Endpoint Protection

I have two locations, a "Corporate Network" and a "Remote Network" (off corporate network).  For these two locations I have two different Firewall rules, the rules for the Corporate Network are far less restrictive than the Remote Network.  The rules for my Remote network that I am using apparently are blocking the ability to do packet captures.  I have set Wireshark (and all associated exes) full access via a rule.

Is there something else I am missing? 

Check this video it should help.

https://www-secure.symantec.com/connect/videos/capturing-network-communication-packets-wireshark-utility

That doesn't help, I know how to use wireshark.  I need to know what rules I need to have in place so that I can successfull do a packet capture while NTP is enabled.

What problem are you having?  For example, SEP has the ability to block executables from running.  Is that the problem?  Or is it that after starting Wireshark no packets are being captured?
Are you running Wireshark on a Windows, Linux, etc?  If Windows are you running it as administrator or a non-admin account?
What happens if you remove the firewall policy entirely - does Wireshark work correctly then?
Could fw rule #1 be preventing Wireshark from capturing any packets?

After starting Wireshark while in the "Remote Network" no packets are captured. This is running on Windows, and yes it is being ran as an Administrator. If the policy is removed, or NTP is disabled everything works fine.

Firewall Rule #1 is blocking unapproved webites (i.e Youtube, facebook, myspace, etc.)

 Since you have access to both the firewall policy that does allow wireshark to work (corporate network) as well as the one that does not (remote network) I suggest comparing the two.

Then, one by one, disable (uncheck) any rules that the remote policy has that the corporate one does not have.

Or, alternatively, do the reverse on the corporate policy.

So if you remove the firewall policy it works fine?  Hmmm, interesting.  

I was reading the document posted by sandip and notice a comment by another user that in order to run Wireshark he had to turn SEP off first.  He commented  "starts blocking a lot of network traffic (Active Response blocked)".   He also mentioned that he logged a ticket with technical support.   He was running vMR4 MP1a.   I am running MR4 MP2 with a firewall policy, and using Wireshark v1.2.4 without any problems. 

Yeah I am running MR4 MP2 as well.  I know its a conflict in my rules. Just wondering if an extra set of eyes could see the issue or not...

Most scientific method would be to turn one rule at a time off, and see if Wireshark starts working when one of them is disabled. Alternately, narrow it down by doing half at a time and then keep narrowing it down that way. Same technique got me through hundreds of startup item conflicts back in the day. It's a pain, but it's likely to get you there eventually.