Endpoint Protection

In a Symantec Endpoint Protection Environment of around 1700+ computers, one computer is having issues with Symantec. Whenever any website is visited, Symantec Pops a message up that Port scan was tried and blocks that IP which happens to be the IP of proxy server. Internet stops working when this IP is blocked. It has been 2 days since this problem started. Any help would be appreciated. These 2 rules are blocking the traffic.

Any help would be appreciated.

Hello,

Check the NTP logs, there could have been attack hence the traffic from that machine is blocked for 10 minutes.

If you feel the traffic should be allowed, go to the Firewall policy ---> Protection and stealth settings--> uncheck 'Automatically block an attacker's IP address'

Since your proxy is the source IP, this is expected behaviour. SEP is not proxy aware.

To stop this, in SEPM go to your Firewall policy and go to the Protection and Stealth tab and uncheck this option:

Create a firewall rule to allow traffic to that proxy.

Update: This problem was occuring only when any website was opened with Google Chrome. Mozilla Firefox and Internet Explorer were working fine. It was also found the the client version on that Machine was 12.1.4. When I upgraded the machine to 12.1.5 version. The problem disappeared.