Symantec Endpoint Protection blocks traffic from firefox.exe
Yesterday I did Live Update of my Symantec Endpoint Protection 11.x, after that SEP starts blocking my firefox traffic. I am getting an prompt that "Traffic has been blocked from this application: (firefox.exe). I find below log in Network Threat Protection > Traffic Log
4/12/2009 9:31:07 PM Blocked 10 Outgoing TCP en-gb.start2.mozilla.com [209.85.227.99] 00-90-D0-03-84-5C 80 192.168.1.72 00-1E-68-54-E0-90 52661 C:\Program Files\Mozilla Firefox\firefox.exe Anand Anand-PC Default 3 4/12/2009 9:30:05 PM 4/12/2009 9:30:16 PM GUI%GUICONFIG#SRULE@APPCONFIG-TCP#C:\Program Files\Mozilla Firefox\firefox.exe
I tried disabling Network Threat Protection and firefox works fine.
My Network Threat Protection definitions:- Friday, March 13,2009 r1
Could please tell why SEP blocks my firefox?
Thanks,
Anand
Comments 9 Comments • Jump to latest comment
Hi Anand,
I think u might be having some policy to block any files which tries to connect to Internet, hence firefox is getting block. You can exculde firefox.exe from NTP.
Rrgds,
SAM
Be come sure about the addins.
By the way there are only two reasons for the issue:
1- a rule in NTP
2- the Firefox malfunctioning
Symantec Certified Specialist \ MCSE +Security \ CCNSE
I tried even without any Add-ons, still same problem. Firefox version is also latest one 3.0.8
Now for time being i have set rules in Network Threat Protection > Application Settings to allow Firefox.exe and it works fine.
Thanks for all your help
Anand,
Enable the NTP on a sample client and after it blocked the firefox, check the logs to figure out what kind of attacks it detects the firefox is causing.
Inform us of the report, it can be a good research!
Symantec Certified Specialist \ MCSE +Security \ CCNSE
It shouldn't do that. I have SEP and Firefox works well. Although I don't have any add-ins installed.
“Your most unhappy customers are your greatest source of learning.”
The best approach would be to log all the rules and launch the application again.
Once it's blcoked, Take a look at the logs and see what rule(s) are blocking it.
Create a counter rule exactly the same with the application as firefox.exe but with the action as allow and move it to the top.
De facto when AV does something, it starts jumping up and down, waving its arms, and shouting...
"Hey! I found a virus! Look at me! I'm soooo goooood!"
Hi, Is this the same case with IE? I think it uses the same port with firefox. Please review your current firewall policies.
Try disabling NTP again, running firefox and running netstat in command prompt or get a gui version so you could see other the ports used at that time and to which IP they're connecting.
“Your most unhappy customers are your greatest source of learning.”
Hi when I try to do a look up on the IP address, (209.85.227.99) the address belongs to Google, I guess you just need to add this on exceptions.
Would you like to reply?
Login or Register to post your comment.