Endpoint Protection

Quick answer please.

One user report me, symantec has blocked the user application. how to resolve it?

Post a screenshot to see exactly what is blocking it?

Are you on 12.1?

Hi,

It's managed client or unmanaged client ?

Check this

https://www-secure.symantec.com/connect/videos/allow-and-block-websites-using-symantec-endpoint-protection-firewall

I am also waiting for usermail.

12.1.2

Does the user have an option to allow it or was it just blocked without giving the user any options?

No idea. when user was reported, i stop the smc.

Mesage - Traffic blocked for this application.

smc will be start when application work will close. after that i can post the error snap.

That is from the SEP firewall. You will need to add an exclusion to allow it.

Is it from svchost?

You can check in the Traffic log.

See if this helps:

http://www.symantec.com/docs/TECH165942

Try the attach forum solution comment

https://www-secure.symantec.com/connect/forums/constant-notification-traffic-has-been-blocked-application-svchostexe#comment-8122021

Hope it help you.

HI, 

As you mentioned above the message is from Firewall module, so you can add an exception on firewll.

Please follow the below How to Create Firewall Exceptions 

If you want to create a firewall rule which affects only this one managed client, you have two options.

1.     Put this client in a unique group in the SEPM and then apply your customized firewall policy to only this group.

2.     Add a customized firewall rule to the client itself (as opposed to adding the rule to the policy in the SEPM.)

I am going to assume you will want option 2 and will provide instructions for that. If you need something different, let me know. I am also going to assume you are using SEP 11.0.x (as opposed to SEP 12.1), since you were not specific.

By default, a managed SEP client will not allow a user to create their own firewall policies from within the SEP client GUI. You will need to change the client interface control settings from within the SEPM to give yourself permission to  modify the client-side firewall rules. Follow these steps:

1.     Login to the SEPM

2.     Click Clients

3.     Select the group that your client is in

4.     Click Policies (the tab at the top)

5.     Remove policy inheritance (checkbox at top) if necessary

6.     Expand Location-specific Settings

7.     Click Server Control (it will open a new dialog box)

8.     Select Client control from the list

9.     Click OK

10.  Wait for the SEP client to pick up the policy change. (You can speed this up by right-clicking the SEP system tray icon on the client and clicking Update Policy.)

After you have made this change, you can now modify the client-side firewall rules using the following steps.

1.     Double-click the SEP system tray icon

2.     Click Options next to Network Threat Protection

3.     Click Configure Firewall Rules...

4.     Click Add

5.     Fill out the rule information as you see fit and click OK.

I suggest creating an Allow All rule (which, as the name suggests, allows all network traffic in or out of the box) and bumping it to the top of the rule list in order to confirm that this fixes the problem. If an allow all rule does NOT fix the problem, then any more specific rule (i.e., restricted to a certain port, protocol, or application) most certainly won't fix it either. Thus, testing the allow all rules can save you some time in the end.

Refferance https://www-secure.symantec.com/connect/forums/firewall-exception-managed-client#comment-6413861

Regards

Ajin

 

Client is unmanage. My other shift engineer remove the ntp component. It is working. Waiting for next error message then paste it.

Hi,

 

Kindly check in Symantec Client's Control log & Security log. See exact which application is block after check in SEPM application & device control policy & exclude that path or process from policy.

Surely your problem can resolve.