I use mirc every day and today is the first time in 16 years I'm having an issue with it. I've tracked it down to norton.


[22:37] -irc.holonet.org- *** Looking up your hostname...
[22:37] -irc.holonet.org- *** Checking Ident
[22:37] -irc.holonet.org- *** Found your hostname
[22:37] -irc.holonet.org- *** No Ident response
[22:37] * Send error ([10053] Software caused connection abort)
[22:37] * Disconnected

Norton that has a popup notice...

An intrusion attempt by CUSTOM was blocked.

Network traffic from CUSTOM mattches the signature of a known attack. The attack was the result from \DEVICE\HARDDICKVOLME3\MIRC.EXE.

Destination matches the IRC and SOURCE matches my IP address. My computer is named custom btw.


When I go into Norton turning off the smart firewall and antivirus protection does nothing. When I turn off the intrusion detection, I can log into the server just fine.

The firewall protections are set that mirc is allowed access in and out... but like I said, disabling firewall didn't work, had to disable intrusion.

This seems to be an auto-update change.

Any idea what I need to do?

This is called a false-positive and usually happens when an anti-virus company updates their virus definition files without checking them properly. The result is that the anti-virus software starts incorrectly detecting some applications as trojans or viruses. Unfortunately this happens all the time. For example, some time ago Microsoft Security Essentials detected the Google Chrome web browser as a trojan and recommended that users delete it.

You would need to contact your anti-virus software company to report the issue and to ask them for a solution. They should then correct the error in the next update of their virus definition files and should be able to tell you how to prevent their software from behaving this way in the meantime.

Looks like Symantec is looking into it, appears it's NOT just mirc, it's many IRC clients.

https://community.norton.com/en/forums/norton-blocking-irc-access