Wireshark, What Information Does Norton Security Send Back to Symantec?

asked 2020-06-16 05:04:36 +0000

Hello,

I am using Norton Security 22.20.2.57, the latest. Using free TCPView 3.05, I can track most connections on my PC. I have noticed for years that Norton Security returns data back to certain servers. This was true even with older Norton Internet Security 21.7.0.11 when I shut off auto LiveUpdate and also any program updates for NIS 21.7.0.11.

For example, here are the connections from TCPView today:

Process         PIC Protocol Local Address  LocalP  Remove Address  RemortP Port State  Sent Packets Sent Bytes Rcvd Packets    Rcvd Bytes
NortonSecurity.exe  1480    TCP XXXXXXXX    XXXXX   13.68.168.63    https   ESTABLISHED 8       2,792   4         596
NortonSecurity.exe  1480    TCP XXXXXXXX    XXXXX   XXXXXXXX    0   LISTENING
NortonSecurity.exe  1480    TCP XXXXXXXX    XXXXX   XXXXXXXX    0   LISTENING
NortonSecurity.exe  1480    TCPV6   XXXXXXXX    XXXXX   XXXXXXXX    0   LISTENING

You can see Norton Security has sent 2,792 bytes and received 596 bytes to server 13.68.168.63 and this is over a space of only 30 minutes. Norton's "Community Settings" have been turned off. Using IP address lookup, the server is Microsoft Azure cloud computing. I have uploaded an image of TCPView.

My question is: does Norton Security 22.20.2.57 return any user usage information back to Symantec such as file names which have been manually scanned or downloaded or web sites which have been visited? Has anyone ever run a data parser such as WireShark to see what data Norton Security is sending from your PC?

Our Symantec 3 PC subscription runs out in 30 days. I need to know this before I buy a new key for another year.

Thanks in Advance.

edit retag flag offensive close merge delete

Comments

According to your "screenshot" the connection to Symantec is encrypted, so you won't see the real data when you do a capture unless you have the private key. I guess the best and fastest way to get an answer to your question would be to ask Symantec what the suite is transmitting to this IP address.

BTW: spoc.norton.com (13.68.168.63)

JasMan gravatar imageJasMan ( 2020-06-16 19:02:11 +0000 )edit