SEP has a weak spot there. It detects a lot of thngs as DoS.
In fact, our DCs kept showing they were being attacked by our own clients. SEP detects so many packets in a second, and blocks traffic. Problem is, it's not caring where the packets were coming from.
We finally had to disable DOS detection on the DCs, there was no other way around it.
I was running some test software here, too - load testing software to keep track of some network issues, SEP kept detecting it as DOS.
IMO, sep is a bit over-zealous on this detection, a bit too sensative. The other side is that even with the blocking turned off, SEP STILL blocks ALL ping traffic for several seconds! So there's no way around it in our case other than simply not run DOS detection on the DCs
I've got a couple big threads here on the subject. Even had a couple of cases open on it, and it ended up being flagged as "as designed, not a bug".
LOL, ok.............. but how about letting US "tune" the threashold on it then?