Endpoint Protection

I have been using Symantec Endpoint Protection (corporate edition) for several years.  I just switched from an AT&T wireless modem to a Comcast cable modem.  Now Symantec keeps blocking Comcast IP addresses, thinking there is a "denial of service" attack.  Of course this causes me to lose my connection for a certain period of time.

I don't see anywhere to make an IP exception for this type of blocking.

Does anyone have a suggestion?  Thank you.

Ed

Hi Ed,

see these threads with a very similar or even the same problem:

http://www.symantec.com/connect/forums/endpoint-1106-false-denial-service-attacks-dns-servers

http://www.symantec.com/connect/forums/sepv11-dos-ips-logs-after-upgrading-clients-ru6

If you have access to the SEPM console, you should exclude the Comcast IPs in the IPS policy:

Clients > Policies > Intrusion Prevention Policy > Settings > Enable excluded hosts

Alternatively, you can disable Denial of service detection.

Greg,

Thank you.  The threads were very helpful.   As suggested in each thread, I disabled DNS prefetch.  It seems to have taken care of the problem, without a noticeable performance hit.

Thanks again.

Ed

Nope.  Was still getting the false denial of service.  Had to turn off denial of service protection.

Ed

SEP version 12?

Hello,

What version of SEP 11 are you carrying??

Check this Thread: https://www-secure.symantec.com/connect/forums/constant-traffic-ip-address-xxxxxxxx-blocked-message-popping-out

Hope that helps you!!