Endpoint Protection

I know this has probably been brought up many times, but Ive yet to find anything to help me.

I am using SEP 12.1.1000.157 RU1.

Basically I want to try and find out if I have been infected by a virus or some malware, or if SEP is just going crazy. I have not been able to find logs or anything so I dont have much to post however if they are needed and someone can give me directions on where to find them, I can post them.

I'm running Windwos 7 Home Premium 64 bit.

It's the SEP firewall alerting on this:

Traffic has been blocked for the application host process for Windows Services Svchost.exe

It could be because of IPv6. This can be turned off in Windows

One of the default firewall rules in SEP is to block this behaviour.

If you open the firewall rules, this particular rule should be at the top. You can chose to allow it or let it continue to be blocked.

IPv6 is not widely used so it's really up to you.

check the traffic logs.

hello,

check Ajit Jha Comments

https://www-secure.symantec.com/connect/forums/constant-notification-traffic-has-been-blocked-application-svchostexe#comment-8127911

Hi

Please refer the article below

http://www.symantec.com/business/support/index?page=content&id=TECH165942&actp=search&viewlocale=en_US&searchid=1372334029852

Regards

Hi

Can you please provide the update on the provided solution

Regards

Hi, 

Have you checked the logs on SEPM related to it ?

Keep posted the logs for further analysis.

Regards

Ajin

Disabling IPv6 is NOT a good solution.

Hi

Can you please upgrade to SEP 12.1.3 and observe

Regards