Wireshark, What Information Does Norton Security Send Back to Symantec?
Hello,
I am using Norton Security 22.20.2.57, the latest. Using free TCPView 3.05, I can track most connections on my PC. I have noticed for years that Norton Security returns data back to certain servers. This was true even with older Norton Internet Security 21.7.0.11 when I shut off auto LiveUpdate and also any program updates for NIS 21.7.0.11.
For example, here are the connections from TCPView today:
Process PIC Protocol Local Address LocalP Remove Address RemortP Port State Sent Packets Sent Bytes Rcvd Packets Rcvd Bytes
NortonSecurity.exe 1480 TCP XXXXXXXX XXXXX 13.68.168.63 https ESTABLISHED 8 2,792 4 596
NortonSecurity.exe 1480 TCP XXXXXXXX XXXXX XXXXXXXX 0 LISTENING
NortonSecurity.exe 1480 TCP XXXXXXXX XXXXX XXXXXXXX 0 LISTENING
NortonSecurity.exe 1480 TCPV6 XXXXXXXX XXXXX XXXXXXXX 0 LISTENING
You can see Norton Security has sent 2,792 bytes and received 596 bytes to server 13.68.168.63 and this is over a space of only 30 minutes. Norton's "Community Settings" have been turned off. Using IP address lookup, the server is Microsoft Azure cloud computing. I have uploaded an image of TCPView.
My question is: does Norton Security 22.20.2.57 return any user usage information back to Symantec such as file names which have been manually scanned or downloaded or web sites which have been visited? Has anyone ever run a data parser such as WireShark to see what data Norton Security is sending from your PC?
Our Symantec 3 PC subscription runs out in 30 days. I need to know this before I buy a new key for another year.
Thanks in Advance.
According to your "screenshot" the connection to Symantec is encrypted, so you won't see the real data when you do a capture unless you have the private key. I guess the best and fastest way to get an answer to your question would be to ask Symantec what the suite is transmitting to this IP address.
BTW: spoc.norton.com (13.68.168.63)