Endpoint Protection

Hello there,

Two things:

1.)  I get an error from Windows Security Center stating that Symantec is not reporting it's status in format that Vista understands.  Again.  What is going on here?  Why does this happen every once in a while?

2.)  I'm getting a ton of blocked outgoing Network Threats.  How do I determine what's causing this?  They are reported several times a minute - here's one of them:
403 3/26/2010 6:18:18 PM Blocked 10 Unknown None 0.0.0.0 33-33-00-00-00-0C 0 0.0.0.0 00-E0-B8-E2-86-30 0  Celmer WORKGROUP Default 1 3/26/2010 6:17:17 PM 3/26/2010 6:17:17 PM Block_all 

This can't be a good thing.

Thank you for your help.
Mark.

What is the version of SEP Installed?

1. Make sure you are using the latest version of SEP that is 11.0.5002.333
2. The firewall is blocking your packets on your nic..
open SEP-onNetwork Threat Protection- options- Change Settings-Microsoft windows networking
--Scroll down and select your adapter ( even though it says allowed to all ) and check the boxes below it to allow file sharing..

thanks - Perhaps you misunderstood.  These are outging threats that are being blocked.

The setting was already set to file sharing.  Other ideas?

Thanks in advance.

Oh and yes I need to get the latest version.  Our company doesn't have the right version for us to download right now.  I've asked them about it. 

The version that I am running is 11.0.1000.1375

An unmanaged client has a default "Block_all" rule which is not configurable
http://service1.symantec.com/support/ent-security.nsf/docid/2007110509074348

So if this is traffic is a Legitimate traffic you can allow this traffic by adding a rule to allow this traffic.

You must upgrade to a Latest version ASAP thats a very old..and kind of buggy version..atleast 1000 issues have been fixed in version and the 11.0.5003.22 so just upgrading might fix all your issues.

Vikram,

I'm working on getting the latest version. 

In the meantime, can you help me determine whether this "traffic" is legitimate?  And if it is legitimate, help me add a rule?

Thanks,
Mark.

Traffic is to from 0.0.0.0 so it also might be a bug ..there was a similar bug in the older version with teefer2 driver no installing properly in NIC card.

ok I've upgraded but I still get the same errors"

1.)  Windows Security Center does not recognize Symantec's status reporting.

2.)  Network Protection continues to report blocked outging as follows
1 4/15/2010 12:20:52 PM Blocked 3 Outgoing IPv6 [type=0x86DD] 0.0.0.0 33-33-00-01-00-03 0 0.0.0.0 00-E0-B8-E2-86-30 34525  Celmer Celmer-PC Default 1 4/15/2010 12:20:35 PM 4/15/2010 12:20:35 PM GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_102 

is does this often and is obviously slowing the system down.

Can anyone tell me what is going on here?

Thanks !

There is a Default rule to block IPV6 as SEP does not support IPV6 yet.

What is IPv6?

Is it dangerous?

http://en.wikipedia.org/wiki/IPv6

yep thanks. Read that already.

Simple question:

How do I determine what is causing all these outgoing network attempts?

Is there a method to determine what is causing all these outgoing network attempts?

Check the built in Network Activity tool in SEP and see what process it is

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/0955a189fe3001268025757d00412193?OpenDocument