Starting with Symantec Endpoint Protection RU6 and continuing in RU6A, the "UDP Flood Attack" threshold is set too low. Denial of Service notices\responses are being triggered to cause an Active Response block for legitimate DNS servers. Adding an exception is not a valid solution since we can not add exceptions for every users home network. One of the two following solutions should be implemented:
•Increase the threshold
•Allow the customer to have an option to set this threshold manually