When you Enable anti-MAC spoofing in Symantec Endpoint Protection the following happens.
Allows inbound and outbound ARP (Address Resolution Protocol) traffic only if an ARP request was made to that specific host. It blocks all other unexpected ARP traffic and logs it in the Security Log.
Media access control (MAC) addresses are hardware addresses that identify the computers, the servers, and the routers. Some hackers use MAC spoofing to try to hijack a communication session between two computers. When computer A wants to communicate with computer B, computer A may send an ARP packet to computer B.
Anti-MAC spoofing protects a computer from letting another computer reset a MAC address table. If a computer sends an ARP REQUEST message, the client allows the corresponding ARP RESPOND message within a period of 10 seconds. All client rejects all unsolicited ARP RESPOND messages.
This option is disabled by default.