Endpoint Protection

 View Only

  • 1.  SCS 3.1.6.6010 firewall problems

    Posted Jul 26, 2007 01:59 PM
    All things being equal, just updating from an older version of SCS to the current 3.1.6.6010 patched version on several of my systems, SMTP port 25 connections are being blocked, even though the three applications I've tested that send e-mail themselves are in the programs listing as Allow All.  Again, all things being equal, given that this one particular system I'm working on right now has had probably 12 different versions of SCS over the past 3 years, one updated over the next, and connects to a central server for settings and updates, has never had this particular problem until after the update to 6010.   To confirm it is the Symantec Firewall in play, I disabled the firewall and rebooted and the socket errors I was getting trying to send out over port 25 no longer exist.
     
    Very strange, because these programs themselves are (and always have been) set to Allow connections from these computers, so I'm not seeing what setting change there could be to account for this change in behavior.    It would seem that our systems with just build 6000 installed (3.1 MR6) are not having a problem, so it does appear to be a bug or at least a new setting change I have yet to find in build 6010 (3.1 MR6 MP1).
     
     
     
     


  • 2.  RE: SCS 3.1.6.6010 firewall problems

    Posted Jul 27, 2007 11:24 AM
    Here's what I found, after a lot of methodical testing.   First, the problem only occurs when the computer is booted up, logged in, logged off (without a reboot), and logged in the second time.  That's right, it is on the second login the Client Security build 6010 bug comes into play. 

    Since it was taking to long to test the problem with an e-mail client, I just started testing with portqry.exe to two different mail servers which accept port 25 connections.  Under all proper conditions, portqry would get a "listening" response from either of the mail servers.   After the second login (see above), however, portqry would no longer get a response from the mail servers, but instead was prevented from a connection.   Again, the first login after boot, it has no problem, it is upon the second login the abnormal behavior is observed. This even happens when I disable the Symantec firewall, set the security setting to "manual", and reboot.

    After testing all this to be able to reproduce the conditions upon the bug occurs, I uninstalled SCS build 6010, rebooted, installed build 6000, rebooted, and did my testing again.  The portqry port 25 (and e-mail send) tests now work properly again, on the first, second, and third logins.


  • 3.  RE: SCS 3.1.6.6010 firewall problems

    Posted Aug 05, 2007 04:58 PM
    Ok, I have to correct this post of mine.  There are now other posts on this forum about this same problem: after the second login, ports 25 and 110 ports being blocked at the workstation, once the SAV 10.1.6 MP1 patch (build 6010) is installed. I don't know why I didn't go back and do that one more test, once I figured out the problem only happens after the second login, but it turns out the problem happens even when only SAV is installed, so it is not a bug with the firewall component in SCS.
     
    After more testing today, I found that the workaround is to disable the "Internet E-mail Auto-Protect" option (and reboot).  Even when I changed the SMTP and POP ports to 65535 in that feature and rebooted, after the second login, ports 25 and 110 are blocked at my workstation.  However, completely disabling the "Internet E-mail Auto-Protect" option (and rebooting) appears to be the solution, other than to downgrade back to SAV/SCS build 6000.