Endpoint Protection

 View Only

  • 1.  Help with Denial of Service

    Posted Nov 07, 2011 08:53 PM
      |   view attached

    Hi, I  installed SEP version 11.0.6000.550 on my new Win 7 machine and I keep getting these denial of service from IP Address 10.0.0.1. I searched and apparently this IP is my default gateway (router?)? The denial of service is getting really annoying. Any idea how to fix? Plain english is much appreciated.

     

    Thanks for any help.



  • 2.  RE: Help with Denial of Service

    Broadcom Employee
    Posted Nov 07, 2011 09:49 PM

     

  •  

  • Enable Denial of Service – Detection that identifies known attacks based on multiple packets.

  • if it is a router do check if it is false positive by running the network traffic tool. Once confirmed disable the settings to block for 10 minutes and contact Symantec until it is fixed.



  • 3.  RE: Help with Denial of Service

    Trusted Advisor
    Posted Nov 08, 2011 05:03 AM

     

    Hello,

    Please Try this:

     

    Step 1) Check the Security Logs under Client Management for Denial of Service Detections for the printer's IP address to confirm the issue. 

    To resolve the issue you will need to disable Denial of Service detection within your Instrusion Prevention policy or you will need to add the printer's IP address in "Excluded Hosts."

    To add the printer to "Excluded Hosts":

    1.  Open your Intrusion Prevention Policy.

    2.  Choose to Settings on the left. 

    3.  Check the box for Enable excluded hosts and then click the Excluded Hosts... button.  

    4.  Add the IP address of your printer and choose Okay.

     

    REFERENCE:

    Denial of service detected on Network Printers

    http://www.symantec.com/business/support/index?pag...

     

    OR

    Also, try the following:

     

    STEP 2) To create an exception for Intrusion Prevention Policy to allow a specific ID:

    1. Open Symantec Endpoint Protection Manager console .
    2. Select 'Policies' tab.
    3. Under 'View Policies', select 'Intrusion Prevention'.
    4. Select Intrusion Prevention policy, and under 'Tasks' select 'Edit the Policy'.
    5. Select 'Exceptions' tab.
    6. Click on 'Add...' button.
    7. Search and select ID blocked.
    8. Click on 'Next>>' button.
    9. Change 'Action', from 'Block' to 'Allow'. Click on 'OK' button.
    10. Check if the exception edited has been added to 'Intrusion Prevention Exceptions' list.
    11. Click on 'OK' button for save changes in the Intrusion Prevention policy.

     

    OR

     

    STEP 3 ) Disable DoS detection:

    1.  Log-in to the Symantec Endpoint Protection Manager (SEPM)
    2. Click Policies then click Intrusion Prevention
    3. Edit the intrusion prevention policy that applies to the client in question
    4. Click Settings
    5. Remove the check-mark next to Enable denial of service detection

    Once the policy is applied to the client the DoS detections (and associated Active Response if configured) should no longer occur.

    Please note, this will completely disable DoS detection on the client. There is not currently a way to add an exclusion for DoS detection.

     

    OR

     

    STEP 4) Enabling Smart traffic filtering

    http://www.symantec.com/business/support/index?pag...

     

    OR

     

    STEP 5) TRY uninstalling the Network Threat Protection and Application and Device Control by:

    Going to Control Panel> from Add/Remove Programs > Highlight Symantec Endpoint Protection and Click on Modify.

    Disable the Network Threat Protection and Application and Device Control

     

    OR

     

    STEP 6) Try Upgrading the Symantec Endpoint Protection 11.0.6 to 11.0.6200.

     

    I am sure the first step would help you . However the other steps are just for incase.

    Hope that might help you.



  • 4.  RE: Help with Denial of Service
    Best Answer

    Broadcom Employee
    Posted Nov 08, 2011 06:52 AM

    Hi,

    This issue has been fixed in Symantec Endpoint Protection 11(11.0.6100.645) Release Update 6 Maintenance Patch 1 (RU6 MP1) and above.

    Please upgrade to latest version which is SEP 12.1.671.4971.



  • 5.  RE: Help with Denial of Service

    Posted Nov 09, 2011 11:40 AM

    Downloaded 12.1 and will try that. Thanks to all.