Endpoint Protection

We have a 3rd party program that is used to make an SMTP connection with a username and a password to our internal mail server. While Internet Email Auto-Protect is enabled, the application is not allowed to do this process. The connection is blocked. When I disable Internet Email Auto-Protect, everything works fine with the exception of SEP states that it has been completely disabled.

I prefer to leave Internet Email Auto-Protect on. Does anyone have any suggestions?

Which is SMTP program you use, If you can give us a name we can try to find if there is any conflict or not?

The application is called Suunto. It only makes outbound connections to our mail server (read: send only, no receive).

What is the Suunto product name and version number? Is the client firewall set up to allow traffic for the Suunto product?

Sorry Suunto Fitness Solution 1.1.1.4. And why would the client firewall come into play when the application works fine if Internet Email Auto Protect is disabled? Does disabling Internet Email Auto Protect automatically remove block entries from the Symantec Client Firewall for SMTP, POP, and other types of mail traffic? While the firewall is installed, I have no policy configuration settings configured. 

Good point, something in the Internet Email Auto protect feature is seeing outgoing traffic as a threat.

Try disabling Outbound worm heuristics, and test if the issue goes away.

http://seer.entsupport.symantec.com/docs/331120.htm

Using Username/Password authentication over TSL/SSL?
In general settings, outgoing ports are configures to use port 25 (SMTP).
Do you have an exception to allow port 465 or 587?

I have seen other discussions where you need to configure one of these ports; 465 or 587- in order to get authentication to work.

Yeah I already tried that. I thought for sure that would fix it but no luck. The connection being made is just a simple SMTP connection. Since it happens inside of our own network, meaning there is no traversal of the internet until AFTER our mail server, there is no need for a secure connection. It's very bizzare. Any other suggestions are welcome.

Hi Khue,

Are there any entries created in the SEP Risk History, or any pop-ups on screen when the connection is blocked-?  SEP generally let sit be known when actions like this are taken. 

Thanks and best regards,

Mick

in SEPM go to Monitors-->logs-->risks and check any entry present related to this.If present add it ti centralized exceptions.

There aren't any popups or anything. I also see no logging for that specific device relating to blocked risks. 

I think it is better to open a case with symatec for this...

I'd rather leave it broken then.