Endpoint Protection

 View Only

  • 1.  How to block the pop-up message from particular IP in sep 12.1 , even if you block from firewall also it is not happening ,

    Posted May 22, 2012 03:22 AM

    Hi All .....!!!

     

    In SEP 12.1 , there is message poping up from particular IP , even if we block that in firewall also , looking for help ,

     

    Regards ,

    Shahid



  • 2.  RE: How to block the pop-up message from particular IP in sep 12.1 , even if you block from firewall also it is not happening ,

    Broadcom Employee
    Posted May 22, 2012 03:27 AM

    what is the alert that is popping up on screen?

    is it tamper protection or any other alert>?

     



  • 3.  RE: How to block the pop-up message from particular IP in sep 12.1 , even if you block from firewall also it is not happening ,

    Posted May 22, 2012 03:52 AM

    Hi Pete...!!

    The pop-up message , which im getting here is :

    Taffic from Ip address 66.33.200.51 is blocked and SID:22819 web attack : Suspicious Executable image detected.

     

     

     



  • 4.  RE: How to block the pop-up message from particular IP in sep 12.1 , even if you block from firewall also it is not happening ,

    Trusted Advisor
    Posted May 22, 2012 04:15 AM

    Hello,

    It is a web attack so as to download the suspicious script by a browser it may be specified as an image, thus evading some types of monitoring software.

    Check this Article:

    http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=22819

    You should then look at the right logs:

    Open the SEP > view logs > client management > security logs, you should see there more details on the attack, if the source of the attack is there, block it, for example with the firewall.

    You should also try to scan the system with a more aggressive scanner of ours:

    Open SEP > Help and Support > Download Support Tool, launch it and execute a scan with the Power Eraser.

    Again, if you find any suspicious activity OR Want to submit the suspicious files to the Security Response Team then, check this Article:

    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    Hope that helps!!



  • 5.  RE: How to block the pop-up message from particular IP in sep 12.1 , even if you block from firewall also it is not happening ,

    Broadcom Employee
    Posted May 22, 2012 04:23 AM

    check this link to disable the IPS alerts

    http://www.symantec.com/business/support/index?page=content&id=TECH105013&locale=en_US



  • 6.  RE: How to block the pop-up message from particular IP in sep 12.1 , even if you block from firewall also it is not happening ,

    Posted May 24, 2012 01:08 AM

    hmm first of all did the IP mentioned really a source of threat?

     

    i think the pop-up message can be disabled, just go through ips/fw policy... most probably under "action" option



  • 7.  RE: How to block the pop-up message from particular IP in sep 12.1 , even if you block from firewall also it is not happening ,

    Posted Jun 29, 2012 07:08 AM

    Hay Guys sorry for jumping this thread,

    I have same problem always get pop up Taffic from Ip address 66.33.200.51 is blocked and SID:22819 web attack : Suspicious Executable image detected.

    So What i should do ?

    Because now Internet Explorer is doesn't work ?

    And i have question if pop up just disabled that's mean Internet Explorer will be OK ???

    Based on :

    http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=22819

    I don't know how to restart the computer using the Windows Recovery Console, This is like save mode ??? or like start up repair ???

    Need your help guys,,

    Thank You,

     

    Chandz89