Balack
asked on
Get port scan attack logged in my workstation
This is using symantec endpoint 11 on my workstation. Recently, I found that my symantec endpoint stopped traffic from other workstation.
Pls see attached jpg for info.
What should I do to allow this workstation to communicate with my workstation assumed that it is a false alarm?
Pls see attached jpg for info.
What should I do to allow this workstation to communicate with my workstation assumed that it is a false alarm?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Port Scan attack detected could be due to one of the following reasons:
1) The source machine is infected by some virus, and is scanning the network for other hosts. Make sure it's already protected by an Antivirus software and is up-to-date.
OR
2) The source machine is running Windows Vista, and "Network Discovery" mode is enabled.
http://windowshelp.microsoft.com/Windows/en-us/help/0e5f2e0c-9906-4518-b7c7-d3632105dcad1033.mspx
http://windowshelp.microsoft.com/Windows/en-us/help/32f3845b-eda0-4168-be8d-90f07250d8101033.mspx
OR
3) The source machine is running a misconfigured application which is generating a lot of noisy packets in the network.
1) The source machine is infected by some virus, and is scanning the network for other hosts. Make sure it's already protected by an Antivirus software and is up-to-date.
OR
2) The source machine is running Windows Vista, and "Network Discovery" mode is enabled.
http://windowshelp.microsoft.com/Windows/en-us/help/0e5f2e0c-9906-4518-b7c7-d3632105dcad1033.mspx
http://windowshelp.microsoft.com/Windows/en-us/help/32f3845b-eda0-4168-be8d-90f07250d8101033.mspx
OR
3) The source machine is running a misconfigured application which is generating a lot of noisy packets in the network.
ASKER
Hi xmachine,
I did a thorough scan in safe mode, no virus found. I made one wrong statement, that is - there is not centralized antivirus server. All PCs are installed with Endpoint separately. All PCs get the updated definitions directly from Internet.
If so, can I apply the policy as described in your first suggestion?
I did a thorough scan in safe mode, no virus found. I made one wrong statement, that is - there is not centralized antivirus server. All PCs are installed with Endpoint separately. All PCs get the updated definitions directly from Internet.
If so, can I apply the policy as described in your first suggestion?
No, you can't. Because you need to install the SEP manager (SEPM) to control and update all clients in the network
ASKER
Pls see the attached snapshot...
Port-Scan.JPG
Port-Scan-2.JPG