Endpoint Protection

I'm still seeing this frequently in RU6 MP3 clients, where an elert is generated, but the offending application is not identified. I seem to rememember this was a bug in earlier versions that was supposedly fixed.  Deleting the rule does not resolve the issue.

Does anyone have a status on this? Is it still a bug, if so is there a planned fix? If not a bug, is there a fix?

Thank you.

 HI Justin_g ,

                Can you take screenshot of the alert . Also check in all the logs .

Sure, this is a partial screen-cap of the .mht alert. It is scrolled all the way over, so the text is not obscured:

http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=20042

Is the source IP of a Unix box ?

Hi ,

 Please do not delete the rule . It is a DDOS (Denial Of Service ) . Do not delete the rule .

It is not necessary it has to be a single application . This DDOS can try to get the details from the TCP and UDP packets . Using those details it can change the password to default password . There no source address for this DDOS .

This is what i suggest , Run the SEP_support_tool.exe and collect the logs . Download from

ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/SEPDIAG/

Select SEP_support_tool.exe 

Run the tool and collect the logs.

Upload the file and i will check it . You cannot view by notepad because the file extension is different .

It is not txt but it is SDBZ . THere is a viewer in the same Folder "SEPDIAG" download the Viewer .

Check the logs and If you find any program or application .

send it to Security Response Team.

Use This KB article : http://www.symantec.com/docs/TECH147870

This article will tell you , What do send , how to send it and whom to send it .