Endpoint Protection

 View Only

  • 1.  Denial of Service is logged

    Posted Dec 04, 2013 06:09 AM

    Hello,

    Having a user with sep client software version 11.0.5002.333.

    The user get notices about Denial of Service (Traffic from IP address is blocked).

    Any action that should be taken for this type of event?



  • 2.  RE: Denial of Service is logged



  • 3.  RE: Denial of Service is logged

    Trusted Advisor
    Posted Dec 04, 2013 07:33 AM

    Hello,

    The message what you are getting is from IPS. 

    Denial of Services examines all network packets for specific known attacks that limit your computer's use of the services that you would normally expect to have.

    There are various kinds of attacks and DOS Denial of service is one of them.

    http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=21422

    Thanks to NTP and IPS that it has blocked that attack.

    This is working by design as part of Denial of Service protection.

    Secondly, on a good note - you are running an older version of SEP 11.0.5002 and it is highly recommended to migrate to the Latest version of SEP 11.0.7300 OR SEP 12.1.4013

    About Maintaining Consistency of Software Versions throughout a SEP 11 Organization

    http://www.symantec.com/business/support/index?page=content&id=TECH131660

    Hope that helps!!



  • 4.  RE: Denial of Service is logged

    Posted Dec 04, 2013 07:35 AM

    It means that their SEP client detected some malicious activity, possible a scan. The SEP client did its job by blocking it.

    Verify the remote IP doing the scanning and block it via your firewall.



  • 5.  RE: Denial of Service is logged

    Posted Dec 04, 2013 12:20 PM

    Hi, 

    This is becuse some of the malicious activity found on your netwoek, please check any such messages on the SEPM 's NTP logs.

    Regards

    Ajin



  • 6.  RE: Denial of Service is logged

    Posted Mar 03, 2014 01:54 PM

    Do you need more assistance with your problem or were you able to get it resolved?

    If you could post an update for followers of this thread that would be most helpful.

    Otherwise, if resolved, you can close the thread out by clicking the "Mark as solution" link at the bottom left on the most helpful post. If multiple posts helped to solve your problem, please click the "Request split solution" link at the bottom left, select the most helpful posts and click the "Submit" button. This will benefit admins looking for a resolution to the same problem.

    Thanks and take care,
    Brian