Video Screencast Help

Traffic has been blocked from SVCHOST.exe

Created: 20 Mar 2013 | 11 comments

As with so many others that I find on the Symantec Forums site, I am getting the pop up error every few minutes "Traffic has been blocked from this application: SVCHost.exe". I am running Windows Server 2008 R2. I have read through many other posts regarding this message. I have disabled IPV6 on the network adapter, I have disabled the notifications for the group the My Company group, at the top of the tree in SEPM. I have stopped blocking UPnP traffic in the shared Firewall Policy. I am still getting the error message every few minutes.

This is a brand new installation of both Windows Server 2008 R2 and Symantec Enpoint Protection 12.1.2015.2015. What can be done to stop this message. I do not want to implement SEP any further until this can be resolved. Its annoying that the message continues to pop up.

Please help!

Operating Systems:

Comments 11 CommentsJump to latest comment

.Brian's picture

Post the traffic log here with that traffic in it so it can be reviewed if you want to see if a rule should be created to allow it.

Otherwise you can just turn off the alert by following this KB article

How to Disable Client Intrusion Prevention Notifications in Symantec Endpoint Protection Manager (SEPM)

Article:TECH105013  |  Created: 2008-01-28  |  Updated: 2010-01-11  |  Article URL http://www.symantec.com/docs/TECH105013

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

DuganProIT's picture

As noted in the initial post, I did disable the alert. I'm attaching an doc showing a screen shot where it is disabled. I'm also attaching a txt file showing some of the traffic so you can see what comes up in the logs. Still the notification pops up very frequently.

AttachmentSize
traffic.txt 216.75 KB
SEPM.doc 166 KB
Rafeeq's picture

disable the iphelper service. Edit: Saw the screen shot now..

1. Turn off the iphelper service, set to manual.  This stops the warning dialog from popping up.  

2. Open the Network and Sharing Center, click "Change adapter settings", select the adapter being used, right-click and select "Properties".
Uncheck the box next to "Internet Protocol Version 6 (TCP/IPv6)". 
IPv6 is on by default in Vista/Win7.

3. Restart machine.

Mithun Sanghavi's picture

Hello,

Check this Article:

Traffic has been blocked for the application host process for Windows Services Svchost.exe

http://www.symantec.com/docs/TECH165942

and this Thread:

https://www-secure.symantec.com/connect/forums/constant-notification-traffic-has-been-blocked-application-svchostexe

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

DuganProIT's picture

Have been through all those steps, Still receiving the message every few minutes.

DuganProIT's picture

I have disabled the IPHelper service, disabled IPv6 on the active interface, and rebooted. I am still getting the message. What else can I try to get rid of this constant pop up?

DuganProIT's picture

Here is a Doc file with a screen shot showing the popup and a screen shot showing the Log right after... 

AttachmentSize
ScreenShot.doc 37 KB
.Brian's picture

Have you investigated this futher? You have remote machine trying to contact your machine. I would make sure this isn't some sort of attack attempt on your machine.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

DuganProIT's picture

I am accessing the server remotely, always from the same IP address. Is it the remote access into the server that is generating the error message? The server is in the other room, it has no monitor, keyboard, nor mouse connected to it. I'm always looking at it through Remote Desktop.

.Brian's picture

it is using the UDP protocol so I'm not sure that it is RDP. RDP uses TCP 135.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.