Endpoint Protection

My company has moved to SEP for virus/spyware control, and the IT manager asked me to set up two systems which are running specialized applications, and I've run into connectivity issues with both of them.  I was able to resolve the first one, which receives medical data through the HL7 format over a VPN connection (by only installing the virus scanner), but I'm not having any luck finding a solution for the remaining system.

The problem system connects to a hospital mainframe through an old, dial-in system.  This program connects to the modem directly through the COM port, DOS-style, and there's no user-adjustable options.  We have a 56k US Robotics modem hooked into Com 1 - the program is so specifically coded that we actually had to track down a specific brand of US Robotics modem when our old one bit the dust!

With the SEP antivirus installed, the program is no longer able to pick up the modem and dial out.  It appears to be able to communicate with the modem, as the SD/RD status lights flash, but once it gets to the point in the process where it would send the ATDT command, nothing happens.  Once I uninstall SEP and reboot, the program works again... until I reinstall SEP, at which point it immediately fails again.

Are there any configurations I haven't located which would explain this behavior and allow me to resolve this issue?

Could you please tell us what are the components that are installed for the SEP Client.

If the NTP ( Network threat Protection is installed remove it and then see if you can use the modem

After uninstalling  the NTP you should reboot the machine

NTP can be removed from add remove program by modifying the install

Sorry for not getting back sooner.

The last attempt, when I installed the SEP client, from the setup screen, I selected:
- Core Files: Installed.
- Antivirus and antispyware Protection: Installed.
      - Antivirus Email protection: Not installed.
- Proactive Threat Protection: Not installed.
- Network Threat Protection: Not installed.

With this installation, the modem fails to dial out.

What is the version of SEP installed?

LiveUpdate is being run before I try to use the modem, so I'm assuming it should be 11.0.40000.2263; the installer version is 11.0.4000.2261.  If those numbers don't sound right, let me know which file I should be checking the version on.

For the record, disabling the virus scanner does not allow the modem to function, only fully uninstalling the program, which is why I'm forced to assume there.

If you  uninstall SEP are you able to connect to the modem then?

When you have uninstalled the SEP, everything is working.  So the underlying problem is a configuration within SEP on the client. 
I am confused on a point though, you indicated: "With the SEP antivirus installed, the program is no longer able to pick up the modem and dial out".  So the application (custom in house I assume) no longer accesses the MODEM. 

You appear to have one of 2 problems.  The first being: the application sending the control request to the modem is being blocked by SEP.  Have you tried adding an exception for the application?  The second possible problem is, you have a rule set to block the DB-9 (RS-232) COM port in your application and device control. 

You can also try (in windows XP):
Control Panel -> Phone & modem -> Modems (tab) -> Properties (button) -> Diagnostics (button) -> Query Modem to see if there is a "hardware communication" between the PC and the Modem with SEP installed.  If this succeeds, the problem is the software aspect calling the modem and should probably help us get a clearer picture of what is going on.

With SEP uninstalled, the modem is working fine, yes.

Jason, I'm strongly assuming that the hardware is being blocked, but I'm not seeing any user accessable settings for hardware in my install of SEP.  Is there something else I should be installing, or am I just overlooking something?

Once they're done with the software for the day, I'll try putting an exception on the program itself, and see if that makes any difference.  I'll also check out the modem query.

Have you tried installing the modem and reinstalling after you install SEP?
Are there any security options being used on the modem properties?

Best,
Thomas

Good morning, all.

Got some time with the system in question to re-run the process and make sure I took appropriate notes.

Cycletech, we actually did try the uninstall the modem drivers/reinstalling after SEP.  That was pretty much how we found out that the program in question is bypassing Windows completely.  So, as far as security options... none in Windows as far as I can see, and nothing user-accessable in the program.  Being a developer and yet having to support an antique, black-box software is a touch on the crazy-making side...

Jason, installed SEP, went to the control panel, ran the modem diagnostics, was able to get a modem query without any issues.  I then went into the exceptions list, and added the folder which contains the files to the exception list.  Should that be sufficient?  The problem is that we have program A which calls on something like 10 or 15 different subprograms (in a subfolder - and yes, I did make sure I included subfolders when I put an exception on the main folder!) and I assumed that excluding the folder would be the same as excluding individual files.  If that was a false assumption, I'll try it the other way.

Anyway, despite the folder being on the exception list and Windows being able to query the modem without a problem, no change; when the program tries to dial out, it seems to be trying to send data to the modem, but the modem isn't responding properly.

Prachand, I did confirm that LiveUpdate ran properly before I ran my tests, and confirmed that I was working with 11.0.4000.2263.

Hi,

 from the moment i installed SEP the  dial-up  to my broadband service  just stopped working and is waiting for ever to establish a line.

I tried adding an exception to CTFMON.EXE but SEP just ignored the exception.

when i remove SEP everything is working properly. and i can dial out

I tried installing only the antivirus part, without any of ther other components - but it didn't resolve the problem.


Are there any known issues or conflicts that SEP has with other software ?

Could support advise please on how to troubleshoot this problem ?


Thanks
Dror

hi,

I resolved the issue by uninstalling Checkpoint secure-remote VPN software from my PC !
the alternative to those who do not want to remove this software because they need it, is to right click the dial-up connection that you're using , go to the "networking" tab , and uncheck the checkbox next to  "checkpoint secureRemote" (this should be done while the connection is not avtive)

and presto ! you can dial with symantec endpoint protectrion installed

Enjoy everyone
Dror