Endpoint Protection

Hello,

We a teacher who gets a denial of service "UDP flood attack" attack detected every time she uses your work laptop at home. She can use it at work without any problems. This is the complete log messge on SEP. The version we use is 11.0.6005.562. Any help solving this would be appreciated. Thanks

You need to upgrade. I was one of the first to report this issue and it has been fixed in later releases. You could also add the DNS and/Or home rOuter gateway address to the IPS exclusion. The last option is to disable the DOS option.

Hello,

Please Migrate the SEP to the Latest version.

Here is an Article for the same - 

Symantec Endpoint Protection client Release Update 6 is detecting a Denial of Service attack of type "UDP Flood Attack" from your DNS server.

http://www.symantec.com/docs/TECH132161

 

 

Resolved a UDP flood attack false positive

 

 

 

Denial of Service "UDP Flood Attack" attack detected.

Description:

 An excessive number of User Datagram Protocol (UDP) packets are being generated on this computer causing 100% CPU utilization.

 

 

 

Traffic from IP address 192.168.1.1 is blocked from 9/5/2011 7:55:59 PM to 9/5/2011 8:05:59 PM.

I thought that's what I would have to do. I was hoping there was a work around considering we have already started the school year.Would the newer version be able to use the same client agent already installed on the laptops and desktops? Thanks

Hello,

Migration would include:

1) Migration of SEPM on the Server.

2) Migrating of SEP clients on all machines.

No Uninstallation is required.

The Article below would help you do the same:

 

Thank you, much appreciated. Hopefully I can remember my password for fileconnect.

Hello,

Fileconnect website does not require a Password, it requires a Serial Number and it is provided to you on your Paper License (.pdf Format)

The Serial Number may start with the Letter "M"

Hope that helps!!

Have you checked the possiblity that there may be an infected PC on the home network?

I have already downloaded 11.0.7x. I did give that a thought, however this teacher contends she only uses her work laptop at home and I checked the client on her machine and everything is okay.Thanks

I have a 1 year old HP laptop running IE7 with a wireless connection to a home router that has developed similar denial of service problem "UDP Flood attack" which randomly occurs and results in an active response for 30min.  This problem has been occuring for 2 months now.  I have not done any upgrades to symantec in the past year, other than what is automatically delivered.  It is running version 11.0.6005.562 and is on a home network with a laptop running XP with a wireless connection and a desktop running XP which is hard wired.  Both of these old machines run version 10.1.9.9000, and I have not see a any problem with them, but files are shared across the home network for printing.  Do I need to upgrade symantec on the two old machines.

thanks

Yes, upgrade to the latest version, RU7