Opened 13 years ago

Last modified 7 years ago

#313 closed enhancement (Not a bug)

Norton AntiVirus (WinXP) reports worm on Tor 0.1.1.22

Reported by: Grumpy Owned by:
Priority: Low Milestone:
Component: Core Tor/Tor Version:
Severity: Keywords:
Cc: Grumpy Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Was running Tor 0.1.1.21 on Windows XP as a server. Was showing very low bit rates -
so decided to upgrade to newest version of Tor when it came out.

Now Norton Anti Virus is popping security alerts "Norton Internet Worm Protection
has detected a remoter system that is trying to access your computer..."
Path C:\Program Files\Tor\tor.exe
Direction: Inbound
Local address 192.168.2.50 (my NATed local IP)
Local Port 19001 (the port I selected for Tor to use)
Remote address 212.x.x.x (someone elses IP)
Remote port 60832

This keeps occuring at irregular intervals, even when I select "Permit" and have
attempted to configure Norton to allow tor.exe.

This did not happen on 0.1.1.21

Have searched for similar issues experienced by others but no luck - any ideas
(besides not running Tor server on XP)

[Automatically added by flyspray2trac: Operating System: Windows 2k/XP]

Child Tickets

Change History (4)

comment:1 Changed 13 years ago by Grumpy

I found a way to get around this. In Norton AntiVirus (2005), define a new 'permit' rule for Worm protection.

  • Options , Internet Worm Protection, General Rules
    • Permit - Any Computer (TCP, local port 19001 (and move this rule up to before the 'deny' rules

(port 19001 is the port I use for Tor server)

This appears to have done the trick. The thing I don;t understand is why on Tor 0.1.1.21 that this was not a problem.

I think this issue can be closed now - but would recommend adding these details in the documentation for Windows.

comment:2 Changed 13 years ago by nickm

We've already got a FAQ entry here:

http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#FalsePositiveViruses

This happens every few releases for some antivirus program or other.

comment:3 Changed 13 years ago by nickm

flyspray2trac: bug closed.

comment:4 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.