Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Jazzrome

8 posts

Wannabe Geek


#94511 13-Dec-2011 06:19
Send private message

Since installing a new Wireless Router I am constantly getting the message “traffic has been blocked from this application:  (ntskrnl.exe)” with Symantec Endpoint Protection.  I have 4 computers on my home network and i am only having the problem on one computer
Here is the log file after the message

12/12/2011 10:16:48 AM Blocked 10 Incoming UDP 192.168.0.1 84-C9-B2-60-AD-B2 4097 192.168.0.104 00-21-5C-61-B3-73 137 C:\WINDOWS\system32\ntoskrnl.exe Jerome GTS-LAPTOP Default 1 12/12/2011 10:15:46 AM 12/12/2011 10:15:46 AM GUI%GUICONFIG#SRULE@NBBLOCK#BLOCK-UDP

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
freitasm
BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #557269 13-Dec-2011 08:07
Send private message

Are you using a PC supplied by your employer? Symantec Endpoint Protection is not usually a consumer level software, and rules are created by the administrator.

If you are not licensed to use Symantec Endpoint Protection, better uninstall and either go with Symantec Norton, or even the Microsoft Security Essentials (free).





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup




Jazzrome

8 posts

Wannabe Geek


  #557324 13-Dec-2011 10:19
Send private message

I purchased the software myself. So yes it is legal and their isn't any law that i know of that states i can't use it if i own it. So if you don;t have a suggestion for me about my specific problem please don't bother to reply, Thanks

freitasm
BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #557327 13-Dec-2011 10:20
Send private message

I'm sorry, but that's rude and uncalled for. No one said it's illegal.

It's called "troubleshooting". People will try to help you, but no one has access to your PC, so we need to establish something to start with. But if you are rude like this I can see you won't get much help here.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup




jaymz
1133 posts

Uber Geek


  #557341 13-Dec-2011 10:53
Send private message

freitasm: I'm sorry, but that's rude and uncalled for. No one said it's illegal.

It's called "troubleshooting". People will try to help you, but no one has access to your PC, so we need to establish something to start with. But if you are rude like this I can see you won't get much help here.


^^ This. SEP (Symantec Endpoint Protection) is most commonly used in corporate environments, so it was a perfectly legitimate question.

Anyway, back on topic.

Are you experiencing any issues with programs not connecting to the internet?  The pop up is an alert to let you know that the firewall part of the AV has blocked a process from accessing the internet. 

If you are not seeing any ill effects of the alert you can disable the alerts in SEP:
I pulled these steps from here:http://www.symantec.com/connect/forums/nt-kernel-amp-system-ntoskrnlexe-blocking-message-repeatedly-appearing

sep manager
clients
select your group
click the policies tab
expand the section location specific settings (insert your location name here):
edit the client user interface control settings (we are using mixed control)
under mixed control, select customize
at the very bottom, under show/hide intrusion prevention notifications, set to server control
select the client user interface settings tab
uncheck the box to display intrustion prevention notifications 

Try that and see how you get on. 

Jazzrome

8 posts

Wannabe Geek


  #557369 13-Dec-2011 11:36
Send private message

First off my email was not intended to be rude it just felt like I was being attacked for using a piece of software that I own. For that I will apologize. I have used both programs you mention and I am not impressed with either this is why I retained my license to Symantec Endpoint Protection. Thank you for your reply but I have Symantec installed on 5 computers and I do not have a server installed in my home network because of the added administration required for a server. All instances of Symantec are installed as unmanaged clients. The information you sent me looks like it pertains to a managed client install.  I also have not seen any problems with this computer connecting to the internet other than after a while the wireless card will disconnect form the network if I am not using the computer. This was not happening before I installed the new wireless router and this is the only system that this is happening on. If this information helps or if there is anything else I can try please let me know. And I do appreciate your help. Thanks

freitasm
BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #557372 13-Dec-2011 11:46
Send private message

As for the WiFi disconnecting with the new router, it could be completely unrelated. It could be that your laptop has the option for turning off WiFi after some inactivity period (check on hardware adapter configuration), or it could be interference from other networks, microwave over, cordless phones, cordless mouse/keyboard...





