• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2126
  • Last Modified:

Get port scan attack logged in my workstation

This is using symantec endpoint 11 on my workstation. Recently, I  found that my symantec endpoint stopped traffic from other workstation.

Pls see attached jpg for info.

What should I do to allow this workstation to communicate with my workstation assumed that it is a false alarm?
0
Balack
Asked:
Balack
  • 3
  • 2
1 Solution
 
xmachineCommented:
Hi,

This means your using an "Intrusion Prevention" policy with default settings.

1) Open SEPM Console > Policies > Intrusion Prevention

2) Uncheck the box "Automatically block an attacker's IP address" and this will solve the problem.

3) I don't see any attached snapshot, because I need to know the logged attack to help you more


A Symantec Certified Specialist @ your service

0
 
BalackAuthor Commented:
Hi xmachine,

Pls see the attached snapshot...
Port-Scan.JPG
Port-Scan-2.JPG
0
 
xmachineCommented:
Port Scan attack detected could be due to one of the following reasons:

1) The source machine is infected by some virus, and is scanning the network for other hosts. Make sure it's already protected by an Antivirus software and is up-to-date.

OR

2) The source machine is running Windows Vista, and "Network Discovery" mode is enabled.

http://windowshelp.microsoft.com/Windows/en-us/help/0e5f2e0c-9906-4518-b7c7-d3632105dcad1033.mspx

http://windowshelp.microsoft.com/Windows/en-us/help/32f3845b-eda0-4168-be8d-90f07250d8101033.mspx

OR

3) The source machine is running a misconfigured application which is generating a lot of noisy packets in the network.
0
 
BalackAuthor Commented:
Hi xmachine,

I did a thorough scan in safe mode, no virus found. I made one wrong statement, that is - there is not centralized antivirus server. All PCs are installed with Endpoint separately. All PCs get the updated definitions directly from Internet.

If so, can I apply the policy as described in your first suggestion?
0
 
xmachineCommented:
No, you can't. Because you need to install the SEP manager (SEPM) to control and update all clients in the network
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now