hi

i using sep14 mp1 client

alerting Mslldp.sys traffic blocked message.

What should I do?

Do you use Hyper-V workstation?

Allow this connection if its blocking your routine work

Network traffic blocked due to the Endpoint Protection firewall

https://support.symantec.com/en_US/article.TECH203497.html

please post the screen shot if its a different issue.

What is the source and destination IP? Source and destination port? Does it show an application?

hi plz see attach image

(from google searching) 

i problem this image same alert

(http://foro.noticias3d.com/vbulletin/showthread.php?t=437097)

hi 

i found same issue 

http://foro.noticias3d.com/vbulletin/showthread.php?t=437097

MSlldp.sys is the Microsoft Link-Layer Discovery Protocol service is a kernel mode driver. all the traffic as per the below document

https://support.symantec.com/en_US/article.TECH203497.html

is your client and managed client from SEPM or Stand alone without Symantec Endpoint Protection Manager console.

Open your traffic log and review it. You will likely need to add a firewall rule to allow the traffic.

If  allow firewalls
Would not it be a security issue?

Hello Zeratin,

This seems to be a false positive, so its ok have a firewall rule,earlier it used to block Ntoskernel.exe

[SID: 23179] Intrusion Detection alerts received on a Symantec Endpoint Protection client for ntoskrnl.exe

https://support.symantec.com/en_US/article.TECH131438.html

submit to system also

Adding software to the Symantec Whitelist

https://support.symantec.com/en_US/article.TECH132220.html

Allowing a firewall rule for a legit process is not a security issue.

Here is the entry from my traffic log:

5/30/2017 3:16:19 PM    Blocked    10    Outgoing    ETHERNET [type=0x88CC]    0.0.0.0    01-80-C2-00-00-0E    0    0.0.0.0    2C-56-DC-DA-FF-BF    0    C:\WINDOWS\system32\drivers\mslldp.sys    VCC-PC    VCC-PC    Default    1    5/30/2017 3:16:33 PM    5/30/2017 3:16:33 PM    Default rule    

Unable to back trace due to invalid IP address.