Endpoint Protection

NTP blocks network printer install. 

SEP 12.1 ru1 mp1 blocks network printer install and doesn allow to give print when NTP enabled. 

when NTP disabled all is well. 

pls suggest which log to check amongst NTP and what needs to be added as exception? and where? 

Is this a wireless printer or plugged in via USB

If wireless, what is showing in your Traffic log? You may need to add a rule to allow access to the printer IP address.

If plugged in via USB, do you have an app and device control policy in place? You can check your Control log for this to see what rule is blocking it.

No ADC policy enabled...

both wired and wireless printers

can tell how to add rules to firewall to allow traffic to those particuler devices?

Is this a managed or unmanaged client?

First take a look at your Traffic log and try to match up with the time the block occurred to see what rule blocked it. It is likely easiest to add an exception for the IP address of the printer.

Adding rule on a managed client:

Adding a new firewall rule

For unmanaged:

Firewall Policies on Unmanaged Clients

Hello,

You are running an older version of SEP 12.1 RU1 MP1, could you try installing the Latest verison of SEP 12.1 RU3?

Secondly, Try these steps:

Check the Security Logs under Client Management for Denial of Service Detections for the printer's IP address to confirm the issue. 

To resolve the issue you will need to disable Denial of Service detection within your Instrusion Prevention policy or you will need to add the printer's IP address in "Excluded Hosts."

To add the printer to "Excluded Hosts":

1.  Open your Intrusion Prevention Policy.

2.  Choose to Settings on the left. 

3.  Check the box for Enable excluded hosts and then click the Excluded Hosts... button.  

4.  Add the IP address of your printer and choose Okay.  

Reference: 

Denial of service detected on Network Printers

http://www.symantec.com/docs/TECH139213

Manually enabling network file and printer browsing for unmanaged Symantec Endpoint Protection 11.0 clients.

http://www.symantec.com/docs/TECH102586

Check these Threads with similar issue:

https://www-secure.symantec.com/connect/forums/wireless-printing-being-block-network-threat-protection

https://www-secure.symantec.com/connect/forums/sep-121-ru1-mp1-and-network-printers

Hi,

Thank you for posting in Symantec community

I would be glad to answer your query.

Check Packet logs & Traffic logs which shows any sign of blocking.

You can configure a blank firewall rull to allow your printing application, or by the IP address.

http://www.symantec.com/business/support/index?pag...

You can exclude printing devices from application and device control:

For managed clients:

1. Log in to the Endpoint Manager Console.
2. Click Policies, then click Application and Device Control.
3. Double-click the application and device control policy that is in use by affected clients.
4. Click on Device Control.
5. Under Devices Excluded From Blocking, click Add...
6. Click Printing Devices, then click OK.

For unmanaged clients:

1. Click Start, then Control Panel.
2. Click Add or Remove Programs.
3. Click Symantec Endpoint Protection, then click Change.
4. Click Next, ensure Modify is selected, then click Next again.
5. Expand Proactive Threat Protection.
6. Click Application and Device Control, then click This feature will not be available.
7. Click Next, then click Install.
8. When the installation completes reboot the system. Application and Device control will now be inactive.