SEP Cloud firewall started blocking File & Print sharing today

I need a solution

I have Symantec Endpoint Protection Cloud 22.16.2.22 clients with the default “Symantec recommended system policy” and “Symantec recommended security policy” applied to all users & devices.  The “Symantec recommended security policy” as shown in the portal continues to include Network Protection settings of “Firewall = on”, “File and Printer Sharing = on”, and “Remote Desktop Connection = on”, and this has been working successfully and as expected for months.

Today, literally while I’m Remote Desktop’d into one of the managed devices, the ability to use File and Printer Sharing to access shares being hosted from that device stopped working.  The Remote Desktop connection continued to work fine.  After figuring out it wasn’t a name resolution failure, a LAN trace confirmed that the connection attempt is now being refused by the SEP Cloud-protected machine.

The SEP Cloud client shows plenty of “Firewall rules updated” events with status “detected”, but these were happening back when access was still allowed, too.  There is no detail provided in these events; no indication of “what” was updated about the firewall rules.  I do see where the client picked up a “Symantec Revocation Reputation List” and “SONAR Updates x64” update this morning; but that is not unusual either, and hasn’t resulted in the “File and Printer Sharing = on” setting being ignored before.

Where can I display the detail of whether the client thinks “File and Printer Sharing = on” support is in effect or not?  The “Advanced” display just shows “Smart Firewall = On”, and doesn’t show what it thinks the state of the security policy actually is.

Where can I display the detail of what changed in the firewall rules during these “Firewall rules updated” events?  There is no detail provided other than date and time for these events.

Thanks.

0

Related:

How many IP’s or url’s we can block on Symantec Endpoint Protection FW?

I need a solution

Hi All, Have any of you observed a relation between the number of FW rules on Symantec Endpoint Protection FW component and a latency on the browsing and downloading files? In other language, If you blocked 100 IP on the FW on client A and 1000 IP on client B… Is there will be any difference in using the network from the two clients?

0

Related:

Downloading definitions for “Download Protection” for offline system

I need a solution

Hi,

I have an offline Windows system in a closed network, and I get a message that Download Protection Content is “Not Available”. For all other definitions I have found a jdb file to download and add to Symantec Endpoint Protection Manager, but I can’t seem to find one for this. Where can I get this? 

0

Related:

Disable Symantec Endpoint Protection grayed out

I need a solution

Hello

I have an UNMANAGED SEP client (14.2.770.0000) in Win 7 Ultimate machine. There are 2 users on this PC – and admin and a standard user.

How do I allow the standard user to Disable Symantec Endpoint Protection from the notification area? It’s currently grayed out. Only admin can use it.

I was able to do it in the past, but cannot recal how.

There is no SEP Management console.

Thanks

0

Related: