Endpoint Protection

 View Only
  • 1.  Symantec Endpoint Protection firewall trouble

    Posted Aug 04, 2012 04:58 PM

    Recently I have been having trouble configuring my firewall to allow me to browse the internet using Google Chrome or Firefox.  It lets me browse the internet for a brief amount of time before an alert message pops up saying that there is a denial of service for my ip address and blocks me from reconnecting to the internet for a 10 minute time frame.  And if I disable my Network Threat Protection, so I guess essentially my firewall, my internet works fine.  I'm wondering if this has something to do about IE being my default browswer.  



  • 2.  RE: Symantec Endpoint Protection firewall trouble

    Posted Aug 04, 2012 06:41 PM

    IPS will block the Denial of service attack and block the attacker ip and it detects for port scan and block the ip for 600 Seconds [10 minutes].

     

    Enable denial of service detection Causes the client to check inbound and outbound traffic for known denial-of-service attack patterns. Denial-of-service attacks are an explicit attempt by an intruder to prevent legitimate users of a service from using that service.
    This option is enabled by default.

     

    Check this out:

     

    Symantec Endpoint Protection Manager - Intrusion Prevention - Policies explained

    http://www.symantec.com/docs/TECH104434

     

    Best practices regarding Intrusion Prevention System technology

    http://www.symantec.com/docs/TECH172174

     

     



  • 3.  RE: Symantec Endpoint Protection firewall trouble



  • 4.  RE: Symantec Endpoint Protection firewall trouble

    Posted Aug 04, 2012 09:11 PM

    Hello,

    The message what you are getting is from IPS  ( intrusion prevention signatures)

     

    Denial-of-service attacks

    Examines all network packets for specific known attacks that limit your computer's use of the services that you would normally expect to have.

    various kinds of attacks are there , in that DOS Denial of service is one of them.

    http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=21422

    its good that symantec is blocking it, safe.

    I would also suggest you to check these Threads:

    https://www-secure.symantec.com/connect/forums/denial-service-1

    https://www-secure.symantec.com/connect/forums/denial-service-logged-what-gives

    https://www-secure.symantec.com/connect/forums/denial-service-2

     

    Hope that helps!!



  • 5.  RE: Symantec Endpoint Protection firewall trouble

    Broadcom Employee
    Posted Aug 06, 2012 09:17 AM

    Hi,

    There is a vulnerability in the system & Symantec is blocking attack against vulnerability.

    When Symantec blocks an attack SID will be getting generated.

    Could you please share that SID with us? it may help to pinpoint issue.

    Machine should be updated with windows patches and service pack.

    Always recommended to use latest SEP version with all three features i.e. AV/AS, PTP & NTP.

     



  • 6.  RE: Symantec Endpoint Protection firewall trouble

    Posted Aug 07, 2012 12:13 AM

    Also please share us what SEP version are you using.