Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Symantec Endpoint Protection firewall trouble

Created: 04 Aug 2012 | 5 comments

Recently I have been having trouble configuring my firewall to allow me to browse the internet using Google Chrome or Firefox.  It lets me browse the internet for a brief amount of time before an alert message pops up saying that there is a denial of service for my ip address and blocks me from reconnecting to the internet for a 10 minute time frame.  And if I disable my Network Threat Protection, so I guess essentially my firewall, my internet works fine.  I'm wondering if this has something to do about IE being my default browswer.  

Comments 5 CommentsJump to latest comment

Mohan Babu's picture

IPS will block the Denial of service attack and block the attacker ip and it detects for port scan and block the ip for 600 Seconds [10 minutes].

Enable denial of service detection Causes the client to check inbound and outbound traffic for known denial-of-service attack patterns. Denial-of-service attacks are an explicit attempt by an intruder to prevent legitimate users of a service from using that service.
This option is enabled by default.

Check this out:

Symantec Endpoint Protection Manager - Intrusion Prevention - Policies explained

http://www.symantec.com/docs/TECH104434

Best practices regarding Intrusion Prevention System technology

http://www.symantec.com/docs/TECH172174

 

Mohan Babu

moglie20@gmail.com

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)

Ashish-Sharma's picture

Hello,

The message what you are getting is from IPS  ( intrusion prevention signatures)

Denial-of-service attacks

Examines all network packets for specific known attacks that limit your computer's use of the services that you would normally expect to have.

various kinds of attacks are there , in that DOS Denial of service is one of them.

http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=21422

its good that symantec is blocking it, safe.

I would also suggest you to check these Threads:

https://www-secure.symantec.com/connect/forums/denial-service-1

https://www-secure.symantec.com/connect/forums/denial-service-logged-what-gives

https://www-secure.symantec.com/connect/forums/denial-service-2

Hope that helps!!

Thanks In Advance

Ashish Sharma

Chetan Savade's picture

Hi,

There is a vulnerability in the system & Symantec is blocking attack against vulnerability.

When Symantec blocks an attack SID will be getting generated.

Could you please share that SID with us? it may help to pinpoint issue.

Machine should be updated with windows patches and service pack.

Always recommended to use latest SEP version with all three features i.e. AV/AS, PTP & NTP.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

cus000's picture

Also please share us what SEP version are you using.