Endpoint Threat Protection Rules

Symantec Endpoint Protection 11.0 Network Threat
Protection (Firewall) Overview and Best Practices White Paper 

Please check this doc

Symantec Endpoint Protection: Firewall blocking application when adding the application manually or from the learned applications list

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/b59baea9f152f2d8882573a6006a1d96?OpenDocument

With Mixed mode enabled for the client group. Open the Endpoint Protection Client interface and select "Options" next to "Network Threat Protection". Next click on "View Firewall Activity".

 After the Network Activity window opens, select "Tools" and click on "View Firewall Rules". This will have all the rules of the firewall policy, and the user defined rules underlined.

Thanks very much for your replies. Unfortunately however, in spite of having added every dll associated with the problem apps (as directed), Endpoint still does not allow  internet connections for them. It still allows connections only for those apps that it initially recognized and prompted for permission or no permission to connect.

Why does Endpoint not prompt for some apps? Can it be made to do so?
Frankly I see this as bug which should be corrected, as it should prompt for all applications attempting to make a connection.

Thanks

In which log files you are getting the application blocked messages?
In ntp logs or in ptp logs? 

 Connection is blocked in spite of the fact that IPv6[type-0x86DD] is configured to allow.

sandip_sali:

Following your directions, I could not find where to enable "Mixed mode" for the client group. Also, in  "Network Threat Protection", I only see  "View Network Activity' and not "View Firewall Activity". Nevertheless, I clicked on  "View Network Activity' and found that the only option on the Tools menu is "Test Network Security" and not "View Firewall Rules." As is, the only items on the list are system 32 services.

AravindKM:

The NTP logs list the app's connections blocked as you see in the images above.

Make your client to server control mode
For this login to SEPM
Go to clients Tab
Select the desired group
Click on policies on right side
Under location specific settings you can find 

Edit it and make it as server control

Create a rule for allowing all the application which is getting blocked
Place it above the block_all rule (According to your screen shot the "block_all" rule is blocking your traffic to those application)
The rule created by you should be placed above blue line
Remember in SEPM firewall rules are getting processed from top to bottom .So the rule which is placed in top having more priority than below one

Below doc can help you in creating the policy
How to add a rule using the"Add Firewall Rule Wizard"
In firewall policy you can use move up or move down a policy by right clicking on it...

Thank you AravindKM. I will follow your directions.

If you are facing problem even after this pls post a screen shot of your F/W policy.... 

Can you give me a scrennshot of your firewall policy?
After changing any policy in the SEPM client is geting that policy .Am i right? (you can confirm this by matching the sl . no of the policy for that group with the policy sl. no wivh is present in the client Help and support ----->troubleshooting)

Whether your software req IPv6. If not req. try by disabling it.
If it not works/not possible  check which is the rule blocking it.The last column of Traffic log will give you that information
The rule which you created for allowing this traffic place above this blocking rule...
It will be nice if you are able to provide us a screen shot of your firewall policy..

 You can also disable the rule which find as culprit for this you have to uncheck the enabled column corresponding to the culprit rule...

AravindKM:

I'm very grateful to you for all the time and interest you've taken to help me resolve this issue. However, I'm no longer able to post any other screenshots as I've moved on to evaluating another security system. It's bad enough that Endpoint does not recognize some programs and does not prompt for permissions, but manual and proper configuration doesn't work for them either. Regarding the "culprit rule," After following all your suggestions, I additionally tried setting all rules to allow, and still the manually added programs were denied a connection.

Have you tried installing the program I sent you? I would be curious to know if you're able to get it to connect through Endpoint. If you're able to, I might even take on the challenge of re-evaluating Endpoint.

Thanks again and regards,

Jeremy

Create a allow all rule and make it as the first rule and try.... 

Thanks AravindKM:

Yes, I had tried that in addition to setting ALL other  rules on ALLOW.
Again all programs could connect to the internet except those that Endoint did not initially recognize and prompted for permissions.

Did you restarted the pc after setting these policies?