Correct. The connection errors out after a few seconds. The only remote scanning of files that is enabled is Auto-Protect scans of files on remote computers, but I don't see how that would prevent it from simply establishing a connection.
Regular FTP connections that use ports 20 and 21 work OK. It is just passive connections, which us a random higher-numbered port for the data channel that are failing. In order to get Passive FTP working before SEP was installed, exceptions had to be added to the Windows Firewall. It is almost as if SEP is actively blocking traffic on those ports even though it does not have a firewall setup.
I am starting to wonder if the Adcanced Download Protection may have something to do with this. I think I will take it from that angle (especially since Symantec phone support is now 20 minutes overdue for theit callback - I believe they call that "overpromise and underdeliver".)