Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

Why I can't browse application that should not be blocked on network?

1. Why I can't browse application that should not be blocked on network?

0 Recommend
Migration User
Posted Aug 30, 2012 05:31 AM

Reply Reply Privately
When I start computer, which we use as a server, I can't connect to it through VNC, because it is blocked. If I disable Symantec Endpoint Protection, I can connect, but what I cannot do is (even after re-enabling Symantec Endpoint Protection) set the VNC server as unblocked. So after next restart the Symantec Endpoint Protection re-enables itself and I can't connect using VNC once again and I have to once again tak monitor, keyboard and mouse, connect it to the mentioned computer and disable Symantec Endpoint Protection, because:

A) the application is not listed in "View Application settings"

B) Although there is written "Or, in the Network Activity dialog box, right-click the application and re-click Allow or click Block" in "View Application Settings" I have nothing to click to, because Allow and Block items are not listed in pop-up menu of application in Network Activity dialog box.

So how I will say to Symantec Endpoint Protection that I want to allow port 5900 for VNC server forever? Why I can't simply list exe file, for which I know on what port it listen and allow this port? This is terrible GUI, when I can't do such a basic thing!!!
2. RE: Why I can't browse application that should not be blocked on network?

0 Recommend
Trusted Advisor

Mithun Sanghavi
Posted Aug 30, 2012 05:51 AM

Reply Reply Privately
Hello,

What version of SEP 11.x are you running?

In SEPM console on the Clients Tab does the client shows Firewall Enabled ? I have seen before after migration the NTP gets installed.

As NTP(Firewall) can be the only reason for VNC/RDP to get blocked. Antivirus will not block RDP connection.

Also check this Article:

Cannot connect to a computer through RDP, and VNC after the Firewall policy is enabled.

http://www.symantec.com/docs/TECH96011

Could you also check if you have a Learned Application Feature turned on the SEPM.

If yes, try turning it off.

Hope that helps!!
3. RE: Why I can't browse application that should not be blocked on network?

0 Recommend
Migration User
Posted Aug 30, 2012 07:09 AM

Reply Reply Privately
Hello Mithun,

thank you for reply. The computer runs Win2k SP4 with SEP build 11.0.5002.333 .

I'm little confused since I don't have available the tool you mentioned. The only UI I have is SymCorpUI.exe and when I run it, it shows limited groups of settings. If I click on Change settings there, it shows "Antivirus and Antispyware Protection", "Pro Active Threat protection", "Centralized Exceptions", "Client Management" and when not ran under Administrator account, it also shows "Network Threat Proctection", but configuration settings is disabled with note "Your administrator has locked this feature" (that's why I was trying to run it under Administator account, but it doesn't show there then). I was traversing through the settings trying to find the appropriate option, but this simplified version of GUI probably doesn't allow it.
4. RE: Why I can't browse application that should not be blocked on network?

0 Recommend
Trusted Advisor

Mithun Sanghavi
Posted Aug 30, 2012 07:18 AM

Reply Reply Privately
Hello,

Have you installed a SEP 11.0.5002 unmanaged client on your server machine? I believe not.

It clearly seems that these features are managed by Symantec Endpoint Protection Manager (SEPM), so why to change these settings from SEP client?

You need to perform these steps on the Symantec Endpoint Protection Manager and not on client machine.

Hope that helps!!
5. RE: Why I can't browse application that should not be blocked on network?

0 Recommend
ℬrίαη
Posted Aug 30, 2012 07:21 AM

Reply Reply Privately
So your client is managed by the SEPM? It sounds like your admin has locked some things down.
6. RE: Why I can't browse application that should not be blocked on network?

0 Recommend
Broadcom Employee

pete
Posted Aug 30, 2012 07:21 AM

Reply Reply Privately
in the command prompt can you type

sc query teffer2

and post the results.
7. RE: Why I can't browse application that should not be blocked on network?

0 Recommend
Migration User
Posted Aug 30, 2012 07:51 AM

Reply Reply Privately
Well, originaly this machine was a client and now we host on it licence server for some application. So yes, this is probably unmanaged client, as it is in fact managed through Altiris (but as a developer I have admin rights there, well Altiris crashes on that machine at startup anyway ... ). It seems to me it is time to start discussion with our IT (I hoped I would be able to solve it myself).
8. RE: Why I can't browse application that should not be blocked on network?

0 Recommend
Migration User
Posted Aug 30, 2012 08:06 AM

Reply Reply Privately
Um, the response is "The specified service does not exist as an installed service". Well, I have to create ticket for our IT. Thank you anyway.
9. RE: Why I can't browse application that should not be blocked on network?

0 Recommend
ℬrίαη
Posted Aug 30, 2012 08:54 AM

Reply Reply Privately
should be

sc query teefer2
10. RE: Why I can't browse application that should not be blocked on network?

0 Recommend
Migration User
Posted Aug 30, 2012 09:47 AM

Reply Reply Privately
OK, thank you Brian, here we go:

SERVICE_NAME: teefer2
        TYPE               : 1 KERNEL_DRIVER
        STATE              : 4 RUNNING
                                (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0 (0x0)
        SERVICE_EXIT_CODE : 0 (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
11. RE: Why I can't browse application that should not be blocked on network?

0 Recommend
Migration User
Posted Aug 30, 2012 11:11 PM

Reply Reply Privately
Hi,

Port 5800 and 5900 is listed as one of the most vulnerable by reason of VNC be vulnerable and exploited by remote access and exploit.
If you want to stop the VNC always have to list these ports as authoritative as it is very common invasions be performed by this application which is very vulnerable.
I'll make a video showing an invasion carried out by using a VNC in metasploit exploit and'll let you know about the release. I'm sure I stopped using this app
For your safety do not disable your solution to use VNC
To have an idea or you need your password to invade your machine that has VNC
As a solution to change the access door to another VNC because a network scan using nmap with some commands could dribble his solution to the point it does not detect a scan and know with almost 100 sure you are using VNC

hugs

Endpoint Protection

Why I can't browse application that should not be blocked on network?

Migration UserAug 30, 2012 05:31 AM

Mithun SanghaviAug 30, 2012 05:51 AM

Migration UserAug 30, 2012 07:09 AM

Mithun SanghaviAug 30, 2012 07:18 AM

ℬrίαηAug 30, 2012 07:21 AM

peteAug 30, 2012 07:21 AM

Migration UserAug 30, 2012 07:51 AM

Migration UserAug 30, 2012 08:06 AM

ℬrίαηAug 30, 2012 08:54 AM

Migration UserAug 30, 2012 09:47 AM

Migration UserAug 30, 2012 11:11 PM

1. Why I can't browse application that should not be blocked on network?

2. RE: Why I can't browse application that should not be blocked on network?

3. RE: Why I can't browse application that should not be blocked on network?

4. RE: Why I can't browse application that should not be blocked on network?

5. RE: Why I can't browse application that should not be blocked on network?

6. RE: Why I can't browse application that should not be blocked on network?

7. RE: Why I can't browse application that should not be blocked on network?

8. RE: Why I can't browse application that should not be blocked on network?

9. RE: Why I can't browse application that should not be blocked on network?

10. RE: Why I can't browse application that should not be blocked on network?

11. RE: Why I can't browse application that should not be blocked on network?