Endpoint Protection

 View Only

  • 1.  The risk and gotcha when enabling the anti-MAC spoofing feature ?

    Posted Dec 17, 2013 11:52 PM

    Hi People,

    Can anyone here please let me know what is the risk of enabling the anti-MAC spoofing feature in SEP for client or even Windows Server ?

    Because I believe there has to be a reason why it is disabled or unchecked in the first place.



  • 2.  RE: The risk and gotcha when enabling the anti-MAC spoofing feature ?
    Best Answer

    Posted Dec 17, 2013 11:57 PM

    When enabled, Symantec Endpoint Protection allows incoming and outgoing address resolution protocol (ARP) traffic if an ARP request was made to that specific host. All other unexpected ARP traffic is blocked and an entry is generated to the Security log.
     
    Check this articles
     


  • 3.  RE: The risk and gotcha when enabling the anti-MAC spoofing feature ?
    Best Answer

    Posted Dec 18, 2013 07:39 AM

    It only allows ARP traffic destined for that specific host. The rest is blocked. There really isn't much to it other than that. It's just protection against sppofing, as the name says



  • 4.  RE: The risk and gotcha when enabling the anti-MAC spoofing feature ?

    Posted Jan 06, 2014 06:19 PM

    Thanks all for the reply.

    Is there any reason why this feature is disabled by default ?



  • 5.  RE: The risk and gotcha when enabling the anti-MAC spoofing feature ?
    Best Answer

    Posted Jan 06, 2014 06:56 PM

    There is a bigger chance of it causing an issue so it's up to you test first and rule out any potential problems.



  • 6.  RE: The risk and gotcha when enabling the anti-MAC spoofing feature ?

    Posted Feb 12, 2014 11:19 PM

    Cool, thank you people for the clarification !