Kmrat, could you confirm which release of SEP are you using. There was a defect in the earlier release of SEP RU5 which states, Firewall incorrectly reports Link-local Multicast Name Resolution (LLMNR) response as a port scan
Fix ID: 3208344
Symptom: The Symantec Endpoint Protection client firewall incorrectly detects multiple Link-local Multicast Name Resolution (LLMNR) response packets as a port scan attack.
Solution: Added UDP remote port 5355 to the firewall rule Allow LLMNR from private IP addresses to prevent the firewall from detecting this as an attack.
Can you test with the latest release and update the thread.
Refrence: https://support.symantec.com/en_US/article.TECH224706.html