Endpoint Protection

 View Only

  • 1.  Unsolicited incoming ARP reply detected

    Posted Jan 27, 2011 09:22 AM

    A few weeks ago, I began to repeatedly get this warning from my symantec endpoint protection version 11.0.5002.333 running on a windows xp pc within a home network.  Is there a way that I can tell if this is a real threat or a false alarm and if it is a real threat whether or not the anti-MAC spoofing feature of endpoint protection is protecting me.  If I am being protected, is there a way to turn off the alerts without disabling the anti-MAC spoofing protection.



  • 2.  RE: Unsolicited incoming ARP reply detected
    Best Answer

    Posted Jan 27, 2011 09:26 AM

    disable the notification , let Symantec do its job :)

     

    How to Disable Client Intrusion Prevention Notifications in Symantec Endpoint Protection Manager

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/fc03b94f7fe2910988257457005b1343?OpenDocument



  • 3.  RE: Unsolicited incoming ARP reply detected

    Posted Jan 27, 2011 02:37 PM

    This involved SEP Clients having the MAC Spoofing detection enabled, and would detect Routers, Switches, Gateways, etc. as a source of MAC Spoofing.

    This issue was addressed in RU6 so it would be recommended to migrate your clients to at least RU6, however the latest release is RU6MP2.

    The following document has a bit more information.

    http://www.symantec.com/business/support/index?page=content&id=TECH96608&locale=en_US