What triggers a port scan detection in Symantec Endpoint Protection (SEP)
|Article:TECH165237|||||Created: 2011-07-22|||||Updated: 2013-06-24|||||Article URL http://www.symantec.com/docs/TECH165237|
Customer would like to know if a port scan detection is real and what behavior is detected
SEP firewall detects the behavior as port scan attack if the same IP address accesses more than 4 ports within 200 secs.
Example of SEP "Security log" in which we can see more than 4 ports being scanned.
Article URL http://www.symantec.com/docs/TECH165237