AXISHK
asked on
Port Scan attack in Symantec EndPoint Protection
I find that a HPscan program is blocked by Symantec Endpoint 14. The IP (x.x.x.x) of the HP multifunction printer is logged in Security Log - Client Managment Logs
"The lcient will block traffic from IP x.x.x.x for next 600s. Port scan attack is logged.
Any idea how to release this in Symantec Endpoint 14 ?
Thx
"The lcient will block traffic from IP x.x.x.x for next 600s. Port scan attack is logged.
Any idea how to release this in Symantec Endpoint 14 ?
Thx
As per advuce from past.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You need to create an exclusion. Here are directions:
Open SEP
Next to Network Threat Protection click on Options
Select Configure Firewall Rules
Select Add
Give it a name such as "Allow Printer" and set the Action to Allow this traffic
Click on the Hosts tab and select the IP Address field
Enter in the printer IP address here
You can leave the other tabs alone
Click OK
Move the new firewall rule to the top and click OK
Try to print again
Open SEP
Next to Network Threat Protection click on Options
Select Configure Firewall Rules
Select Add
Give it a name such as "Allow Printer" and set the Action to Allow this traffic
Click on the Hosts tab and select the IP Address field
Enter in the printer IP address here
You can leave the other tabs alone
Click OK
Move the new firewall rule to the top and click OK
Try to print again
ASKER
Thx