Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Network Threat Protection - Exclude by IP on unmanaged client

Updated: 29 Nov 2010 | 9 comments
WLMike's picture
WLMike
0 0 Votes
Login to vote
This issue has been solved. See solution.

Hello,

I have computer running an unmanaged SEP v11.0.3001.2224 client. I need to exclude a few IP addresses from scanning with Network Threat Protection. How can I do this?

Thank you,

Mike

discussion Filed Under:
, , ,

Comments

Prachand's picture
24
Jul
2010
3 Votes +3
Login to vote
Prachand
Trusted Advisor

Open the client user Interface.

Then click on Network Threar Protaection OPTION--->Configure firewall rule---> Add--->Under the general tab selct  Allow this rule-->Under host select the IP address

Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)

SOLUTION
yang_zhang's picture
25
Jul
2010
0 Votes 0
Login to vote
yang_zhang
Symantec Employee
Accredited

so good your screenshot arranged.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
WLMike's picture
25
Jul
2010
0 Votes 0
Login to vote
WLMike

I tried that and it still isn't working. I need to allow certain IP addresses for website security scanning purposes with all filtering disabled.

For example I allowed my client IP address on the server and then input the following into the browser on the client:

http://www.domain.com//%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd 

On the server I get the following pop-up message and the client can't connect to the server for a while:

[SID: 23104] HTTP Apache Tomcat UTF-8 Dir Traversal detected.

I need to allow all traffic for the security scans to complete sucessfully.

Thank You,

Mike

Rafeeq's picture
25
Jul
2010
0 Votes 0
Login to vote
Rafeeq

hi

open sepm
click on policies
click on intrusion prevention policy
click edit
look for sid 23104 make the action to log or ignore on the policy

Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq

AravindKM's picture
25
Jul
2010
0 Votes 0
Login to vote
AravindKM

Keep this rule as the first rule and try(You may use move up button for this...)

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

AravindKM's picture
25
Jul
2010
0 Votes 0
Login to vote
AravindKM

v11.0.3001.2224 is an old version with lot of bugs.It is always recommendable to upgrade to RU6a(11.0.6)....
This you can download from https://fileconnect.symantec.com....

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

WLMike's picture
26
Jul
2010
0 Votes 0
Login to vote
WLMike

I upgraded to version 12.0.1001.95, created a rule to allow traffic from the client IP and moved the rule to the top. When I run the command it no longer gives me the SID 23104 popup, but the traffic is still blocked (long timeout). When I turn off Network Threat Protection I get a 404 error, which is expected. Any other ideas? This is on an unmanaged client.

AravindKM's picture
26
Jul
2010
0 Votes 0
Login to vote
AravindKM

Which is your exact product SEP 11 or SBE 12? 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

WLMike's picture
26
Jul
2010
0 Votes 0
Login to vote
WLMike

Symantec EndPoint Protection Small Business Edition v12.0.1001.95

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,722