Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Epson WF2540 and Symantec Endpoint Protection Network Threat Protection

Created: 22 Feb 2013 • Updated: 22 Feb 2013 | 7 comments
This issue has been solved. See solution.

Problem: I can only print from my laptop (Windows 7) if Symantec Endpoint Protection: Network Threat Protection is disabled.

Story: I recently bought an Epson WF2540 printer and have set it up on two other different computers: one mac and one pc.  The mac installation was pretty easy and the pc installation was just as easy.  However, my macbook with a windows partision on it was the one with the problem.  The installation on the laptop on the mac side was simple but on the windows side, it couldn't find the printer unless I connected the laptop directly to the printer through a usb cable.

I disabled the firewall and the symantec endpoint protection services, particularly the network threat protection (NTP), and the laptop finally was able to identify the printer.  It installed but when I put the NTP back up, neither the printer nor the scanner utilities would work.  

I looked at the manual and it mentioned to make sure that a specific port (port 3629 (TCP/UDP) was not blocked.  The manual says "Make sure your firewall or security software is not set to block port 3629 (TCP/UDP).  Contact your firewall manufacturer for assistance."

I have tried looking up how to create an exception on symantec and have tried attempts but it has done nothing.

Admittedly, I am not a computer expert nor do I claim to be one and I apologize if I posted in the wrong place, but I would appreciate all the help that I can get in solving this little problem.

Thanks in advanced!

Operating Systems:

Comments 7 CommentsJump to latest comment

.Brian's picture

To create an exception in your SEP client, open the GUI

To the right of Network Threat Protection click on Options and select Configure Firewall Rules

Click Add

On the General tab, give it a rule name and set the Action to Allow this traffic

On the Hosts tab if you know the IP of the printer than add it under IP addresses

On the Ports and Protocols tab

Click the dropdown and select TCP and add 3629 in the Remote port box

You can leave the Application and Scheduling tab as is.

Click OK and move it to the top

Now create one more rule and add all the same info except on the Ports and Protocols tab, select UDP and add 3629 in the remote port box

Click OK and move it just under the first TCP rule you created.

Also, the easiest route to take may be just to allow all traffic from your printer. It would require you to create only one rule instead of two. On the Protocols and Ports tab just leave it at all and make sure the IP address of the printer is added on the Hosts tab.

 

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
mpaz104's picture

Hello again.

Thank you for the prompt response.

I tried your proposed solution and it did not print.  I disabled the sep: ntp again and it did print.

Could it be a problem with my firewall?  Do you have any other possible solutions?

 

Thanks again! 

.Brian's picture

Check two different logs for me.

First, check the Traffic log. See what is being blocked in there right at the time you are trying to print.

Also, check the Security log. Let's make sure the IPS is not blocking it.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

mpaz104's picture

I just checked the Traffic log and this is what I saw:

"2/22/2013 5:23:51 PM Blocked 15 Incoming UDP 192.168.1.110 B0-E8-92-50-BC-52 3289 192.168.1.106 68-A8-6D-26-A1-6A 52468 C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe Michael Paz MichaelPaz-PC Default 4 2/22/2013 5:23:05 PM 2/22/2013 5:23:36 PM Block all other incoming traffic"

"2/22/2013 5:23:51 PM Allowed 10 Outgoing UDP 255.255.255.255 FF-FF-FF-FF-FF-FF 3289 192.168.1.106 68-A8-6D-26-A1-6A 52468 C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe Michael Paz MichaelPaz-PC Default 4 2/22/2013 5:23:05 PM 2/22/2013 5:23:36 PM GUI%GUICONFIG#SRULE@APPCONFIG-UDP#C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe "

I know that's messy but it looks like the remote port 3289 is being blocked by an incoming UDP from a remote host, 192.168.1.110.
 

I didn't check the Security log just yet.
 
.Brian's picture

So in this case you need to create a rule to allow UDP 3289 from the printer IP. However, you did say you already created a rule to allow all traffic from your printer?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

mpaz104's picture

Oh.  It turns out that I made a little mistake in creating the UDP rule.  I didn't switch it over to allow traffic - it was on block traffic, which explains why it kept blocking it.

The problem is solved!
 

Thanks so much!  You're amazingly helpful!

.Brian's picture

Glad to help.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.