Endpoint Protection

 View Only

  • 1.  SEP RU6 UDP FLOOD ISSUE!

    Posted May 18, 2010 11:53 AM
    Starting with Symantec Endpoint Protection RU6 and continuing in RU6A, the "UDP Flood Attack" threshold is set too low.  Denial of Service notices\responses are being triggered to cause an Active Response block for legitimate DNS servers.  Adding an exception is not a valid solution since we can not add exceptions for every users home network.  One of the two following solutions should be implemented:

    •Increase the threshold
    •Allow the customer to have an option to set this threshold manually


  • 2.  RE: SEP RU6 UDP FLOOD ISSUE!

    Posted May 18, 2010 12:10 PM
    @ JD,

    Yeah, it's a known issue. Please see this thread:
    https://www-secure.symantec.com/connect/forums/sepv11-dos-ips-logs-after-upgrading-clients-ru6#comment-3978191


    I had to disable the DoS protection until Symantec releases a fix.

    Mike



  • 3.  RE: SEP RU6 UDP FLOOD ISSUE!

    Posted May 18, 2010 12:14 PM
    Disabled DoS now vulnerable until Symantec provides fix!


  • 4.  RE: SEP RU6 UDP FLOOD ISSUE!

    Posted May 18, 2010 12:18 PM
     DoS vulnerabilities in Firefox Internet Explorer Chrome Opera and other browsers reported on security website!
    Where is the fix Symantec?