Endpoint Protection

 View Only

  • 1.  SEP Locking down Network connection without warning?

    Posted Jun 25, 2009 10:39 AM
    We are running SEP Mr4 (no MP)

    When one of our employees runs his application via UNC path ( \\servername\foldername\application.exe ) Endpoint locks down the network connection and isolates itself from the network. In doing so it locks up Explorer.exe and the only resolution at that point is to reboot and not load the application.   Uninstalling SEP works in the short term but we're trying to get them to play together.

    At first I thought it was the Intrusion Prevention os Iedited the policy to include the server as an excluded host, below are the settings:

    Enabled Intrusion Prevention - True
    Enable Denial of service detection - True
    enable port scan detection - True
    Enable excluded hosts - true
    automatically blcok an attacker's IP Address - 1 second (was 600, reduced for troubleshooting)

    Excluded hosts shows Enabled, no group name, and the ip address for the server (static)


    We get no warnings or logs indicating SEP is blocking the software so I'm not sure what is blocking it.    The software is verified non-malicious, the firewall is currently set to allow any traffic with only Logging enabled for suspicious events.


    Any suggestions?  I'm looking at Application and Device control next, but because its a UNC path I'm not sure its going to work well.


  • 2.  RE: SEP Locking down Network connection without warning?

    Posted Jun 25, 2009 10:51 AM
    Turn off Tamper Protection and your issue should be resolved..
    I have seen many cases like these specially for some payroll application..or application for using remote database. 


  • 3.  RE: SEP Locking down Network connection without warning?

    Posted Jun 25, 2009 10:57 AM
    Hi,

           If you could please let us know the system configuration.


    SEP version
    The operating system on the Server on which SEPM is installed
    The operating system on the client.

    The isssue mentioned by you has been taken care of MR4 MP2.


  • 4.  RE: SEP Locking down Network connection without warning?

    Posted Jun 25, 2009 12:09 PM
    Tamper Protection is currently turned off on my test group - problem persists.


    Here's my testing info:
    SEP 11.0.4010.19
    SEPM: Windows Server 2003 R2 (also 11.0.4010.19)
    Clients: Vista SP2, XP SP2, XP SP3


    If I disable Network Threat Protection from within the SMC Gui it works well but thats about the only resolution I've come to so far.   I didnt see where it was corrected in Mr4 MP2, does that require an update of the SEPM as well?


  • 5.  RE: SEP Locking down Network connection without warning?
    Best Answer

    Posted Jun 25, 2009 12:37 PM
    Thats the wrong version you are using..
    This version was pulled out because of issues with the firewall blocking UNC.
    Please upgrade at the earliest 


  • 6.  RE: SEP Locking down Network connection without warning?

    Posted Jun 25, 2009 12:44 PM
    downloading MR4MP2 to test


  • 7.  RE: SEP Locking down Network connection without warning?

    Posted Jun 25, 2009 03:42 PM
    Updating to the MR4 MP2 corrected the issue

    thanks!