Endpoint Protection

 View Only

  • 1.  SEP 11.0.4014.26 - interesting items in NTP - Traffic log

    Posted Jul 09, 2009 11:53 AM
    I'm just starting into the Symantec realm, so some things are new to me.

    I've just seen something in the Network Threat Protection Traffic log that I've not seen before.
    Do I have a intrusion or have I just missed something that I should have paid attention to?

    GUI%GUICONFIG#SRULE@NBENABLEOTHER#ALLOW-TCP

    GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP

    Where are these configured?
    Any advice would be appreciated - even "pay more attention to..." or "look in xxx.pdf".


  • 2.  RE: SEP 11.0.4014.26 - interesting items in NTP - Traffic log
    Best Answer



  • 3.  RE: SEP 11.0.4014.26 - interesting items in NTP - Traffic log

    Posted Jul 10, 2009 04:28 PM

    I see where these items are coming from, but a foolish couple of questions:

    Is this file from the default.dat? if so, the Symantec install guide indicates that this file is no longer used in the version 11.x, so I'm confused in this regard.

    How did this file get generated? I would like to see what my system is set for.

    Finally, is this setting something that can be changed (but I'm not sure if it *should* be changed...)? I've looked at the various docs but I see nothing that tells me exactly what this setting is used for.


    Many thanks for your help so far, Vikram!