Hello,
We have Symantec Endpoint Protection 12.1 installed, and Enable Network Intrusion Protection is checked.
When running a function in our solution, an exe is generated and runs. As long as Enable Network Intrusion Protection is checked, we can perform our routines on that exe as expected. However, in less than one minute after unchecking Enable Network Intrusion Protection, the application crashes. Inversely, if we have Enable Network Intrusion Protection unchecked, and then we start the exe and it performs its tasks as expected, within one minute of checking Enable Network Intrusion Protection, the application crashes. We have been unable to find any logs in SEP or in Event Viewer regarding this crash. Additionally, we can replicate this on multiple Dell R720 servers with a Broadcom NetXtreme daughterboard BCM5720C NIC, but not on Dell R710s with a Broadcom NetXtreme II BCM5709C on-board NIC. We have already attempted to disable Flow Control, TCP/UDP Offload, and Large Send Offload on the NIC, as well as updated the driver to the latest Broadcom version.
I guess my question is, how does SEP's Network Intrusion Protection system work? Is there anything that gets embedded within a NIC's configuration? Is there an algorythm that runs to make determinations, and when the switch is toggled, if the app doesn't match what is expected from SEP, SEP will kill the application? If we don't clear some setting in SEP, and then uninstall SEP and run CleanWipe, is there still something that wouldn't get cleared that would cause this exe to crash?
Any help or technical explanations would be greatly appreciated.
Thank you.