Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

SEP - Internet Email Auto Protect Issue

Created: 06 Aug 2010 | 12 comments

We have a 3rd party program that is used to make an SMTP connection with a username and a password to our internal mail server. While Internet Email Auto-Protect is enabled, the application is not allowed to do this process. The connection is blocked. When I disable Internet Email Auto-Protect, everything works fine with the exception of SEP states that it has been completely disabled.

I prefer to leave Internet Email Auto-Protect on. Does anyone have any suggestions?

Comments 12 CommentsJump to latest comment

P_K_'s picture

Which is SMTP program you use, If you can give us a name we can try to find if there is any conflict or not?

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

Khue's picture

The application is called Suunto. It only makes outbound connections to our mail server (read: send only, no receive).

Thomas K's picture

What is the Suunto product name and version number? Is the client firewall set up to allow traffic for the Suunto product?

Khue's picture

Sorry Suunto Fitness Solution 1.1.1.4. And why would the client firewall come into play when the application works fine if Internet Email Auto Protect is disabled? Does disabling Internet Email Auto Protect automatically remove block entries from the Symantec Client Firewall for SMTP, POP, and other types of mail traffic? While the firewall is installed, I have no policy configuration settings configured. 

Jason1222's picture

Using Username/Password authentication over TSL/SSL?
In general settings, outgoing ports are configures to use port 25 (SMTP).
Do you have an exception to allow port 465 or 587?

I have seen other discussions where you need to configure one of these ports; 465 or 587- in order to get authentication to work.

Thomas K's picture

Good point, something in the Internet Email Auto protect feature is seeing outgoing traffic as a threat.

Try disabling Outbound worm heuristics, and test if the issue goes away.

http://seer.entsupport.symantec.com/docs/331120.htm

Khue's picture

Yeah I already tried that. I thought for sure that would fix it but no luck. The connection being made is just a simple SMTP connection. Since it happens inside of our own network, meaning there is no traversal of the internet until AFTER our mail server, there is no need for a secure connection. It's very bizzare. Any other suggestions are welcome.

Mick2009's picture

Hi Khue,

Are there any entries created in the SEP Risk History, or any pop-ups on screen when the connection is blocked-?  SEP generally let sit be known when actions like this are taken. 

Thanks and best regards,

Mick

With thanks and best regards,

Mick

AravindKM's picture

in SEPM go to Monitors-->logs-->risks and check any entry present related to this.If present add it ti centralized exceptions.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Khue's picture

There aren't any popups or anything. I also see no logging for that specific device relating to blocked risks. 

AravindKM's picture

I think it is better to open a case with symatec for this...

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind