Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsDesktop computingTraffic being blocked by Symantec Endpoint Protection


8 posts

Wannabe Geek


Topic # 94511 13-Dec-2011 06:19
Send private message

Since installing a new Wireless Router I am constantly getting the message “traffic has been blocked from this application:  (ntskrnl.exe)” with Symantec Endpoint Protection.  I have 4 computers on my home network and i am only having the problem on one computer
Here is the log file after the message

12/12/2011 10:16:48 AM Blocked 10 Incoming UDP 192.168.0.1 84-C9-B2-60-AD-B2 4097 192.168.0.104 00-21-5C-61-B3-73 137 C:\WINDOWS\system32\ntoskrnl.exe Jerome GTS-LAPTOP Default 1 12/12/2011 10:15:46 AM 12/12/2011 10:15:46 AM GUI%GUICONFIG#SRULE@NBBLOCK#BLOCK-UDP

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
BDFL - Memuneh
61794 posts

Uber Geek
+1 received by user: 12443

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 557269 13-Dec-2011 08:07
Send private message

Are you using a PC supplied by your employer? Symantec Endpoint Protection is not usually a consumer level software, and rules are created by the administrator.

If you are not licensed to use Symantec Endpoint Protection, better uninstall and either go with Symantec Norton, or even the Microsoft Security Essentials (free).





Backblaze cloud backup (personal and business) | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff)

 

My technology disclosure | Business Transformation | Enterprise Content Management | Customer Relationship Management | Sharesies investment fund



8 posts

Wannabe Geek


  Reply # 557324 13-Dec-2011 10:19
Send private message

I purchased the software myself. So yes it is legal and their isn't any law that i know of that states i can't use it if i own it. So if you don;t have a suggestion for me about my specific problem please don't bother to reply, Thanks

 
 
 
 


BDFL - Memuneh
61794 posts

Uber Geek
+1 received by user: 12443

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 557327 13-Dec-2011 10:20
Send private message

I'm sorry, but that's rude and uncalled for. No one said it's illegal.

It's called "troubleshooting". People will try to help you, but no one has access to your PC, so we need to establish something to start with. But if you are rude like this I can see you won't get much help here.




Backblaze cloud backup (personal and business) | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff)

 

My technology disclosure | Business Transformation | Enterprise Content Management | Customer Relationship Management | Sharesies investment fund

1088 posts

Uber Geek
+1 received by user: 66


  Reply # 557341 13-Dec-2011 10:53
Send private message

freitasm: I'm sorry, but that's rude and uncalled for. No one said it's illegal.

It's called "troubleshooting". People will try to help you, but no one has access to your PC, so we need to establish something to start with. But if you are rude like this I can see you won't get much help here.


^^ This. SEP (Symantec Endpoint Protection) is most commonly used in corporate environments, so it was a perfectly legitimate question.

Anyway, back on topic.

Are you experiencing any issues with programs not connecting to the internet?  The pop up is an alert to let you know that the firewall part of the AV has blocked a process from accessing the internet. 

If you are not seeing any ill effects of the alert you can disable the alerts in SEP:
I pulled these steps from here:http://www.symantec.com/connect/forums/nt-kernel-amp-system-ntoskrnlexe-blocking-message-repeatedly-appearing

sep manager
clients
select your group
click the policies tab
expand the section location specific settings (insert your location name here):
edit the client user interface control settings (we are using mixed control)
under mixed control, select customize
at the very bottom, under show/hide intrusion prevention notifications, set to server control
select the client user interface settings tab
uncheck the box to display intrustion prevention notifications 

Try that and see how you get on. 



8 posts

Wannabe Geek


  Reply # 557369 13-Dec-2011 11:36
Send private message

First off my email was not intended to be rude it just felt like I was being attacked for using a piece of software that I own. For that I will apologize. I have used both programs you mention and I am not impressed with either this is why I retained my license to Symantec Endpoint Protection. Thank you for your reply but I have Symantec installed on 5 computers and I do not have a server installed in my home network because of the added administration required for a server. All instances of Symantec are installed as unmanaged clients. The information you sent me looks like it pertains to a managed client install.  I also have not seen any problems with this computer connecting to the internet other than after a while the wireless card will disconnect form the network if I am not using the computer. This was not happening before I installed the new wireless router and this is the only system that this is happening on. If this information helps or if there is anything else I can try please let me know. And I do appreciate your help. Thanks

BDFL - Memuneh
61794 posts

Uber Geek
+1 received by user: 12443

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 557372 13-Dec-2011 11:46
Send private message

As for the WiFi disconnecting with the new router, it could be completely unrelated. It could be that your laptop has the option for turning off WiFi after some inactivity period (check on hardware adapter configuration), or it could be interference from other networks, microwave over, cordless phones, cordless mouse/keyboard...





