Video Screencast Help

Network Threat Protection - Exclude by IP on unmanaged client

Created: 24 Jul 2010 • Updated: 29 Nov 2010 | 9 comments
This issue has been solved. See solution.

Hello,

I have computer running an unmanaged SEP v11.0.3001.2224 client. I need to exclude a few IP addresses from scanning with Network Threat Protection. How can I do this?

Thank you,

Mike

Comments 9 CommentsJump to latest comment

P_K_'s picture

Open the client user Interface.

Then click on Network Threar Protaection OPTION--->Configure firewall rule---> Add--->Under the general tab selct  Allow this rule-->Under host select the IP address

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

SOLUTION
yang_zhang's picture

so good your screenshot arranged.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
WLMike's picture

I tried that and it still isn't working. I need to allow certain IP addresses for website security scanning purposes with all filtering disabled.

For example I allowed my client IP address on the server and then input the following into the browser on the client:

http://www.domain.com//%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd 

On the server I get the following pop-up message and the client can't connect to the server for a while:

[SID: 23104] HTTP Apache Tomcat UTF-8 Dir Traversal detected.

I need to allow all traffic for the security scans to complete sucessfully.

Thank You,

Mike

Rafeeq's picture

open sepm
click on policies
click on intrusion prevention policy
click edit
look for sid 23104 make the action to log or ignore on the policy

AravindKM's picture

Keep this rule as the first rule and try(You may use move up button for this...)

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

AravindKM's picture

v11.0.3001.2224 is an old version with lot of bugs.It is always recommendable to upgrade to RU6a(11.0.6)....
This you can download from https://fileconnect.symantec.com....

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

WLMike's picture

I upgraded to version 12.0.1001.95, created a rule to allow traffic from the client IP and moved the rule to the top. When I run the command it no longer gives me the SID 23104 popup, but the traffic is still blocked (long timeout). When I turn off Network Threat Protection I get a 404 error, which is expected. Any other ideas? This is on an unmanaged client.

AravindKM's picture

Which is your exact product SEP 11 or SBE 12? 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

WLMike's picture

Symantec EndPoint Protection Small Business Edition v12.0.1001.95