained this VPN problem to them, they gave me the run around as well about creating rules in the firewall, until I mentioned about the Connection dialog always reverting back to the same option. They then told me that there was a outstanding bug fix for this and it should be posted soon. Until then:

“Steve, to resolve this i suggest you to disable your Internet Worm Protection and Enable your Windows Firewall. If your Internet Worm Protection disabled Auto protect will run in the background and scans the Worms.”

Great so we have to run the software with some of the features disabled and use a competitiors instead because it actually works. You gotta love this company. πŸ˜†

Steve G:

They then told me that there was a outstanding bug fix for this and it should be posted soon.

Hmm… I wonder if they mean posting recognition of the bug, or a fix for it.

Confirmed with “Aneesh” via Symantec chat today that this is an issue. I installed Norton System Works Premeir Edition 2007 on a machine that was formerly running only NAV 2005. This is a fairly beefy machine that includes two drives in a RAID array (striped).

First indication of impending doom during install was an error message informing me that Norton GoBack would not install because of the RAID disks (I have yet to research that issue, however, Symantec refers you to Then, after two attempts at installation of NSW (first attempt failed despite the fact that I had uninstalled all previously installed Symantec components and rebooted prior – and had to download the Norton Removal Tool, run it and then re-install NSW) – my PPTP VPN no longer worked.

I attempted to find settings that would allow me to allow this connection, to no avail. Through experimentation, I confirmed that disabling Internet Worm Protection, I could connect to my VPN. I started a chat with Aneesh (in India, BTW) and he told me that it was a known issue and there was no solution other than disabling IWP.

In the chat, he stated:
“The following VPNs have been tested with Norton AntiVirus Internet Worm Protection:
–Symantec Enterprise VPN

…and again confirmed that NSW Premeir 2007 did not work with the standard PPTP VPN solution that was included in Microsoft Windows.

I purchased this version because we have tested Save and Restore in-house and found that it works pretty well, and the NSW Premeir 2007 now includes this instead of Ghost. So this package represents a decent deal if you need all the functionality. Too baad it doesn’t work as advertised.

I too have been experiencing this issue for the last 10 days, with no idea until yesterday that it was NAV ’07 blocking the Internet connection altogether.
I discovered this accidently because I used ghost to restore to a previous, fully-functional state (in Nov’06), thinking that that might be enough to get things working. No go: still no Internet connection. It took me back to a state when I had NAV’05 installed so, in order to reinstall NAV’07, I had to uninstall NAV’05. That done & rebooted, the Internet connection was immediately restored and the boot time drastically reduced,…to boot.
I reinstalled NAV’07 and the Internet connection was permanently lost again just after NAV’07 had downloaded, and was still installing, the whole heap of updates it needs to when you install it.
I contacted Symantec chat, through my work computer ’cause I still don’t have Internet at home anymore thanks to NAV, and they weren’t very helpful at all.
They told me deactivate Worm Protection, but that hadn’t worked when I’d tried it myself.
They told me to ‘find a decent technician’.
Ummm,…I think I’ll just uninstall.

I uninstalled Norton Systemworks and still get the POP-up. I have run their cleaner and sat through the support folks in India having tea while i waited for them. They have no idea how to get it to stop. Does anyone know the specific files i should eliminate??
I don’t have the disks anymore so a reinstall wouldn’t help me.
Please and thank you.

[…] to a blog discussion on this which savages Symantec for the way they implemented this feature: Robert Accettura’s Fun With Wordage » Blog Archive » Norton “Internet Worm Protection&#8… The workaround is to turn the Windows firewall protection on and the Symantec worm protection […]

VPN solution, Microsoft Windows XP SP2/Symantec IWP:

1. Use a L2TP/IPSec VPN connection, instead of PPTP, with preshared keys if no certifications.;281555
2. Set the server’s IWP to accept incoming connections on ports: 500, 4500 and 1701.
3. If server is behind a NAT device, NAT-T has to be enabled on server through registry edit.;818043

I hope this helps.

IWP is an unchallenged peace of software (simple, ease on memory and processor power with powerful firewall and intrusion prevention) and while Symantec have not built it with VPN users in mind, it can still be used with VPN.

While I am not a big fan of working from home, I did try to connect to work via VPN three weeks ago for the first time. Needless to say I failed. It will be difficult for me to explain how hard I’ve tried to get it to work.

Finally figured that NAV 2007’s worm protection is causing the problem. And a google search for “norton antivirus worm protection vpn” came up with this blog as its first link. I suppose I should say that I am not the only one.

For this post to be useful, I’ll just add that I tried disabling a few specific checks from the worm protection (any that contained PPTP or RAS), but that still didn’t help.

Also, if I disable worm protection, establish VPN connection, and re-enable worm protection even as I am connected, it doesn’t bump me off right away. Go figure.

