Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

What is going on?

Created: 09 Dec 2012 • Updated: 17 Dec 2012 | 8 comments
This issue has been solved. See solution.

I have been using symantec endpoint small buisness edition for some time now and have been happy with its performance. However, recently the program has been acting extremely strange. The program is now doing many things I have not seen before. I will list them:

1. Windows will often pop up in the bottom right corner of the screen with messages similar to " Process number (this number is 5 digits) has changed since you last used symantec." This happens quite often and usually multiple times every time I use my computer, and it is always a different process number.

2. Symantec will prompt me before letting the Google Chrome Web Browser connect to the internet. This message also says that this may occur if I updated the program recently (which I did not manually, however the program may update automatically), it may have caused this.

3. Symantec will block my wireless router's ip address at random so i cannot access the internet. 

I have an idea of what might be causing the problems. Recently I bought a new wireless router because my old one burnt out. I don't know why this would be causing so many problems with the TWO computers I regularily use on my network. Each of the computers are not supposed to be managed by another client. Could I be under attack by a hacker?

Please help asap! Thanks!

Router: Netgear N600 Wireless Dual Band Gigabit Router.

Computers: Desktop (Windows Vista Home Premium), Laptop (Windows 7 Home Premium)

 

Comments 8 CommentsJump to latest comment

_Brian's picture

What version of SEP are you running?

Have you checked your NTP logs or can you post them here?

Can you post screenshots of the messages?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mike8771's picture

 

Symantec small buisness edition.

version: 11.0.6005.562

Do you want me to just copy and paste the NTP logs?

I have attached a picture of the process change (not all of the changes are 5 digit processes i guess. sorry). Also I have attached a picture of the google chrome message (I blacked-out some information because I thought it may be sensitive. If you need it i will repost the picture without the black-outs)

Surprisingly, I wasn't able to get a picture of the error message when it blocks my router's ip. However it is the same size box as the process change one, and it says something along the lines of "traffic from this ip address is blocked from time until time (usually a period of 10 minutes).

Ajit Jha's picture

Hi Mike

This notification is generated by the Network Application Monitoring feature within the product. You can add programs to the Unmonitored Application List in order to prevent SEP from generating these notices for certain applications.

To do this, follow the steps detailed below:

  1. Log into the Symantec Endpoint Protection Manager.
  2. Navigate to the the Clients page.
  3. Choose the Client Group that the affected client(s) is a member of.
  4. Go to the Policies tab for that group.
  5. Open Network Application Monitoring option.
  6. Click Add.
  7. Specify any combination of criteria for the specific application’s executable file.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

Mithun Sanghavi's picture

Hello,

SEP version: 11.0.6005.562 is not a Symantec Small Business Edition (SBE). It is an Enterprise Edition (EE).

It is always recommended to Install the Latest Version of Symantec Endpoint Protection. At present the latest version of Symantec Endpoint Protection version 11.0.7300

Coming to your questions - 

1. Windows will often pop up in the bottom right corner of the screen with messages similar to " Process number (this number is 5 digits) has changed since you last used symantec." This happens quite often and usually multiple times every time I use my computer, and it is always a different process number.

This happens when you have a "Network Application Monitoring" feature turned ON.

In SEPM goto "Clients" and click on any of your groups. Then open the "Policies" tab. Click on the third option "Network Application Monitoring". You can switch it off or add an execption for the Application.

Check this Article:

Symantec Endpoint Protection states that an application “has changed since the last time you used it."

http://www.symantec.com/docs/TECH123331

2. Symantec will prompt me before letting the Google Chrome Web Browser connect to the internet. This message also says that this may occur if I updated the program recently (which I did not manually, however the program may update automatically), it may have caused this.

---- As Above.----

In SEPM goto "Clients" and click on any of your groups. Then open the "Policies" tab. Click on the third option "Network Application Monitoring". You can switch it off or add an execption for Google Chrome Browser.

3. Symantec will block my wireless router's ip address at random so i cannot access the internet. 

I have an idea of what might be causing the problems. Recently I bought a new wireless router because my old one burnt out. I don't know why this would be causing so many problems with the TWO computers I regularily use on my network. Each of the computers are not supposed to be managed by another client. Could I be under attack by a hacker?

Add the wireless router's ip address as an excluded host by - 

SEPM >> Policies >> Intrusion Prevention Policy > Settings > Enable excluded hosts, then add in your printer's IP

Check these Threads:

https://www-secure.symantec.com/connect/forums/endpoint-protection-blocks-ip-my-router

https://www-secure.symantec.com/connect/forums/endpoint-protection-blocks-my-routers-ip-address

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
_Brian's picture

Also, this version has a bug which was causing routers, dns servers, etc to be blocked as it thought it was a denial of service. Upgrading to a newer version fixes this.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ajit Jha's picture

Hi Mike,

I would like you to have a look into the below Thread:

https://www-secure.symantec.com/connect/forums/goo...

Regard's

Ajit Jha

Technical Consultant

ASC & STS