Installed is EndPoint Protection v12.1.1000.157  RU1

It blocks windows update, I verified that Stealth Browsing in OFF. I looked at the logs and Identified

the IP addresses that were microsoft and blocked and created Firewall rules that allowed that traffic.

Why I am having to do this to get the MS security updates has me a bit confused, Doesn't MS provide

a list of what addresses they are going to be using for this function?

hello,

look this artical

Symantec Endpoint Protection: Tamper Protection appears to be blocking Windows Update

Symantec Endpoint Protection 12.1: Blocked System Change Events produce unexpected messages

Check the Mithun Comment

https://www-secure.symantec.com/connect/forums/windows-update-and-sep-firewall

Hello,

It would be helpful to know what version of SEP you're using, what's installed (SEPM? SEP client?), but more importantly, what the exact error is that you are seeing. 

Check these Threads:

https://www-secure.symantec.com/connect/forums/sep-blocking-windows-update

https://www-secure.symantec.com/connect/forums/cwindowssystem32svchostexe

Secondly, check these Articles:

Symantec Endpoint Protection: Tamper Protection appears to be blocking Windows Update

http://www.symantec.com/docs/TECH161109

Error: "Security Risk Found! Hosts File Change in File: c:\windows\system32\svchost.exe by: SONAR scan"

http://www.symantec.com/docs/TECH164391

Symantec Endpoint Protection 12.1: Blocked System Change Events produce unexpected messages

http://www.symantec.com/docs/TECH161646

Creating an DNS or Host File Change Exception in Symantec Endpoint Protection Manager 12.1 RU1 MP1 and above.

https://www-secure.symantec.com/connect/articles/creating-dns-or-host-file-change-exception-symantec-endpoint-protection-manager-121-ru1-mp1

Hope that helps!!

Hi,

Ideally SEP should not block MS updates.You should use hostname instead of IP addresses.

Even Symantec does not use static IP for liveupdate servers.

Tamper Protection blocks this action on Symantec keys and processes as these are Symantec-protected resources. Users may have the impression that this is causing the Windows Update to fail, but it is not.

For further information, see the following article for information on related Windows Update difficulties:

InfoWorld article

http://support.microsoft.com/kb/914450

http://support.microsoft.com/kb/893249

Symantec Endpoint Protection: Tamper Protection appears to be blocking Windows Update

http://www.symantec.com/docs/TECH161109

Symantec Endpoint Protection 12.1: Blocked System Change Events produce unexpected messages

http://www.symantec.com/docs/TECH161646

Hi !

I reinstall LiveUpadate .

All working correct

Thank all for HELP .

Hi,

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.