Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Endpoint blocking randomly http requests after minifilter update

Migration User

Migration UserOct 13, 2011 08:53 AM

  • 1.  Endpoint blocking randomly http requests after minifilter update

    Posted Oct 13, 2011 07:54 AM

    Hi All,

    We have symantec endpoint protection 11.0 running on a windows 2003 sp2 32 machine.

    Suddenly it is blocking randomly http requests , when disabling the symantec management client, the blocks are gone.

    we found that after there was a minifilter update the problem occured.

    if we do every second 1 request , we can sometimes see (randomly ) it is being blocked.

     

    We have similiar software on another similar machine where the problem not occur.

     

    please help.

     

    thanks in advance.

     

    gr.

    Peter



  • 2.  RE: Endpoint blocking randomly http requests after minifilter update

    Broadcom Employee
    Posted Oct 13, 2011 08:03 AM

    do you see the traffic in the logs of traffic or packet?

    Can you copy it over here?



  • 3.  RE: Endpoint blocking randomly http requests after minifilter update

    Posted Oct 13, 2011 08:38 AM

     

    Minifilters are Symantec Antivirus Drivers which get loaded up when Symantec Antivirus either gets updates or when the Symantec Antivirus Application starts itself. For Example: when you restart the machine and the Symantec Antivirus application Loads itself.

    Basically, these drivers gets loaded automatically, when the machine gets restarted.

    You shoudl check your firewall rules/logs, u might be able to see the rule which is blocking the traffic



  • 4.  RE: Endpoint blocking randomly http requests after minifilter update

    Posted Oct 13, 2011 08:51 AM

    Hi,

     

    i switched of all rules (as far as i know) and still get blocked.

    gr.

    Peter

     



  • 5.  RE: Endpoint blocking randomly http requests after minifilter update

    Posted Oct 13, 2011 08:52 AM

     

    Hi Pete,

    The problem is: I know it is being blocked or dropped not because of the logs, because it is not in there.

    but because of shutting the application down. that stopped the problems.

    so if i do a 1000 requests around 10 are dropped/blocked but after shutting the management client service everything is getting through. it suddenly started after working ok for more then 2 years.

     

    gr.

    Peter



  • 6.  RE: Endpoint blocking randomly http requests after minifilter update

    Posted Oct 13, 2011 08:53 AM

     

     



  • 7.  RE: Endpoint blocking randomly http requests after minifilter update

    Broadcom Employee
    Posted Oct 13, 2011 08:56 AM

    if the logs are not shpowing up, do you see any event id in teh application event viewer logs during the block?



  • 8.  RE: Endpoint blocking randomly http requests after minifilter update

    Posted Oct 13, 2011 05:21 PM
    http://www.msnbc.msn.com/id/44893608/ns/technology_and_science-tech_and_gadgets/ We are seeing the same thing on networks behind three different firewalls. We are starting to think it is not us. We are seeing this on AS400s too. Apparently iOS5 is hitting the Internet hard.


  • 9.  RE: Endpoint blocking randomly http requests after minifilter update

    Posted Oct 14, 2011 12:18 AM

    lol...i think i saw that yesterday in the news.

     

    btw peter what you can try, you may want to disable SEP for awhile n monitor the performace... if still failed means something else is doing it..



  • 10.  RE: Endpoint blocking randomly http requests after minifilter update

    Posted Oct 14, 2011 07:59 AM

    Hi,

     

    This is what is in the logs : just before it started

    in the application log: New virus definition file loaded. Version: 131008h.

    in the system log :  Symantec Antivirus minifilter successfully loaded.

     



  • 11.  RE: Endpoint blocking randomly http requests after minifilter update

    Posted Oct 14, 2011 08:03 AM

    i disabled the services one by one and the service where it stopped is : Symantec Management Client

    so when stopping this service the problem goes away, all other symantec services had no impact .

    gr.

    PEter



  • 12.  RE: Endpoint blocking randomly http requests after minifilter update

    Posted Oct 14, 2011 11:11 AM

    For whatever it is worth, our similar problem has continued today 10/14/2011.



  • 13.  RE: Endpoint blocking randomly http requests after minifilter update

    Posted Oct 18, 2011 07:03 AM

    Hi Pete ,

    Any hints for me?

     

    thanks in advance.

    gr.

    Peter



  • 14.  RE: Endpoint blocking randomly http requests after minifilter update

    Posted Oct 18, 2011 07:04 AM

    Hi PrimeInc,

     

    i dont see the relevance in this?

    gr,

    Peter



  • 15.  RE: Endpoint blocking randomly http requests after minifilter update

    Posted Oct 19, 2011 04:35 AM

    I think it's time to log a case to Support, maybe they can do check from diffrent view,,,

     

    sometimes you'll be amazed with hidden KB (related to a problem) that's exist for SEP... only Support know more..