Endpoint Protection

 View Only

  • 1.  Installed SEP 12.1 WITHOUT NTP, but Passive FTP no longer works

    Posted Sep 17, 2014 08:54 AM

    Good morning,

    We are dealing with an odd issue here.  We have a production FTP server that is configured for passive FTP connections.  Before we installed the SEP client, everythign was working OK.  It is our standard practice to only install basic SEP protection on servers, excluding the additional features such as Network Threat Protection.  However, after the install, we were no longer able to connect to the FTP server when using Passive FTP.  We finally reverted the server to a snapshot taken before the SEP install, and Passive FTP connections work again.  

    So, what gives?  Does SEP install network-related protection even if you don't install NTP?  If so, how do you work around it?



  • 2.  RE: Installed SEP 12.1 WITHOUT NTP, but Passive FTP no longer works

    Posted Sep 17, 2014 08:55 AM

    Assuming you only installed the AV component, the NTP components should not be there.

    Is it possible the component was installed but not assigned a policy?



  • 3.  RE: Installed SEP 12.1 WITHOUT NTP, but Passive FTP no longer works

    Posted Sep 17, 2014 09:00 AM

    The NTP component was definitely not installed.  



  • 4.  RE: Installed SEP 12.1 WITHOUT NTP, but Passive FTP no longer works

    Posted Sep 17, 2014 09:06 AM

    I've seen issues in the past with ftp and the IPS component but doesn't seem to be the issue here.

    So you can't connect at all? Do you have any remote scanning of files enabled on the SEP side? Does ping work?



  • 5.  RE: Installed SEP 12.1 WITHOUT NTP, but Passive FTP no longer works

    Posted Sep 17, 2014 10:10 AM

    Correct.  The connection errors out after a few seconds.  The only remote scanning of files that is enabled is Auto-Protect scans of files on remote computers, but I don't see how that would prevent it from simply establishing a connection.

    Regular FTP connections that use ports 20 and 21 work OK.  It is just passive connections, which us a random higher-numbered port for the data channel that are failing.  In order to get Passive FTP working before SEP was installed, exceptions had to be added to the Windows Firewall.  It is almost as if SEP is actively blocking traffic on those ports even though it does not have a firewall setup.

    I am starting to wonder if the Adcanced Download Protection may have something to do with this.  I think I will take it from that angle (especially since Symantec phone support is now 20 minutes overdue for theit callback - I believe they call that "overpromise and underdeliver".)



  • 6.  RE: Installed SEP 12.1 WITHOUT NTP, but Passive FTP no longer works

    Posted Sep 17, 2014 10:17 AM

    You could disable to download protection to see what the result is. I've never seen an issue with this but who knows.

    What's the exact 12.1 version out of curiosity?