Endpoint Protection

 View Only
Expand all | Collapse all

Denial of Service, how to add an host to exeptions?

  • 1.  Denial of Service, how to add an host to exeptions?

    Posted May 25, 2010 11:31 AM

    Hello there :)

    I just registered because I am going to break my PC if I don't find a solution soon... Ok so I have Symantec Endpoint protection 11 installed and I am a managed client. I am making use of a ICMP tunnel in Germany for reasearch reasons which involves sending large packets of data via ICMP protocol.

    Symantec continually picks this up as a "denial of service" "Smurf" attack. It happens a lot and I don't want to disable my network protection. It is wasting a lot of my time. The problem is that I am a managed client so I have very restricted access to the Symantec settings.

    I want to know if I can add the host (I have the IP address) to exceptions via the Registry or if I can in some way disable the detection of ICMP floods. Or if I can gain access to the Network Protection setting (which is currently not in my policy to edit)?

    Thanx a lot :)


  • 2.  RE: Denial of Service, how to add an host to exeptions?

    Posted May 25, 2010 11:36 AM
    open sepm
    click on policies
    intrution prevention
    select settings
    check exclude host. thats it ;)


  • 3.  RE: Denial of Service, how to add an host to exeptions?

    Posted May 25, 2010 11:39 AM
    If you have access to the SEPM Manager you can exclude your IP address for DOS Detection.


  • 4.  RE: Denial of Service, how to add an host to exeptions?

    Posted May 25, 2010 11:53 AM

    Well the executable for SEPM is not under program files, I don't think it is installed. The client is managed from a server (like a huge server, hosting around 500 PC's).

    How do I check if I have access to SEPM?


  • 5.  RE: Denial of Service, how to add an host to exeptions?
    Best Answer

    Posted May 25, 2010 11:57 AM
    You have to Login to the server on which the SEPM is installed.
    TO check where your SEPM is open SEP - Help and Support - Troubleshooting

    it will show you the server name or IP.

    If you do not have access to the SEPM server then

    Open SEP client- Network Threat Protection -Options -Change Settings- Intrusion Prevention -
    and from there you can disable Denial of Service detection.


  • 6.  RE: Denial of Service, how to add an host to exeptions?

    Posted May 25, 2010 11:59 AM
    If you dont have access to the console then u should request the team which manages the SEPM


  • 7.  RE: Denial of Service, how to add an host to exeptions?

    Posted May 25, 2010 12:06 PM

    I don't have access to the Network Protection features either. So can I change this etting from the registry?
     
    Thanx for the help so far, you guys are great!!! :)


  • 8.  RE: Denial of Service, how to add an host to exeptions?

    Posted May 25, 2010 12:07 PM
    Even if you change the setting from the registry..once the SEP client contacts the SEPM server it will revert back to old settings.


  • 9.  RE: Denial of Service, how to add an host to exeptions?

    Posted May 25, 2010 12:10 PM
    seems like u dont access to any of the client side features.
    get in touch with the team. Registry hack or something might lead to policy violation.
    If you are not the admin. Dont do it :) 


  • 10.  RE: Denial of Service, how to add an host to exeptions?

    Posted May 25, 2010 12:13 PM

    No you see, I haven't been on the server for months now, I don't think I will be in a long time either. I just need to change the setting for now. I will restore the old settings if I want to connect to the server...