Endpoint Protection

 View Only

  • 1.  SEP blocks IP for 10 Minutes

    Posted Sep 08, 2016 04:00 PM

    Hi all.

    On our windows print server we have the problem that randomly the connection to printers is lost. from the server we cannot ping the printers and people cant print. after a few minutes everything is fine again.

    i am 99% sure that sep is the problem because i know that sep blocks an ip for 10 minutes if sep thinks that he's getting attacked.

    i need to find out why this is happening. however i did not find anything in the sep client logs on the print server. i also tried to look at the reports on the sep management server but i did not really find anything. are those "attacks" not getting logged anywhere?



  • 2.  RE: SEP blocks IP for 10 Minutes

    Posted Sep 08, 2016 05:22 PM
    This is the active response. Check the security log on the client. You can disable this in the firewall policy.


  • 3.  RE: SEP blocks IP for 10 Minutes

    Posted Sep 09, 2016 01:59 AM
    Hi. The sep security log is empty. Filter -> show all logs -> 0 Records


  • 4.  RE: SEP blocks IP for 10 Minutes

    Posted Sep 09, 2016 05:31 AM

    Hi Omeng,

    Also check out the SEPM "Network Threat Protection" attack logs.

    With thanks and best regards,

    Mick