Video Screencast Help

Symantec Endpoint Protection Port Blocking

Created: 27 May 2010 • Updated: 28 Jun 2010 | 1 comment
This issue has been solved. See solution.

I have a laptop running wireless with Symantec Endpoint Protection Version 11.0.4000.2295
Antivirus Definitions: May 26, 2010 r39
Proactive Protection Definitions: May 26, 2010 r17
Network Threat Protection: May 13, 2010 r1

Recently I have been getting this message since Tuesday (2 days passed) as I brought my laptop home (working at home) and access my wireless network:

Traffic has been blocked from this application : (ntoskrnl.exe)
Traffic has been blocked from this application : (ntoskrnl.exe)

Traffic from IP address: 192.168.8.1 is blocked from 5/27/2010..to 5/27/2010
Port Scan attack is logged

And because of that, I cannot access internet. Note that the IP address is common for all Router configuration.

Note:
I have another desktop that is wired to the wireless router and it's working fine.  The desktop has the Windows Firewall on as well as AVG antivirus.
I have access into my router , check the configuration to see if it's been hacked  - no traces since I even changed the password..etc..etc

Comments 1 CommentJump to latest comment

Mudit Kumar's picture

Checked the below article, could be of help

Title: 'Intrusion Detection alerts received on a SEP client for ntoskrnl.exe'
Web URL: http://service1.symantec.com/support/ent-security....

Another option is if the IP is known to you this can be exclused from the Symantec Endpoint Protection Manager Console
> Login into Symantec Endpoint Protection Manager.
>Click on Policies - Intrusion Prevention - Edit the Intrusion Prevention policy
>Click on Settings, Tick the "Enable excluded hosts" option and click on the Excluded Hosts button to add your ip address (or a range of ip address, alternatively you could also use the subnet option).

Thanks & Regards,
Mudit Kumar
 

SOLUTION