Endpoint Protection

On my Windows XP PC using SEP 12.1.671.4971 the traffic registry reports lots of bloched packets (ingiong and outgoing) whose protocol is ETHERNET [type=0x806].

Reading other posts in this forum it looks like it is ARP traffic.

SEP reports the computer as protected, with the green check.

Should I worry about the bloched ETHERNET [type=0x806] packets?

Should I perform any further investigation?

Regards

marius

Check this thread

http://www.symantec.com/connect/forums/ethernet-type0x806

http://www.symantec.com/connect/forums/network-threat-protecton-blocking-server-what-and-why

Hello,

You are running the RTM version of SEP 12.1 and I would recommend you to migrate the SEP 12.1.671 to SEP 12.1 RU1 and later to SEP 12.1 RU1 MP1.

I see no reason for you to be afraid. This is expected behavior. If the "Block all other traffic and don't log" firewall rule is set to log to the traffic log, the log will show ETHERNET [type=0x806] traffic being blocked.

However, in your case, 

Was the SEP 12.1 migrate from SEP 11.x?

Are you using DirectAccess? 

If yes, Check this Thread and Article below:

https://www-secure.symantec.com/connect/forums/ethernet-type0x806

http://www.symantec.com/docs/HOWTO55829

Hope that helps!!