#updated
Hi,
As per the SEP 11 release notes there was a bug in a version prior to RU5.
Clients report Denial of Service attack (IP Fragmentation overlap) when no overlap is occurring
Fix ID: 1586674
Symptom: When connected over a VPN, a false positive Denial of Service detection (IP fragmentation overlap) causes the Web site to be blocked for 10 minutes.
Solution: Corrected how the last IP fragmentation packet is identified to properly calculate the packet length
Reference: http://www.symantec.com/docs/TECH103087
Also check this article:
Symantec Endpoint Protection client Release Update 6 is detecting a Denial of Service attack of type "UDP Flood Attack" from your DNS server.'
http://www.symantec.com/docs/TECH132161
It should block an attacker's IP address for 10 minutes not the internet access.
Could you please confirm you are not able to access internet for 10 minutes if DDos attacked is detected?
However it's always recommended to use latest the SEP version. The latest SEP version are SEP 11 RU7 MP3 & SEP 12.1 RU2.