Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Network Application Monitoring - Disabled at SEPM, still running on Clients

Created: 29 Mar 2013 | 11 comments

Scenario:

We recently upgraded to SEPM 12.1 and started installing SEP 12.1 clients on various workstations/servers.

We are now being prompted by Network Application Monitoring to allow programs access to the network.

This feature is disabled accross the board in SEPM.

Has anyone seen this issue?

Is there any solution/workaround?

Operating Systems:

Comments 11 CommentsJump to latest comment

K33's picture

hi,

You need to enable Enabled application

How to set up learned applications in the Symantec Endpoint Protection Manager

Article:TECH102994 | Created: 2007-01-29 | Updated: 2010-08-17 | Article URL http://www.symantec.com/docs/TECH102994

Check this how to enable

https://www-secure.symantec.com/connect/forums/network-application-monitoring-enable

.Brian's picture

What's the exact version of SEP/M?

Are the clients in Client Mode? Could it be possible a few enabled it? How many clients are affected?

You did verify it was OFF on the Policies tab on the Clients page? Are thle clients currently connecting to the SEPM to get the latest policy?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

keith.stf's picture

SEP/M: 12.1.2015.2015

All clients are in client mode, no exceptions.

All 12.1 clients are effected. 11.x clients are not.

All effected clients are connecting to SEPM and have the correct policy.

Thanks

.Brian's picture

Set a client to Server Mode as a test and check it again. In Client Mode, users have full control, maybe some enabled it.

If not the case, I would suggest a support call than. Since you're on latest SEPM perhaps it is a unknown bug. I have not seen this but I'm in Server Mode. Users have no rights to do anything to SEP in my environment.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

keith.stf's picture

Wait a minute!

I meant server mode, they are all in server mode.

My apologies.

.Brian's picture

Ahhh ok. Not sure than, sounds like a possible bug. Since you're on the latest SEPM version, it may be something that is not yet known.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

I have not seen this before could you please provide us screenshot with details?

For testing purpose can you create a new default policy to test the result?

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

keith.stf's picture

Hi Chetan,

Thanks for looking at this.

Here is a shot of the popup we get.

sepnampopup.jpg

Here you can see we have this feature disabled at the top level.

sepnamoff.JPG

I have created a test group under My Company and left policy inheritance checked.

I moved my notebook to this group, confirmed the policy updated.

So far, I am unable to duplicate the issue.

Is there some other policy setting that causes these popups?

.Brian's picture

Do you have any firewall rules where the action is set to "Ask"?

I've seen this box when a rule is configured with this Action.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

Unless there is some hidden setting we're all missing, I'm leaning towards a bug.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.