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


jaymz
1133 posts

Uber Geek


  #557381 13-Dec-2011 12:09
Send private message

Jazzrome: First off my email was not intended to be rude it just felt like I was being attacked for using a piece of software that I own. For that I will apologize. I have used both programs you mention and I am not impressed with either this is why I retained my license to Symantec Endpoint Protection. Thank you for your reply but I have Symantec installed on 5 computers and I do not have a server installed in my home network because of the added administration required for a server. All instances of Symantec are installed as unmanaged clients. The information you sent me looks like it pertains to a managed client install.  I also have not seen any problems with this computer connecting to the internet other than after a while the wireless card will disconnect form the network if I am not using the computer. This was not happening before I installed the new wireless router and this is the only system that this is happening on. If this information helps or if there is anything else I can try please let me know. And I do appreciate your help. Thanks


Once we get the issue with the popup fixed, then we can look at the issues with wireless.

Try creating a rule in the firewall to allow the program through, or disable SEP entirely and test the wireless. That will tell you if the problem is with SEP or something else.

Open the Network Threat Protection options and see Application Settings.  All of the blocked and allowed applications are shown there.  From there you should be able to create a rule to allow the program/file through. 

 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
Jazzrome

8 posts

Wannabe Geek


  #557550 13-Dec-2011 17:57
Send private message

Thanks for looking at my issue but i will have to try your suggestion when i get back in town Have a family emergency that came up and will be leaving town in a few hours. Will reply once i have had a chance to try out your suggestions. Thanks again Jazzrome

symthomas
4 posts

Wannabe Geek

Trusted
Symantec

  #557673 14-Dec-2011 03:34
Send private message

Hello,

Can I ask what version of Symantec Endpoint are you running? There was an issue with UDP flood attack false positives in RU6 that was resolved in RU6 MP2.

Resolved a UDP flood attack false positiveFix ID: 2058022Symptom: After upgrading to Symantec Endpoint Protection 11.0 RU6, the client detects a UDP flood attack.Solution: The UDP flood detection thresholds were modified to reduce the occurrence of false positive flood attacks.

http://www.symantec.com/business/support/index?page=content&id=TECH103087&locale=en_US

Please keep me posted on your issue.

Best,
Thomas

Jazzrome

8 posts

Wannabe Geek


  #558525 16-Dec-2011 04:13
Send private message

Sorry for not replying earlier but was out of town for a few days.The version I am using is 11.0.4202.75.  I did take the computer to a friends house this morning and connected to his wireless network and I did not have the problem there. The problem on happens on this computer when I am connected to my home wireless network.

symthomas
4 posts

Wannabe Geek

Trusted
Symantec

  #558526 16-Dec-2011 04:28
Send private message

What router and firmware version are you running on? I still recommend you upgrade off that old version. There have been hundreds of fixes since MR4 MP2 was released. The current build available its RU7 MP1.

http://www.symantec.com/business/support/index?page=content&id=TECH103087&locale=en_US

Best,
Thomas


Jazzrome

8 posts

Wannabe Geek


  #558529 16-Dec-2011 05:32
Send private message

Thanks for the link and suggestion. I am downloading the latest version now. (11.7 MP1) Will try  it after work today and let you know if it solved my problem. I am using a DLink Dir-655 Hardware version: B1 Firmware Version 2.04NA.

Jazzrome

8 posts

Wannabe Geek


  #558873 17-Dec-2011 04:15
Send private message

Install the latest version of Symantec endpoint protection and it did not fix the problem.  Aso took the computer to another friends house and got the same problem but I got traffic from every wireless device in his house not just his router as in my location so not sure what to do at this point

symthomas
4 posts

Wannabe Geek

Trusted
Symantec

  #558874 17-Dec-2011 04:48
Send private message

Does this happen when using a wired connection? Is this an unmanaged client install? What features of SEP are installed? For testing purposes, you might try adding an "Allow All" rule at the top of your firewall policy. Test and see if the issue goes away.

Jazzrome

8 posts

Wannabe Geek


  #558905 17-Dec-2011 08:49
Send private message

Problem Solved. After an exhaustive search on Symantec's web site found and old thread that suggested that this was a known problem and that you had to patch version 11 because the upgrade process would not work. But the patch no longer exists on their web site. I used Symantec clean wipe to complete remove Version 11 and did a clean install of the latest version. So far the pop-ups have stopped.
Thanks to all for your help.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.