Endpoint Protection

We were running Endpoint 12 on an old WinXP Pro PC (succesfully for about the last 4 years originally from Endpoint v11) that died about 2  weeks ago.

We installed Endpoint v12  on new Win7 SP1 PC, Reinstalled Symantec Endpoint Client on 30 or so Cleint PCs.

I have found that once we install the Endpoint Client Protection we can now longer connect/call-up out File maker database....

The error when trying to connect to our Filemaker 11 server (from win7 to MacOS 10.6.8 Server) is: "Trainer.crm could not connect to the server. Either the server is off or your computer is not connected to the network."

If I uninstall the Endpoint client we can connect, as soon as I install the Endpoint Client it gives the error.

The only reference I can find in the logs on the Endpoint Server is in Monitor / Network Threat Protection / Traffic:

In summary this is what is says...

Event Type: UDP Datagram
Severity: Minor
Action: Blocked
Network Protocol: UDP
Traffic Direction: Inbound
Alert: 0
Local Port: 3702
Remote Port: 49157
Rule Name: Block Web Services Discovery from External Computers

What I have tried:

I have turn off (unticked) the BLOCK Web Services Discovery rule in the Firewall
(same for Web Service Requests from from..)

I have added the UDP and port details in the ALLOW Web Services Discovery...
(same for Web Service Requests from..)

I have added a rule for UDP and the port numbers to be allowed

I have added a rule allowing our IP address range to be allowed

Set the Firewall Security level from High to Medium.

The only references I can see to anything like this on the web or on your help pages seem to have an answers but only for previous versions of Endpoint (ie the solution is not in v12 or is somewhere else I cannot find!)

I need some help as I think/assume it is a firewall rule problem, but do not want to mess up the firewall and leave us unprotected, plus the boss is getting fed up with the time it is taking for me to try and resolve the issue.

Symantec Endpoint Server v12.1.671.4971

Running on Dell PC, Windows 7 SP1, 4GB RAM

PC is only serving Symantec Endpoint (so any other conflicting services etc that may be identified or causing the problem could be disabled if need be!!)

HELP... please.

Have you tried creating an allow rule for that particular server's IP or hostname?

Yes Tried that, also permitting our whole IP range.

And the client has picked up the policy change? The client matches what's showing on the SEPM?

I assume the client has picked up the change, I applied it some hours ago!!

When you say the client matches SEPM, as the client layout os somewhat different and seems to be missing things like showing the rules I set up on SEPM, it is hard to decipher if it is the same or not!

Anyway, if you reply I will pick it up tomorrow. I am getting tired and at the end of the day (here in UK) I have just about had enough of feeling frustrated. We never had any problems like this when it was on the ancient WinXP machine (makes you realise why companies are hesitant in moving away from XP!!)

This an unmanaged client?

unmanaged????

Just found that Browser Instrusion that I unticked on SEPM is also Unticked on the client, so I guess it has the changes.

For the Traffic log entry you posted above, do you know if the inbound traffic is coming from that server? I'd be curious to see what the traffic log shows the same time the blocking is taking place.

Hi

Last night I turned off (unticked)  in SEPM Browser Intrusion Protection and this morning I checked the Client settings in Network Threat Protection that it was also off (unticked), it was and we could then connect and log into the FileMaker Database without any issues.

Now my challenge is to find out what the implications are in leaving it off and how to configure Browser Intursion Protection in SEPM to allow FileMaker to connect to the server!

Thanks Again

Best to open a support case here, this shouldn't need to be done (lowering your security)

Will do.

Thanks again.