Backblaze cloud backup (personal and business) | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff)

 

My technology disclosure | Business Transformation | Enterprise Content Management | Customer Relationship Management | Sharesies investment fund

1088 posts

Uber Geek
+1 received by user: 66


  Reply # 557381 13-Dec-2011 12:09
Send private message

Jazzrome: First off my email was not intended to be rude it just felt like I was being attacked for using a piece of software that I own. For that I will apologize. I have used both programs you mention and I am not impressed with either this is why I retained my license to Symantec Endpoint Protection. Thank you for your reply but I have Symantec installed on 5 computers and I do not have a server installed in my home network because of the added administration required for a server. All instances of Symantec are installed as unmanaged clients. The information you sent me looks like it pertains to a managed client install.  I also have not seen any problems with this computer connecting to the internet other than after a while the wireless card will disconnect form the network if I am not using the computer. This was not happening before I installed the new wireless router and this is the only system that this is happening on. If this information helps or if there is anything else I can try please let me know. And I do appreciate your help. Thanks


Once we get the issue with the popup fixed, then we can look at the issues with wireless.

Try creating a rule in the firewall to allow the program through, or disable SEP entirely and test the wireless. That will tell you if the problem is with SEP or something else.

Open the Network Threat Protection options and see Application Settings.  All of the blocked and allowed applications are shown there.  From there you should be able to create a rule to allow the program/file through. 



8 posts

Wannabe Geek


  Reply # 557550 13-Dec-2011 17:57
Send private message

Thanks for looking at my issue but i will have to try your suggestion when i get back in town Have a family emergency that came up and will be leaving town in a few hours. Will reply once i have had a chance to try out your suggestions. Thanks again Jazzrome

4 posts

Wannabe Geek

Trusted
Symantec

  Reply # 557673 14-Dec-2011 03:34
Send private message

Hello,

Can I ask what version of Symantec Endpoint are you running? There was an issue with UDP flood attack false positives in RU6 that was resolved in RU6 MP2.

Resolved a UDP flood attack false positiveFix ID: 2058022Symptom: After upgrading to Symantec Endpoint Protection 11.0 RU6, the client detects a UDP flood attack.Solution: The UDP flood detection thresholds were modified to reduce the occurrence of false positive flood attacks.

http://www.symantec.com/business/support/index?page=content&id=TECH103087&locale=en_US

Please keep me posted on your issue.

Best,
Thomas



8 posts

Wannabe Geek


  Reply # 558525 16-Dec-2011 04:13
Send private message

Sorry for not replying earlier but was out of town for a few days.The version I am using is 11.0.4202.75.  I did take the computer to a friends house this morning and connected to his wireless network and I did not have the problem there. The problem on happens on this computer when I am connected to my home wireless network.

4 posts

Wannabe Geek

Trusted
Symantec

  Reply # 558526 16-Dec-2011 04:28
Send private message

What router and firmware version are you running on? I still recommend you upgrade off that old version. There have been hundreds of fixes since MR4 MP2 was released. The current build available its RU7 MP1.

http://www.symantec.com/business/support/index?page=content&id=TECH103087&locale=en_US

Best,
Thomas




8 posts

Wannabe Geek


  Reply # 558529 16-Dec-2011 05:32
Send private message

Thanks for the link and suggestion. I am downloading the latest version now. (11.7 MP1) Will try  it after work today and let you know if it solved my problem. I am using a DLink Dir-655 Hardware version: B1 Firmware Version 2.04NA.



8 posts

Wannabe Geek


  Reply # 558873 17-Dec-2011 04:15
Send private message

Install the latest version of Symantec endpoint protection and it did not fix the problem.  Aso took the computer to another friends house and got the same problem but I got traffic from every wireless device in his house not just his router as in my location so not sure what to do at this point

4 posts

Wannabe Geek

Trusted
Symantec

  Reply # 558874 17-Dec-2011 04:48
Send private message

Does this happen when using a wired connection? Is this an unmanaged client install? What features of SEP are installed? For testing purposes, you might try adding an "Allow All" rule at the top of your firewall policy. Test and see if the issue goes away.



8 posts

Wannabe Geek


  Reply # 558905 17-Dec-2011 08:49
Send private message

Problem Solved. After an exhaustive search on Symantec's web site found and old thread that suggested that this was a known problem and that you had to patch version 11 because the upgrade process would not work. But the patch no longer exists on their web site. I used Symantec clean wipe to complete remove Version 11 and did a clean install of the latest version. So far the pop-ups have stopped.
Thanks to all for your help.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.