It is possible to avoid the little temper tantrum that Norton Internet Security or Personal Firewall throws after you make a change to your startup configuration using MSCONFIG.
All that is necessary is to disable the "ccRegVfy" startup item using -- you guessed it -- MSCONFIG. This will still allow N.I.S. or N.P.F. to run on startup, but it will prevent it from checking the registry for "unauthorized" changes (such as what MSCONFIG makes).
Unfortunately this may slightly reduce the protection provided by N.I.S. in that other changes to the registry by malicious software might not be detected at startup. I'm not certain exactly what portions of the registry "ccRegVfy" looks at... Hopefully someone else can figure this one out. Anyways, just be aware that disabling it on startup may mean that undesired changes to the registry go undetected (some details from Symantec would be nice).