Recently, my tamper protection log recorded two instances of unauthorized access blocked (open process token). Actor was c:\...system32\cfmon.exe, target was c:\...\ccSvcHst.exe (Norton engine). CTFMon is involved with the language/alternative input services in Office XP. I've had similar attacks previously & Symantec tech support wanted $100 to scan my PC online. That was a no-go because I keep (healthy) backups of my partitions. What is the best and cheapest way to test the integrity of my firewall?