Symantec Endpoint Protection 12 blocking internet connection

symantec-endpoint-protection symantec
8,112

Assuming you meant SEP rather than Backup Exec.

This indicates that there is inbound traffic form the IP mentioned in the alert. As the user mentions, this is usually a malformed address or it is some sort of malware creating traffic.

There are some versions of SEP that see DNS traffic from the router as a DoS. This is typically found on a router that is doing DNS forwarding from an ISP. Common on home and small business devices.

Symantec Support has info on this and it is supposed to be addresed in a release RU6 MP1. Check your version to see if it is current.

You can create an exception but you would want to be sure the traffic is legitimate. This assumes a managed client.

To create an exception for Intrusion Prevention Policy to allow a specific ID:

  1. Open Symantec Endpoint Protection Manager console .
    1. Select 'Policies' tab.
    2. Under 'View Policies', select 'Intrusion Prevention'.
    3. Select Intrusion Prevention policy, and under 'Tasks' select 'Edit the Policy'.
    4. Select 'Exceptions' tab.
  2. Click on 'Add...' button.
    1. Search and select ID blocked.
    2. Click on 'Next>>' button.
    3. Change 'Action', from 'Block' to 'Allow'. Click on 'OK' button.
    4. Check if the exception edited has been added to 'Intrusion Prevention Exceptions' list.
    5. Click on 'OK' button for save changes in the Intrusion Prevention policy.
Share:
8,112

Related videos on Youtube

Kruug
Author by

Kruug

I specialize in help desk/desktop support. I dabble in both Windows and Linux, as well as a bit of programming (mainly web-based currently).

Updated on September 18, 2022

Comments

  • Kruug
    Kruug almost 2 years

    I have a user that gets blocked from the internet periodically due to a setting within Symantec Endpoint Protection . The warning he gets is similar to:

    Traffic from IP address 192.168.1.1 is blocked from 11:53pm to 12.03am.
    Denial of Service is logged.

    Has anyone heard of this before, or have any insite as the where the problem may lie? I checked the Symantec Endpoint Protection logs, but I was unable to find any blatant issues. The user states that it generally happens with malformed URL's, but I am unable to reproduce it at our help-desk.

  • Kruug
    Kruug over 11 years
    Yessir, SEP. I was working on our weekly backups while typing this up.
  • Kruug
    Kruug over 11 years
    Will this allow the user to move to new networks where this may occur without having to set up a new exception? The user travels a lot and we're looking for a permanent solution.
  • Dave M
    Dave M over 11 years
    You will need to configure Location Awareness to manage this issue a bit more There is some info here symantec.com/connect/articles/…

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

symantec endpoint protection service stuck at stopping
How to clear Symantec Endpoint Protection logs
Removing Symantec Antivirus from a Mac?
Symantec Endpoint Protection (smc.exe) Performance Problems
Norton Antivirus Contstant Reboot Requests
How can I configure Symantec Endpoint Protection Agent to allow access to windows shares?
How do I delete the DMP files from Symantec Endpoint Protection's Data Install directory?
UEFI pxe boot Ghost for Windows 10 deployment
How to backup Symantec Backup Exec's catalog?
Calculate rate of changed data