Endpoint Protection

I have a SQL server with SEP 12.1.6 installed managed on a 12.1.5 SEP server with default firewall rules enabled for Network Threat Protection. Our DBA is stating that within the last week, ODBC connections from a workstation to this SQL server are dropping. I reviewed the Network Threat Protection logs which revealed port 5355 is being blocked by the "Block all other IP traffic and log" rule. I've researched this on the googles and some folks mentioned creating an allow rule for the application. So I created a custom "Allow SQL" rule that allows any application on any host the MS SQL Client and Server services as well as a custom service for UDP Local and Remote=5355, stateful incoming. I put this rule above the "Block all other IP traffic" rule but I still get blocked connections on that port after updating the policy on the SQL server. I noticed there is a "Block LLMNR" rule blocking port 5355 so I disabled that to see what would happen and I got the same results. 

What do I need to customize on the firewall rules to allow these ODBC connections? I don't want to disable Network Threat Protection on our SQL server. Thank you for any assistance!

Have you tried moving the rule to the very top of the stack? Does it still show that same traffic being blocked even after adding the rule?

Kmrat, could you confirm which release of SEP are you using. There was a defect in the earlier release of SEP RU5 which states, Firewall incorrectly reports Link-local Multicast Name Resolution (LLMNR) response as a port scan

Fix ID: 3208344
Symptom: The Symantec Endpoint Protection client firewall incorrectly detects multiple Link-local Multicast Name Resolution (LLMNR) response packets as a port scan attack.
Solution: Added UDP remote port 5355 to the firewall rule Allow LLMNR from private IP addresses to prevent the firewall from detecting this as an attack.

Can you test with the latest release and update the thread. 

Refrence: https://support.symantec.com/en_US/article.TECH224706.html