We are running SEP Mr4 (no MP)
When one of our employees runs his application via UNC path (
\\servername\foldername\application.exe ) Endpoint locks down the network connection and isolates itself from the network. In doing so it locks up Explorer.exe and the only resolution at that point is to reboot and not load the application. Uninstalling SEP works in the short term but we're trying to get them to play together.
At first I thought it was the Intrusion Prevention os Iedited the policy to include the server as an excluded host, below are the settings:
Enabled Intrusion Prevention - True
Enable Denial of service detection - True
enable port scan detection - True
Enable excluded hosts - true
automatically blcok an attacker's IP Address - 1 second (was 600, reduced for troubleshooting)
Excluded hosts shows Enabled, no group name, and the ip address for the server (static)
We get no warnings or logs indicating SEP is blocking the software so I'm not sure what is blocking it. The software is verified non-malicious, the firewall is currently set to allow any traffic with only Logging enabled for suspicious events.
Any suggestions? I'm looking at Application and Device control next, but because its a UNC path I'm not sure its going to work well.