What is going on?
I have been using symantec endpoint small buisness edition for some time now and have been happy with its performance. However, recently the program has been acting extremely strange. The program is now doing many things I have not seen before. I will list them:
1. Windows will often pop up in the bottom right corner of the screen with messages similar to " Process number (this number is 5 digits) has changed since you last used symantec." This happens quite often and usually multiple times every time I use my computer, and it is always a different process number.
2. Symantec will prompt me before letting the Google Chrome Web Browser connect to the internet. This message also says that this may occur if I updated the program recently (which I did not manually, however the program may update automatically), it may have caused this.
3. Symantec will block my wireless router's ip address at random so i cannot access the internet.
I have an idea of what might be causing the problems. Recently I bought a new wireless router because my old one burnt out. I don't know why this would be causing so many problems with the TWO computers I regularily use on my network. Each of the computers are not supposed to be managed by another client. Could I be under attack by a hacker?
Please help asap! Thanks!
Router: Netgear N600 Wireless Dual Band Gigabit Router.
Computers: Desktop (Windows Vista Home Premium), Laptop (Windows 7 Home Premium)
Comments 8 Comments • Jump to latest comment
What version of SEP are you running?
Have you checked your NTP logs or can you post them here?
Can you post screenshots of the messages?
SEP Knowledge Base
Endpoint SWAT
Symantec small buisness edition.
version: 11.0.6005.562
Do you want me to just copy and paste the NTP logs?
I have attached a picture of the process change (not all of the changes are 5 digit processes i guess. sorry). Also I have attached a picture of the google chrome message (I blacked-out some information because I thought it may be sensitive. If you need it i will repost the picture without the black-outs)
Surprisingly, I wasn't able to get a picture of the error message when it blocks my router's ip. However it is the same size box as the process change one, and it says something along the lines of "traffic from this ip address is blocked from time until time (usually a period of 10 minutes).
Hi Mike
This notification is generated by the Network Application Monitoring feature within the product. You can add programs to the Unmonitored Application List in order to prevent SEP from generating these notices for certain applications.
To do this, follow the steps detailed below:
Regard's
Ajit Jha
Technical Consultant
ASC & STS
Hello,
SEP version: 11.0.6005.562 is not a Symantec Small Business Edition (SBE). It is an Enterprise Edition (EE).
It is always recommended to Install the Latest Version of Symantec Endpoint Protection. At present the latest version of Symantec Endpoint Protection version 11.0.7300
Coming to your questions -
1. Windows will often pop up in the bottom right corner of the screen with messages similar to " Process number (this number is 5 digits) has changed since you last used symantec." This happens quite often and usually multiple times every time I use my computer, and it is always a different process number.
This happens when you have a "Network Application Monitoring" feature turned ON.
In SEPM goto "Clients" and click on any of your groups. Then open the "Policies" tab. Click on the third option "Network Application Monitoring". You can switch it off or add an execption for the Application.
Check this Article:
Symantec Endpoint Protection states that an application “has changed since the last time you used it."
http://www.symantec.com/docs/TECH123331
2. Symantec will prompt me before letting the Google Chrome Web Browser connect to the internet. This message also says that this may occur if I updated the program recently (which I did not manually, however the program may update automatically), it may have caused this.
---- As Above.----
In SEPM goto "Clients" and click on any of your groups. Then open the "Policies" tab. Click on the third option "Network Application Monitoring". You can switch it off or add an execption for Google Chrome Browser.
3. Symantec will block my wireless router's ip address at random so i cannot access the internet.
I have an idea of what might be causing the problems. Recently I bought a new wireless router because my old one burnt out. I don't know why this would be causing so many problems with the TWO computers I regularily use on my network. Each of the computers are not supposed to be managed by another client. Could I be under attack by a hacker?
Add the wireless router's ip address as an excluded host by -
SEPM >> Policies >> Intrusion Prevention Policy > Settings > Enable excluded hosts, then add in your printer's IP
Check these Threads:
https://www-secure.symantec.com/connect/forums/endpoint-protection-blocks-ip-my-router
https://www-secure.symantec.com/connect/forums/endpoint-protection-blocks-my-routers-ip-address
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Also, this version has a bug which was causing routers, dns servers, etc to be blocked as it thought it was a denial of service. Upgrading to a newer version fixes this.
SEP Knowledge Base
Endpoint SWAT
Thanks for all the help!
Hi Mike,
I would like you to have a look into the below Thread:
https://www-secure.symantec.com/connect/forums/goo...
Regard's
Ajit Jha
Technical Consultant
ASC & STS
Would you like to reply?
Login or Register to post your comment.