TSE debugging
To enable Extended TSE Debugging for Network Threat Protection, stop the SMC process (smc -stop) and import this registry setting.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\TSE]
"ExtendedDebug"=dword:00000001
Start the SMC service (smc –start)
Example from debug.log:
01/25 16:46:17 [304:960] TSE extended debugging is turned on. Flag =
01/25 16:48:43 [304:592] TSE2415: *********DROP PACKET*********
01/25 16:48:43 [304:592] TSE: SecurityRule = Block Local File Sharin
01/25 16:48:43 [304:592] TSE: ApplicationName = C:\WINNT\system32\ntoskrnl.ex
01/25 16:48:43 [304:592] TSE2417: *** DROP PACKET **
01/25 16:48:43 [304:592] ======== TsPacket ====== BA: 1 == protocol: 2 === === EtherII Packet=== len:92==== nic:0===== 00-0c-29-4e-d7-c7 ---> ff-ff-ff-ff-ff-ff , protocol = 0x800 ===== IP Packet==== len:78==== 192.168.20.12 --> 192.168.20.255, type: 0x11, Id: 2629, Frg: 0x0 ========= UDP datagram, len: 78==== 192.168.20.12:137 -> 192.168.20.255:137 , DataLen: 5
01/25 16:48:43 [304:592] TSE2415: *********DROP PACKET**********
01/25 16:48:43 [304:592] TSE: SecurityRule = Block and Log Unchecked IP Packets
01/25 16:48:43 [304:592] TSE2417: *** DROP PACKET ***
01/25 16:48:43 [304:592] ======== TsPacket ====== BA: 1 == protocol: 2 === === EtherII Packet=== len:74==== nic:0===== 00-50-56-c0-00-02 ---> 00-0c-29-4e-d7-c7 , protocol = 0x800 ===== IP Packet==== len:60==== 192.168.20.1 --> 192.168.20.12, type: 0x1, Id: 28535, Frg: 0x0 ===== ICMP Packet==== len:40==== , type: 0x8, Code: 0, Checksum: 0x5a3a
Check this video yo will get a good view.
Symantec Endpoint Network Activity Tool
https://www-secure.symantec.com/connect/videos/symantec-endpoint-network-activity-tool
Hope this helps..........