took this from Dameware forum
Spoke to Symantec Tech support. On the Symantec Endpoint Protection Manager we went to "Policies", "Firewall", "Edit", select "Global" or the group you want the policy to be applied to, click "Rules", "Add Black Rule".
A new row appears, under name replace "Rule0" with Dameware, under "Services" "Add" a service with the TCP protocol selected and local & remote ports set to 6129 and direction set to both.
The tech had us move that rule all the way up in order. After a few minutes the change propagated to the test machines and we were good. We were also able to install the Dameware solution without creating any additional rules for 137, 139 ...
http://forums.dameware.com/viewtopic.php?f=9&t=343