Solved

Get port scan attack logged in my workstation

Posted on 2009-05-15
5
2,119 Views
Last Modified: 2013-12-09
This is using symantec endpoint 11 on my workstation. Recently, I  found that my symantec endpoint stopped traffic from other workstation.

Pls see attached jpg for info.

What should I do to allow this workstation to communicate with my workstation assumed that it is a false alarm?
0
Comment
Question by:Balack
  • 3
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
xmachine earned 500 total points
ID: 24393148
Hi,

This means your using an "Intrusion Prevention" policy with default settings.

1) Open SEPM Console > Policies > Intrusion Prevention

2) Uncheck the box "Automatically block an attacker's IP address" and this will solve the problem.

3) I don't see any attached snapshot, because I need to know the logged attack to help you more


A Symantec Certified Specialist @ your service

0
 

Author Comment

by:Balack
ID: 24396714
Hi xmachine,

Pls see the attached snapshot...
Port-Scan.JPG
Port-Scan-2.JPG
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24401451
Port Scan attack detected could be due to one of the following reasons:

1) The source machine is infected by some virus, and is scanning the network for other hosts. Make sure it's already protected by an Antivirus software and is up-to-date.

OR

2) The source machine is running Windows Vista, and "Network Discovery" mode is enabled.

http://windowshelp.microsoft.com/Windows/en-us/help/0e5f2e0c-9906-4518-b7c7-d3632105dcad1033.mspx

http://windowshelp.microsoft.com/Windows/en-us/help/32f3845b-eda0-4168-be8d-90f07250d8101033.mspx

OR

3) The source machine is running a misconfigured application which is generating a lot of noisy packets in the network.
0
 

Author Comment

by:Balack
ID: 24420071
Hi xmachine,

I did a thorough scan in safe mode, no virus found. I made one wrong statement, that is - there is not centralized antivirus server. All PCs are installed with Endpoint separately. All PCs get the updated definitions directly from Internet.

If so, can I apply the policy as described in your first suggestion?
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24465303
No, you can't. Because you need to install the SEP manager (SEPM) to control and update all clients in the network
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
mitigations for web fraud 11 129
Norton Blue Screen 11 94
Windows 10 and Office 10 upgrade error on reboot OS not found 9 63
Anti-virus for Linux Server 15 155
These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question