Details : http://www.symantec.com/business/support/index?page=content&id=TECH103087
for error: According to Symantec .
Domain controller or router is detected by Symantec Endpoint Protection as MAC spoofing
Fix ID: 2049673
Symptom: The first time a computer running Symantec Endpoint Protection is connected to a wired network, Symantec Endpoint Protection detects the domain controller or router as MAC spoofing. The following messages may appear in the Symantec Endpoint Protection log: "Active Response Major: Traffic from IP address <address> is blocked from <start time> to <end time>." or "Active Response Disengaged: Active Response that started at <start time> is disengaged.
Error: "The traffic from IP address <address> was blocked for 600 second(s)."
Solution: The MAC spoofing detection will only alert after the second ARP response is detected.
ADD an Exception..............if required
For managed clients:
Logon to SEPM
Click Policies
Click Intrusion Prevention under view policies
Edit the Intrusion Prevention Policy applicable at the right
Click Exceptions
Click Add
Check for : [SID:23179]
Highlight the related signature when found
Click Next
Under "ACTION" click "ALLOW"
Under "LOG" click "DO NOT LOG"
Click OK
For unmanaged clients the option to allow or modify the IPS rule does not seem to there so :
Go to Add or Remove Programs.
Click Symantec Endpoint Protection, then click Change.
Click Next, ensure Modify is selected, then click Next again.
Click Network Threat Protection, then click This feature will not be available.
Click Next, then click Install.
When the installation completes reboot the system. Network Threat Protection and so will Intrusion Prevention System will now be inactive.
If you want to disable the notification on your system tray..
1. Go to Clients, then the client group you want to remove this ability from.
2. Click the Policies tab on the right, then expand 'Location-specific Settings'.
3. Click on 'Server Control', then Customize.
4. In the Intrusion Prevention Notifications Uncheck the "Display Intrusion Prevention notifications."