Hello,
Could you show us the screenshot of the message your SEP clients are giving?
Does it look like the Article provided below:
Network Threat Protection message: "Your computer received a UDP packet from the remote address [IP address]. Do you want to accept it?"
http://www.symantec.com/business/support/index?page=content&id=TECH92117&actp=search&viewlocale=en_US&searchid=1301999028144
To understand, what is the reason the IP was blocked, you can:
1) Open the SEP client (where you are getting the message)
2) Click on 'View Logs'
3) Under Network Threat Protection, click on 'View Logs'
4) Click on 'Traffic Log' & 'Packet Log'
You can change the view between Local View & Source View by simply clicking on View --> Local View / Source View.