Symantec Endpoint Protection

pkfwallast used Ask the Experts™
Hello we have Symantec Endpoint Protection 12.1 MP1 installed on Windows7 en Windows XP workstations. When Symantec processes an definition update on these client worksations all network connections at the client are disconnected for one second. What is causing this behaviour? We also use Symantec 10.1.8 at some other workstations and they don't have this problem. I hope someone can help.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Sounds like you have an issue with the NTP module settings. I would open a support case with Symantec though as this is not a default behavior. I would also look at your firewall settings, something in there might be misconfigured.
Sudeep SharmaTechnical Designer

Did you see anything in the EventLogs? Did you notice the network icon saying disconnected and then connected after 1 second?


Thanks for your comments.
We are trying to make a call with Symantec but have some registration issues.

I've had a Windows 7 desktop with de Windows 7 Firewall disable still this disconnection then also disabled de Symantec Firewall but stil this strange diconnection for a split second.

I have not noticed the icon changed from disconnected to connected. The EventLogs seems normal.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Did these PCs have Symantec Antivirus 10 installed prior to the install of SEP 12.1? If I can recall correctly, we had similar issues when migrating.


Yes these pc's had Symantec Antivirus 10 installed prior to SEP12.1. Dit you solved it?
Well, our migration was from SAV 10 to SEP 11. But, I think we ended up removing SAV 10 from the PCs via script and installing fresh SEP clients.

I would try the following:

1. Submit a support ticket to Symantec and request the utility called "CleanWipe".
2. Use this utility on one of the impacted PC, it will completely remove SAV and SEP clients, registry entries and all.
3. Push or install a SEP 12.1 client package to that PC, and see if the network drop occurs.

Also, you might want to run a network trace with something like WireShark or Microsoft Network Monitor. This will give you some good detailed information on the network traffic.

Hope that helps!


Tanks. I'll wil follow your instructions en let you know if it helped.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial