Some BlackICE Directory Files Can Trigger False Code Red Alert in Norton

Don't worry, this minor glitch can easily be resolved

Recently we've had some reports of campus Windows servers getting Code Red alerts from Norton even though they're protected by BlackICE Defender, the personal intrusion detection program that automatically locks out sites when it senses an attack.

BlackICE technical support confirmed that these alerts are "false positives," caused by .enc files in the BlackICE directory that contain enough of the packet information in Code Red to trigger a false alert in Norton, e.g.:

evd20010829-16.enc
evd20010816-18.enc
evd20010821-23.enc
evd20010822-21.enc
evd20010716-20.enc

The information in these .enc files can't infect your system, and you can delete them without affecting BlackICE's ability to protect you.

Another option is to exclude these files from a Norton scan altogether. Or, you can instruct BlackICE not to create these files by taking the following steps:

1. Select "Tools" from the menu bar.
2. Choose "Edit BlackICE Settings."
3. Click on the "Evidence Log" tab and make sure the box labeled "Logging enabled" is not checked.
4. Click "OK."

This will turn off the evidence logging feature in BlackICE.

For more information on BlackICE and other Internet Security Systems products, go to
http://www.networkice.com/