I just put a machine out there running Symantec Endpoint Protection 11.0.5 and XP-Mode. The host machine is constantly putting out alerts saying that the XP-Mode VM is scanning it. I can add a rule in the firewall to allow traffic from that VM to pass through, however everything is managed through policy. Is there a way to modify the firewall on that specific computer without modifying the policy on all the machines that policy pertains to in OU? Basically I just don't want to create an OU for that one computer and apply a non-shared firewall policy to it. Any ideas?