Endpoint Protection

I have been using symantec endpoint small buisness edition for some time now and have been happy with its performance. However, recently the program has been acting extremely strange. The program is now doing many things I have not seen before. I will list them:

1. Windows will often pop up in the bottom right corner of the screen with messages similar to " Process number (this number is 5 digits) has changed since you last used symantec." This happens quite often and usually multiple times every time I use my computer, and it is always a different process number.

2. Symantec will prompt me before letting the Google Chrome Web Browser connect to the internet. This message also says that this may occur if I updated the program recently (which I did not manually, however the program may update automatically), it may have caused this.

3. Symantec will block my wireless router's ip address at random so i cannot access the internet. 

I have an idea of what might be causing the problems. Recently I bought a new wireless router because my old one burnt out. I don't know why this would be causing so many problems with the TWO computers I regularily use on my network. Each of the computers are not supposed to be managed by another client. Could I be under attack by a hacker?

Please help asap! Thanks!

Router: Netgear N600 Wireless Dual Band Gigabit Router.

Computers: Desktop (Windows Vista Home Premium), Laptop (Windows 7 Home Premium)

What version of SEP are you running?

Have you checked your NTP logs or can you post them here?

Can you post screenshots of the messages?

Symantec small buisness edition.

version: 11.0.6005.562

Do you want me to just copy and paste the NTP logs?

I have attached a picture of the process change (not all of the changes are 5 digit processes i guess. sorry). Also I have attached a picture of the google chrome message (I blacked-out some information because I thought it may be sensitive. If you need it i will repost the picture without the black-outs)

Surprisingly, I wasn't able to get a picture of the error message when it blocks my router's ip. However it is the same size box as the process change one, and it says something along the lines of "traffic from this ip address is blocked from time until time (usually a period of 10 minutes).

Hi Mike

This notification is generated by the Network Application Monitoring feature within the product. You can add programs to the Unmonitored Application List in order to prevent SEP from generating these notices for certain applications.

To do this, follow the steps detailed below:

1. Log into the Symantec Endpoint Protection Manager.
2. Navigate to the the Clients page.
3. Choose the Client Group that the affected client(s) is a member of.
4. Go to the Policies tab for that group.
5. Open Network Application Monitoring option.
6. Click Add.
7. Specify any combination of criteria for the specific application’s executable file.

Hello,

SEP version: 11.0.6005.562 is not a Symantec Small Business Edition (SBE). It is an Enterprise Edition (EE).

It is always recommended to Install the Latest Version of Symantec Endpoint Protection. At present the latest version of Symantec Endpoint Protection version 11.0.7300

Coming to your questions - 

1. Windows will often pop up in the bottom right corner of the screen with messages similar to " Process number (this number is 5 digits) has changed since you last used symantec." This happens quite often and usually multiple times every time I use my computer, and it is always a different process number.

This happens when you have a "Network Application Monitoring" feature turned ON.

In SEPM goto "Clients" and click on any of your groups. Then open the "Policies" tab. Click on the third option "Network Application Monitoring". You can switch it off or add an execption for the Application.

Check this Article:

Symantec Endpoint Protection states that an application “has changed since the last time you used it."

http://www.symantec.com/docs/TECH123331

2. Symantec will prompt me before letting the Google Chrome Web Browser connect to the internet. This message also says that this may occur if I updated the program recently (which I did not manually, however the program may update automatically), it may have caused this.

---- As Above.----

In SEPM goto "Clients" and click on any of your groups. Then open the "Policies" tab. Click on the third option "Network Application Monitoring". You can switch it off or add an execption for Google Chrome Browser.

3. Symantec will block my wireless router's ip address at random so i cannot access the internet. 

I have an idea of what might be causing the problems. Recently I bought a new wireless router because my old one burnt out. I don't know why this would be causing so many problems with the TWO computers I regularily use on my network. Each of the computers are not supposed to be managed by another client. Could I be under attack by a hacker?

Add the wireless router's ip address as an excluded host by - 

SEPM >> Policies >> Intrusion Prevention Policy > Settings > Enable excluded hosts, then add in your printer's IP

Check these Threads:

https://www-secure.symantec.com/connect/forums/endpoint-protection-blocks-ip-my-router

https://www-secure.symantec.com/connect/forums/endpoint-protection-blocks-my-routers-ip-address

Hope that helps!!

Also, this version has a bug which was causing routers, dns servers, etc to be blocked as it thought it was a denial of service. Upgrading to a newer version fixes this.

Thanks for all the help!

Hi Mike,

I would like you to have a look into the below Thread:

https://www-secure.symantec.com/connect/forums/google-chrome