Video Screencast Help

VMWare network blocked/ping loss by SEP 11

Created: 25 Jul 2012 | 5 comments

Hi all,

I have a HOST with Windows Server 2008 R2, VMWare 8.0 and Symantec Endpoint Protection 11.0.7101 installed. (everything is up-to-date)

If I start now a Virtual Machine on this Host then the communication to my gateway (Router) will be blocked. (within the VM is no SEP-Client installed)

The most confusing thing: Not only the communication to the gateway from the VM is blocked also from the Host and all the other Clients on my network...

I removed the Symantec SEP Client completely from the Host and the problem is gone!

 

Already tried:

- Allowed all IPv6 Traffic in the SEP Firewall

- Created special Firewall Rule for local network and all adapter --> allow all

- Excluded the whole network range from the IPS (Intrusion Prevention)

 

But I still have the same problem as long as the SEP-Client is installed on the local Host... If I remove the SEP Client everything is working...

Any ideas?

 

Comments 5 CommentsJump to latest comment

Jackie007's picture

Check this forums,

https://www-secure.symantec.com/connect/forums/network-threat-protection-doesnt-allow-ping

Thanks....

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you

SchmidA's picture

Theses settings are all by default...

Attached you can see my current Firewall settings...

Any more ideas?

NTP_Settings.png
Ajit Jha's picture

Can we have Firewall Log Uploaded here please

Regard's

Ajit Jha

Technical Consultant

ASC & STS

SchmidA's picture

Thanks for your answer.

I did many re-installations from SEP11 and also from the Manager... At the moment the logs are completely empty! Just one Denial of Service was recognized from one of my hardware clients.

Any more ideas? It must have something to do with SEP... Because if I remove SEP from my Server everything is fine...

At the moment all settings are standard settings. Except one Firewall Rule for my local network. (see screenshot above)

Maybe the logs are empty because of the standard settings from SEP?

SchmidA's picture

I also installed now the newer version 11.0.7 MP2 but same problem.

Over this installation I installed the 12.1.1 version and still same problem. But in this version I was able to find something in the NTP logfiles.

I have a lot of entrys with 0x802 (ARP) traffic. (Rule: Block all other traffic)

I created a new Rule to allow such traffic but still same problem...

I have no ideas how I could solve this problem... Any ideas / suggestions ?