Norton Internet Worm Protection and iCU2

0
By admin in : Routers // Feb 17 2010

If you are using any of the Norton 2005 product range and see a message from Norton when using iCU2 that states something along the lines of “Norton Internet Worm Protection has detected and blocked an intrusion attempt”. Please read below for more information.

iCU2 will not and cannot give you a Trojan, Worm or Virus. If you are told that you have received a Trojan, Worm or Virus via the iCU2 program, it is a false alarm.

Norton’s products have a habit of giving out false alarms about Trojans, Worms and any other type of Virus as it looks for activity on certain ports and tells you that there is a worm / Trojan attempt to access your computer whenever it sees any activity on specific Ports.

In iCU2′s case, we use TCP 2000 and TCP 2001 for receiving Calls (connects) and direct Quick Messages. Some Trojans were programmed to run on those ports, so Norton gives false alarms as it just sees activity on a port that iCU2 uses (and coming from the iCU2 program) but does not actually verify that it is a worm/trojan that is causing the activity.

So, you may find that after receiving 3 or 4 Quick Messages or a few Call (connect) requests, Norton will tell you that it has detected and blocked an intrusion attempt. Again, this is not true. Norton has simply detected that other iCU2 users are sending you Quick Messages or Call requests and because the Quick Messages or Calls are being sent via TCP 2000 and TCP 2001, Norton gives you a false alarm.

If you have Norton, go into the Internet Worm Protection area, scroll through the list for all entries that say they are using TCP 2000 or TCP 2001 and either Permit those entries, or Delete the entries. Doing this will only stop the firewall part of Norton from reporting the false alarms. The virus scanner part of Norton will still detect and delete any trojans/worms from your system if you are ever sent a worm or trojan.

Please note that if you see the warning messages from Norton and just accept the warnings, you will find that you can no longer receive Quick Messages directly and you will no longer be able to receive Call (connect) requests from other users. To resolve the issue you have to manually permit TCP 2000-2001 or delete the entries that contain TCP 2000 and TCP 2001 (as specified in the previous paragraph).

Comments are closed.