Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Funny issue with NTP

Updated: 23 May 2010 | 5 comments
Abhishek Pradhan's picture
Abhishek Pradhan
0 0 Votes
Login to vote
This issue has been solved. See solution.

Hello Folks,

I'm facing a rather queer issue with the NTP component / signatures for SEP. It seem to be blocking traffic from my test systems to the site LinkedIn. If I switch NTP off, the site can be accessed properly.

I worked with a wireshark capture, and also tried analyzing the Traffic logs for SEP (NTP), but cant seem to figure out what the heck the issue is.

Anyone else face the same problem?

discussion Filed Under:
, , , , ,

Comments

Jeremy.L's picture
11
Aug
2009
1 Vote +1
Login to vote
Jeremy.L
Symantec Employee
Accredited

Hi Pradhan,    I would

Hi Pradhan,

   I would suggest you try disabling the firewall policy on the SEPM and then activate NTP on the client that is having the problem.

If you still can not access the website then the problem might be with IPS.

If you can access it, then it's definitely one of your firewall rules that blocks it.
Make sure all rules are set to log matches to the traffic log.
Then enable the Firewall policy again. Try going to the website and then check traffic log.

If the firewall blocked some packets because they matched a rule, you will have an entry in the client's traffic log, the last column will contain the "guilty" rule (which you can then rethink)

--
Symantec Support
MCSE / CCNA

Prashant Bharadwaj's picture
11
Aug
2009
1 Vote -1
Login to vote
Prashant Bharadwaj
Symantec Employee

If NTP is blocking, then I

If NTP is blocking, then I guess there has to be blocked log. could you please check in the logs?
This is would give an idea on the exception to be created

Prashant Bharadwaj, CEH, MCTS Windows Server 2008 Active Directory, Configuration, SCS Symantec Endpoint Protection 11.0

Peterpan's picture
11
Aug
2009
1 Vote -1
Login to vote
Peterpan

you should create a firewall

you should create a firewall policy to exclude the site from blocking

:-)

Vikram Kumar-SAV to SEP's picture
11
Aug
2009
1 Vote +1
Login to vote
Vikram Kumar-SAV to SEP
Symantec Employee
Accredited

Client mode or Unamanged

Put the client in Client mode or Unmanaged ...review the logs ...check which ecact policy is blocking the website then modify that policy.

VMWARE-- SEP 12.1 vs McAfee vs Trend Micro

Abhishek Pradhan's picture
11
Aug
2009
0 Votes 0
Login to vote
Abhishek Pradhan

Ok. Definately an issue with

Ok. Definately an issue with the Signatures for 30th July. I did a rollback to previous defs and its working now.....

Like they say, when the going gets weird, the weird turn pro.....hehe :D

Cheers and tks all for the inputs.

Abhishek Pradhan, PMP, MCT
Consultant | Microsoft Corp.
Blog: http://blog.abhishekpradhan.net | SIG Lead - Pune IT Pro (Microsoft Pune User Group) | http://www.puneusergroup.org

SOLUTION

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,753