Endpoint Protection Small Business Edition

 View Only

  • 1.  Network Threat Protection Problem

    Posted Apr 05, 2011 02:39 AM

    I have a SEPM, Version: 11.0.6005.562 & running Antivirus and Antispyware Protection, Proactive Threat Protection, Network Threat Protection. Our application server not member of the SEPM, sometimes users cannot access the application, users complained me that when show  “ block 192.168.20.5 IP by SEP antivirus, in this time user cannot access application server also cannot reply ping request, but in this time other IP can reply ping request. Users have SEPM member & domain Users. I need to keep all threat protection of SEPM. What can I do now?

     

     

    Thanks,

     

    Qamrul



  • 2.  RE: Network Threat Protection Problem

    Posted Apr 05, 2011 05:12 AM

    Hi Qamrul,

    The ip is blocked for a reason. If you are sure your application server poses no threat to your environment I suggest that you add it as an exclusion in IPS. It is obviously important to verify why the SEP client is blocking your app server so check the message that user is getting.

    See below on how to create exclusions

    http://www.symantec.com/business/support/index?page=content&id=HOWTO27084

    Hope this helps...



  • 3.  RE: Network Threat Protection Problem

    Trusted Advisor
    Posted Apr 05, 2011 08:29 AM

     

    Hello,

     

    Could you show us the screenshot of the message your SEP clients are giving?

     

    Does it look like the Article provided below:

     

    Network Threat Protection message: "Your computer received a UDP packet from the remote address [IP address]. Do you want to accept it?"
     
    http://www.symantec.com/business/support/index?page=content&id=TECH92117&actp=search&viewlocale=en_US&searchid=1301999028144
     
    To understand, what is the reason the IP was blocked, you can:
     
    1) Open the SEP client (where you are getting the message)
    2) Click on 'View Logs'
    3) Under Network Threat Protection, click on 'View Logs'
    4) Click on 'Traffic Log' & 'Packet Log'
     
    You can change the view between Local View & Source View by simply clicking on View --> Local View / Source View.