Epson WF2540 and Symantec Endpoint Protection Network Threat Protection
Problem: I can only print from my laptop (Windows 7) if Symantec Endpoint Protection: Network Threat Protection is disabled.
Story: I recently bought an Epson WF2540 printer and have set it up on two other different computers: one mac and one pc. The mac installation was pretty easy and the pc installation was just as easy. However, my macbook with a windows partision on it was the one with the problem. The installation on the laptop on the mac side was simple but on the windows side, it couldn't find the printer unless I connected the laptop directly to the printer through a usb cable.
I disabled the firewall and the symantec endpoint protection services, particularly the network threat protection (NTP), and the laptop finally was able to identify the printer. It installed but when I put the NTP back up, neither the printer nor the scanner utilities would work.
I looked at the manual and it mentioned to make sure that a specific port (port 3629 (TCP/UDP) was not blocked. The manual says "Make sure your firewall or security software is not set to block port 3629 (TCP/UDP). Contact your firewall manufacturer for assistance."
I have tried looking up how to create an exception on symantec and have tried attempts but it has done nothing.
Admittedly, I am not a computer expert nor do I claim to be one and I apologize if I posted in the wrong place, but I would appreciate all the help that I can get in solving this little problem.
Thanks in advanced!
Comments 7 Comments • Jump to latest comment
To create an exception in your SEP client, open the GUI
To the right of Network Threat Protection click on Options and select Configure Firewall Rules
Click Add
On the General tab, give it a rule name and set the Action to Allow this traffic
On the Hosts tab if you know the IP of the printer than add it under IP addresses
On the Ports and Protocols tab
Click the dropdown and select TCP and add 3629 in the Remote port box
You can leave the Application and Scheduling tab as is.
Click OK and move it to the top
Now create one more rule and add all the same info except on the Ports and Protocols tab, select UDP and add 3629 in the remote port box
Click OK and move it just under the first TCP rule you created.
Also, the easiest route to take may be just to allow all traffic from your printer. It would require you to create only one rule instead of two. On the Protocols and Ports tab just leave it at all and make sure the IP address of the printer is added on the Hosts tab.
SEP Knowledge Base
Endpoint SWAT
Hello again.
Thank you for the prompt response.
I tried your proposed solution and it did not print. I disabled the sep: ntp again and it did print.
Could it be a problem with my firewall? Do you have any other possible solutions?
Thanks again!
Check two different logs for me.
First, check the Traffic log. See what is being blocked in there right at the time you are trying to print.
Also, check the Security log. Let's make sure the IPS is not blocking it.
SEP Knowledge Base
Endpoint SWAT
I just checked the Traffic log and this is what I saw:
"2/22/2013 5:23:51 PM Blocked 15 Incoming UDP 192.168.1.110 B0-E8-92-50-BC-52 3289 192.168.1.106 68-A8-6D-26-A1-6A 52468 C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe Michael Paz MichaelPaz-PC Default 4 2/22/2013 5:23:05 PM 2/22/2013 5:23:36 PM Block all other incoming traffic"
I know that's messy but it looks like the remote port 3289 is being blocked by an incoming UDP from a remote host, 192.168.1.110.
So in this case you need to create a rule to allow UDP 3289 from the printer IP. However, you did say you already created a rule to allow all traffic from your printer?
SEP Knowledge Base
Endpoint SWAT
Oh. It turns out that I made a little mistake in creating the UDP rule. I didn't switch it over to allow traffic - it was on block traffic, which explains why it kept blocking it.
The problem is solved!
Thanks so much! You're amazingly helpful!
Glad to help.
SEP Knowledge Base
Endpoint SWAT
Would you like to reply?
Login or Register to post your comment.