Endpoint Protection

The above processes in title are blocked continously.  I need a simple, barny style, solution to edit my firewall or whatever to ignore or allow these services to run.

I have searched the forums and I don't understand what I'm looking at.  I have an unmanaged client.  I downloaded this from the Army in 2012 and it worked fine until 6 months ago.  I believe I enabled ipv6 while trying to tether my xbox through my laptop which is when the errors started.  From what I read ipv6 is an integral part of the Windows operating system so I have no desire to disable it.

I read in another post to edit my Network Threat Protection settings or add an exception to ignore the processes.  I can't seem to figure out how to do that. I've devoted a couple hours to figuring out what should be a simple fix. 

Can someone walk me through how to edit SEP to create an exception for these processes?

Thanks.

You can create a firewall rule to allow the specific port to go out.
 

Hi,

It's intresting to know these processes are blocked. However Double-click on the Symantec shield icon on the taskbar. You can also access the client interface from the Start Menu: Start > All Programs > Symantec Endpoint Protection.

When the client interface opens you will see the Status page, where you can configure the firewall rules.

1. Click Options next to Network Threat Protection.
2. Select Configure Firewall Rules.

By default, legacy versions of SEP have five rules, and SEP 12.1 has 21. You can add your own customized rules via the Add Rule button. Unlike managed clients, there is no rule creation wizard. Instead, a pop-up appears and allows you to configure a blank rule.

Adding a new rule

There are five tabs in the New Rule menu.

• General
• Hosts
• Ports and Protocols
• Applications
• Scheduling

Reference: http://www.symantec.com/docs/TECH105725

This happens when a devices that you have at home (probably the Xbox!) (connected in the same network as your computer) tries to discover other devices in the network (Called network discovery) with one of the below 2 conditions.

1) When your (home) network is configured with an IP range that doesn't fall under the following:

IP Range- 10.0.0.0 to 10.255.255.255
IP Range- 172.16.0.0 to 172.31.255.255
IP Range- 192.168.0.0 to 192.168.255.255
IP Range- 169.254.0.0 to 169.254.255.255

OR

2) When the devides use IPV6 communication for network discovery.

In such cases, the default action of the SEP firewall is to block those traffic to prevent the other devices from knowing about your computer.

You can check the firewall logs in the SEP client to know which one of the above 2 conditions is triggering it on your PC.

If it is the IP range as in condition 1, then add your IP range to the firewall rule named "Allow UPnP Discovery from private IP addresses".

To get there, open the SEP client interface -> Go to Options under Network Threat Protection -> select "Configure Firewall Rules" -> Look for Rule named "Allow UPnP Discovery from private IP addresses" and highlight it and select EDIT at the bottom of the screen -> Go to "Hosts" tab.