Just thought I’d mention that this is still a problem. Every “General Rule” reverts back to “Inbound” and VPN connection attempts and blocks aren’t logged. The only solution after over 6 months is to disable IWP. Good work Symantec.

Having just purchased an upgrade to Sys-wks 2007 from 2005 when all I really needed was an AV renewal, I’ve discovered the PPTP/VPN bug and the stuff about inbound/outbound etc.

It appears from the symantec website that I’m now being asked to purchase 2007 again after my machine is scanned.

Congratulations Symantec – you just lost a subscriber. They say its harder to attract new customers than to retain them – well if your product works that would be true !!!!

Thanks for nothing.

My VPN connection is blocked by NIS2007 and I can’t figure out why. The funny thing is that making the VPN connection with the PPTP protocol presents no problem but making a connection using the much safer L2TP/IPSEC protocol fails as long as NIS2007 is active.
Has anybody found a workaround other than scrapping Norton completely?

Every word so far in this thread is true today. It no work! It no work! What a PITA. And yes, they want to sell me an upgrade to patch a bug. Class action anyone? Grrrrr……

YES, Class Action!!!!! Program doesn’t work. Their solution is “don’t install that portion” of the program you just paid for. Tech help from India is only good for copying and pasting canned worthless sentence fragments. 6 weeks for a refund if your situation even applies and oh by the way, your program is now on automatic renewal unless you fill out yet another form!!

After wasting a good part of two days on this, I have found the solution. I am going to replace the Norton software with something that works. These guys ought to be prosecuted under the Racketeer Influenced and Corrupt Organization (RICO) laws.

You can also disable the “Stealth Blocked Ports” in the firewall advanced settings as a work-around.

I simply cannot agree more with the posts above. Norton/Symantec has really gone down hill from the days when the produced decent system tools. I wasted 3 hours this afternoon to find out that it wasn’t out VPN, it was a bug in this bloated piece of junkware. Another reason to NEVER recommend a Symantec product.

Many of you are probably long gone subscribers but thought I’d mention while having this same issue today while playing around with setting up VPN and PPTP all I had to do with NIS 2007 (and again after being forced to upgrade to NIS 2008) was to set up TCP / UDP on both ports 1723 and 47 and I could host incoming VPN connections from a remote work mate just fine.

Finally I found the solution to my problem of not being able to make a IPsec/VPN connection with a preshared key.
All that is needed is to declare the IP adress of the VPN server as a trusted connection. In IWP add a generic rule on top of the list which admits all ports of that specific VPN server. If you want to play it safe you can confine it to port 1701 in both directions as that port is used for the handshake protocol for a L2TP over IPsec connection.
I am as happy as a pig in **** that I finally cracked it and no thanks to the Symantec helpdesk guys. All they do is sit on their thumbs collecting telephone royalties.
B.t.w., port 1723 as mentioned by Catspit is used by the PPTP protocol which never gave me any bother and needed no settings other than the defaults.

I am having problems with my Norton Antivirus 2008. I have been having intermittent hourglass lockups for about 5-10 minutes. I looked at the Internet Worm Protection General Rules and noticed that the Default Windows File Sharing is ALLOWED and is supposed to be blocked. So I changed it to BLOCK. ALso, The Default Microsoft Windows 2000 SMB was supposed to be BLOCKED and said ALLOW. There is another one that says DEFAULT IPV6 Loopback and it says ALLOW. I don’t know what is is supposed to say. Do you think this is why I have been having these lockups in my computer with the hourglass?


I have a different problem but just as frustrating. I too am tired of Norton so I uninstalled all the Norton files so I could install another anti virus software. The problem is I can’t install my new software becasue it says there is aconflict with Norton worm protection. I can’t find where it is installed. How can I get rid of this. I am not going back to Norton.


Update: I made contact with Norton and there is a Norton Uninstall utility that can be downloaded and use to totally purge your system of the Norton product. After I ran this utility my new software installed fine and I am happy with it.

I wonder if any of you have similar problem to mine. NAV 2007 blocks my own DNS addresses from my isp. I tried to set the Worm Protection to “Allow”, didn’t work; Then I gave ‘Allow’ to all connection that norton set to ‘Block’ , didn’t work, stil blocking my connection. Then finally I disabled th Worm Protection by setting it ‘Turn off Permanently’, same, still blocking my connection every 3-6 minutes. So what is not working here, or is it working, as connection blocker? Every times when it blocks, it says, Level: Medium; Title: An intrusion attempt by IP No. ***.***.***.*** was blocked; Date: xx/xx/xxxx; Status: Blocked; Recommended Action: Block. -without giving me any chance or option to do otherwise.

Leave a Reply

Your email address will not be published. Required fields are marked *