Solved

Port Scan attacked is logged

Posted on 2014-11-06
3
1,658 Views
Last Modified: 2014-11-07
A single user logged on to day and has received an SEP message "A client will block traffic from IP address 192.168.x.x for the next 600 seconds (from 11/5/2014 11:30:15PM to 11/5/2014 11:40:15 PM) Port Scan attack is logged."

He tells me that he has received the same message twice more this morning, but nothing further

The IP address is from our own intranet server.

Are there some best known troubleshooting steps to resolve this issue (if it is an issue). Thanks.
0
Comment
Question by:nurturer69
3 Comments
 

Author Comment

by:nurturer69
ID: 40426713
More info:

Turns out the this workstation is trying to access Spiceworks which resides on our intranet server and his workstation is interpreting the intranet servers communication as an attack. Where can I open up the ports to allow their access to his PC?
0
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 40427794
Normally, you can check the Security Logs under Client Management for the alert to confirm the issue. In your case, you will need to add the intranet server's IP address in "Excluded Hosts."

To add the printer to "Excluded Hosts":
1.  Open your Intrusion Prevention Policy.
2.  Choose to Settings on the left.
3.  Check the box for Enable excluded hosts and then click the Excluded Hosts... button.  
4.  Add the IP address of your printer and choose Okay.

Do check the PC has latest engine and signature version as well. If there are further other intrusion alerts, you can create exception to allow a specific ID or signature as in
http://www.symantec.com/business/support/index?page=content&id=TECH97176
http://www.symantec.com/business/support/index?page=content&id=HOWTO55167
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 40428168
If this issue is all internal, you can try the following (from Symantec Support):

In SEP, click on Change Settings (left side), then click on Network Threat Protection. In the Firewall tab, uncheck "Number of seconds to block" and uncheck "Enable port scan detection". Then click on OK. I suggest closing out and restarting and then test.

My laptop was registering port scans by my desktop and printer and this stopped it.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now