Hi all,
I have been redirected to this forum regarding my question on the Norton forum at http://community.norton.com/t5/Norton-Internet-Security-Norton/HTTP-Fragus-Toolkit-Request-1/m-p/335525/highlight/false . (I am a DoD employee with the free version of SEP for home use. Symantec Endpoint Protection version 11.0.5002.333)
I am new to the community and don't know much about hunting down virus's so bear with me.
My Norton SEP also has captured these processes:
11/26/2010 12:59:42 PM (CST)
[SID: 23987] HTTP Dragon Toolkit Activity detected.
Traffic has been blocked from this application: C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
(Same DTG)
Traffic from IP address 91.213.217.191 is blocked from 11/26/2010 12:58:41 PM to 11/26/2010 1:08:41 PM.
11/29/2010 12:12:42 AM (CST)
[SID: 23974] HTTP Fragus Toolkit Request 1 detected.
Traffic has been blocked from this application: C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
I've had Weatherbug on my machine for several months with no issues and there are no other entries in my security log that reflect malicious activity. ((The Weatherbug has lots of adds embedded and if I understand what the whitepaper on Fragus Toolkit is saying I have a suspicion the adds are the weak link))
I have removed Weatherbug and done a complete scan with SEP version 11.0.5002.333 with no signatures detected.
Is there any reason for concern? And why would my log be clean except for those 3 entries for the last 9 months? (How long does the security log maintain its record?)