Solved

Get port scan attack logged in my workstation

Posted on 2009-05-15
5
2,120 Views
Last Modified: 2013-12-09
This is using symantec endpoint 11 on my workstation. Recently, I  found that my symantec endpoint stopped traffic from other workstation.

Pls see attached jpg for info.

What should I do to allow this workstation to communicate with my workstation assumed that it is a false alarm?
0
Comment
Question by:Balack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
xmachine earned 500 total points
ID: 24393148
Hi,

This means your using an "Intrusion Prevention" policy with default settings.

1) Open SEPM Console > Policies > Intrusion Prevention

2) Uncheck the box "Automatically block an attacker's IP address" and this will solve the problem.

3) I don't see any attached snapshot, because I need to know the logged attack to help you more


A Symantec Certified Specialist @ your service

0
 

Author Comment

by:Balack
ID: 24396714
Hi xmachine,

Pls see the attached snapshot...
Port-Scan.JPG
Port-Scan-2.JPG
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24401451
Port Scan attack detected could be due to one of the following reasons:

1) The source machine is infected by some virus, and is scanning the network for other hosts. Make sure it's already protected by an Antivirus software and is up-to-date.

OR

2) The source machine is running Windows Vista, and "Network Discovery" mode is enabled.

http://windowshelp.microsoft.com/Windows/en-us/help/0e5f2e0c-9906-4518-b7c7-d3632105dcad1033.mspx

http://windowshelp.microsoft.com/Windows/en-us/help/32f3845b-eda0-4168-be8d-90f07250d8101033.mspx

OR

3) The source machine is running a misconfigured application which is generating a lot of noisy packets in the network.
0
 

Author Comment

by:Balack
ID: 24420071
Hi xmachine,

I did a thorough scan in safe mode, no virus found. I made one wrong statement, that is - there is not centralized antivirus server. All PCs are installed with Endpoint separately. All PCs get the updated definitions directly from Internet.

If so, can I apply the policy as described in your first suggestion?
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24465303
No, you can't. Because you need to install the SEP manager (SEPM) to control and update all clients in the network
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Info tools for social network surveillance 12 128
Ransome Ware Question 10 172
Virus that hides folders 6 56
Total AV worth it? 4 379
So you got the Conficker. You could go to each machine and run the eye chart test (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html), but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
Change your password...do it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question