Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Keep getting "Symantec Blocked IP Address 209.18.47.61" (for 10 mins)

Created: 01 Mar 2014 | 15 comments

Running SEP version 11.0.6005.562 under my employer's corporate license.  Recently started getting these 'pop-up' alerts in the system tray (lower right corner).  Address is DNS Server for Time Warner Cable, but they say to contact Symantec for "updates".  I'd like to upgrade to the latest version (12.1?), but I don't know what the "M" serial number is for my installation.  Can I upgrade without it?  Can the install validate my current installation?

Also, when using Chrome browser, I'm getting a *lot* of pages timing out (not appearing).  This problem seems to have coincided with the "blocked IP Address" tray alerts.  Seems like my machine is under attack.

OS is Vista Home Basic Service Pack 2.  Symantec definitions and OS patches are up-to-date.

Operating Systems:

Comments 15 CommentsJump to latest comment

.Brian's picture

This is a known bug in this version so only an upgrade will fix it.

When you log in to https://fileconnect.symantec.com with your serial number you should be able to download the latest version of SEP.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

James007's picture

Serial Numbers is usually the 'M' number which can be obtained from the purchase documentation 

You can contact to Licensing Department, and provide your company information and get license.

Website: http://symantec.custhelp.com

Phone number: 1-800-721-3934

Email: license@symantec.com

Upgrading or migrating to Symantec Endpoint Protection 12.1.4 (RU4)/12.1.4a (RU4a)

Article:TECH211821  |  Created: 2013-10-23  |  Updated: 2014-02-24  |  Article URL http://www.symantec.com/docs/TECH211821
Colt Hero's picture

Brian, James:

Thanks for your replies.  Sorry for asking about a 'known problem'.  I'll get the "M" number and upgrade ASAP (to 12.1.4)

.Brian's picture

That will solve it :)

Have a good day

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Colt Hero's picture

One other question, though - is this an 'attack' on my computer or just an errant message (or can you tell)?

.Brian's picture

It's not an attack, it's a false positive due to the bug in that version.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

You're welcome

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Colt Hero's picture

Well, it turns out I'm having trouble getting the newer 12,1, 4a version because my employer claims *they* can't get it until "Global Informatics" sends it to them (which I don't believe).  Need to talk to someone else in IT who knows what's going on.  I know of *one* person in IT who downloaded version 12 (64-bit version) for work, so it's certainly possible.  My employer still runs this antivirus software (version 11 right now), so their license is still in effect (including home use by employees).

But anyway, in the interim, I've noticed that the page timeouts I keep getting in Chrome (and Explorer) are being caused by Symantec.  Whenever the timeouts occur (cannot connect to Internet), I disable Symantec in the system tray and the pages load immediately.  I then re-enable Symantec and I'm good for a little while longer (while the "Blocked IP Address" messages keep popping up from the tray).  So it appears that this problem is more than just a false positive.  It's also affecting my browers.

.Brian's picture

The problem is DNS lookups are being blocked so your browsers cannot resolve the websites IP address to the hostname (ie. 74.125.225.82 to www.google.com)

I've not tested it but you may be able to get around it by setting a static DNS address on your NIC card.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Colt Hero's picture

That all makes perfect sense, but *why* are the lookups being blocked?  And was this the result of some Symantec automatic update to version 11 because this problem just started within the last few months?

If I can't get version 12, is there any way I could back the updates out (if that's what caused the problem)?

Also - is Symantec going to develop a patch to version 11?  I could probably download *that* easy enough.

.Brian's picture

It was patched in the next release.

Client only patches for 11.0.7 are here:

http://www.symantec.com/docs/TECH213507

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Colt Hero's picture

Brian,

I'm running version 11.0.6005.562 (client only, I believe).  Those patches say they upgrade version 11.0.7 to a higher version of 11.0.7.4.  Can I still use it?  Is it going to bump me to version 11.0.7.4?

Wait - release notes seem to indicate I have to upgrade to 11 RU7 first (from 11.0.6005.562), THEN to RU7 MP4??  Is that correct?

However, looking here:

http://www.symantec.com/business/support/index?pag...

I don't see a fix for the problem I'm having ... unless it is described differently.

Fix # 2867420 and a couple of fixes after that appear to dance around the problem, but are not the same problem.  And it's not a smurf attack, either.

Maybe it's 2049673, or 1863574?, or 1586674?

I am running Vista 32-bit, BTW.

.Brian's picture

From the version you're on, ideally you want to go to 11 RU7 than 11 RU7 MP4.

I can check back thru the release notes to see what I can find.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Colt Hero's picture

OK, I did the *two* upgrades ... boy, was it R-O-C-K-Y ... with all kinds of "did not install properly"s and 1 or more of the sub-functions (AntiVirus, Proactive Threat, Network Threat) not working properly each time (sometimes had the Red X, other times the yellow Warning).  Used the "Fix" button, or the "re-install using recommended settings" button (for elements that did not install correctly), and finally arrived at version 11.0.7400.1398 by way of 11.0.7000.975 (with all sub-functions showing green and apparently functioning properly).

Double-clicked 14 patch files in "Patches_SEP32_To975.zip" (223.6 MBytes)

followed by

Double-click of 8 patch files in "SEP32_975To1398_clientMSPMSI.exe" (85 MBytes?).

Does this sound right?

======================

Observations:

That list of patch files online is confusing.  Too many permutations.  It'd be nice if there was some kind of decision tree or "AI Patch Finder" that could take you to the correct patch file based on your current version and where you want to go.

Why isn't there an install file inside these ZIPs that installs all the sub-components for you?  Wasn't sure if I was supposed to double-click on each sub-element or not.