How to Exclude or Include Blocked IP on Symantec?
Scenario: Customer states that the LNVR is offline, all exemption for folders were created, and the local IT wants proof from Lenel that something is being blocked.
The most likely reason, if all troubleshooting steps were tried, is that Symantec firewall or packets are being blocked, even when Symantec is disabled.
If deleting Symantec is not an option, then try this procedure to prove that Symantec is blocking traffic.
Procedure Steps
- Open the Symantec client user interface.
- Click on Network and Host Exploit Mitigation.
- Select Configure Firewall Rules.
- Click [Add].
- On the General tab, select Allow this rule.
- On the Hosts tab, enter the IP address.
You can try this procedure as well, if the user has admin rights or permission to do so:
- Check the security logs under Client Management for Denial of Service Detections for the communication server IP address to confirm the issue.
To resolve the issue, you must disable Denial of Service detection within your Intrusion Prevention policy, or you will need to add the communication server IP address in "Excluded Hosts."
To add the Communication Server to "Excluded Hosts":
http://www.symantec.com/business/support
- Open your Intrusion Prevention Policy.
- Choose the Settings on the left side.
- Check the box for Enable excluded hosts, and then click [Excluded Hosts].
- Add the IP address of your communication server, then click [OK].
http://www.symantec.com/business/support
You can also try creating an exception for Intrusion Prevention Policy to allow a specific ID:
- Open Symantec Endpoint Protection Manager console.
- Select the Policies tab.
- Under View Policies, select Intrusion Prevention.
- Select Intrusion Prevention policy, then under Tasks select Edit the Policy.
- Select the Exceptions tab.
- Click [Add].
- Search and select the blocked ID.
- Click [Next].
- Change Action from Block to Allow.
- Click [OK].
- Check if the edited exception has been added to the Intrusion Prevention Exceptions list.
- Click [OK] to save changes in the Intrusion Prevention policy.
You can also Disable DoS detection:
- Log into the Symantec Endpoint Protection Manager (SEPM).
- Click Policies, then click Intrusion Prevention.
- Edit the intrusion prevention policy that applies to the client.
- Click Settings.
- Uncheck Enable denial of service detection.
Note: This will completely disable DoS detection on the client. There is not currently a way to add an exclusion for DoS detection.
You can also enable Smart Traffic filtering. For more information:
http://www.symantec.com/business/support
http://www.symantec.com/business/support
You can also uninstall the Network Threat Protection and Application and Device Control:
- Go to Control Panel.
- From Add/Remove Programs, select Symantec Endpoint Protection and click [Modify].
- Disable the Network Threat Protection and Application and Device Control.
Applies To
LNVR (All versions)