Endpoint Protection

Hi,

For some reason Endpoint Protection appears to intermitently block Google Drive and Calendar on some users machines. Disabling endpoint protect restores the users capability to access these sites, but otherwise there appears to be no rhyme or reason and to when and for how long this might occur.

Does anyone know why this may be or what I can begin to look into, to solve this issue?

Thank you for any response.

Disable only the firewall? Does that "fix" it? What shows in the Traffic log on the SEP client at the time of the block?

This KB article should help:

Network traffic blocked due to the Endpoint Protection firewall

I'll have a look and get back to you the next time its reported to happen.

Thank you for your response.

Hi,

It's finally happened again, although in this case it managed to fix itself before I could run through the entire process you mentioned above.
I do however have the Security Log and the Networkthreat Log fo the computer at the time.

What I'm seeing is the following from the Network Theat Log:
 

Meanwhile the Security Log states
327    30/01/2017 09:08:27    Active Response    Major    Incoming    None    216.58.212.78  30/01/2017 09:08:24    30/01/2017 09:18:24    The client will block traffic from IP address 216.58.212.78 for the next 600 seconds (from 30/01/2017 09:08:24 to 30/01/2017 09:18:24).

328    30/01/2017 09:09:28    Port Scan    Minor 30/01/2017 09:08:23    30/01/2017 09:08:24    Somebody is scanning your computer.

Any advice on how to proceed.

Sorry for the basic questions.

Looks like SEP is detecting a port scan from that IP, which belongs to Google. Active Response then blocks it for 15 minutes. You can disable active response but this may weaken your security:

Automatically blocking connections to an attacking computer

Or you can create a firewall rule to allow that IP address although this address may continue to change as Google uses load balancing.

Much appreciated. 

Thank you for the rapid response.