Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Denial of Service is logged

Created: 04 Dec 2013 | 5 comments

Hello,

Having a user with sep client software version 11.0.5002.333.

The user get notices about Denial of Service (Traffic from IP address is blocked).

Any action that should be taken for this type of event?

Operating Systems:

Comments 5 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

The message what you are getting is from IPS. 

Denial of Services examines all network packets for specific known attacks that limit your computer's use of the services that you would normally expect to have.

There are various kinds of attacks and DOS Denial of service is one of them.

http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=21422

Thanks to NTP and IPS that it has blocked that attack.

This is working by design as part of Denial of Service protection.

Secondly, on a good note - you are running an older version of SEP 11.0.5002 and it is highly recommended to migrate to the Latest version of SEP 11.0.7300 OR SEP 12.1.4013

About Maintaining Consistency of Software Versions throughout a SEP 11 Organization

http://www.symantec.com/business/support/index?page=content&id=TECH131660

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

.Brian's picture

It means that their SEP client detected some malicious activity, possible a scan. The SEP client did its job by blocking it.

Verify the remote IP doing the scanning and block it via your firewall.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

AjinBabu's picture

Hi, 

This is becuse some of the malicious activity found on your netwoek, please check any such messages on the SEPM 's NTP logs.

Regards

Ajin

.Brian's picture

Do you need more assistance with your problem or were you able to get it resolved?

If you could post an update for followers of this thread that would be most helpful.

Otherwise, if resolved, you can close the thread out by clicking the "Mark as solution" link at the bottom left on the most helpful post. If multiple posts helped to solve your problem, please click the "Request split solution" link at the bottom left, select the most helpful posts and click the "Submit" button. This will benefit admins looking for a resolution to the same problem.

Thanks and take care,
Brian

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.