How to Exclude or Include Blocked IP on Symantec?
Scenario: Customer states that the LNVR is offline, all exemption for folders were created, and the local IT wants proof from Lenel that something is being blocked.
- Open the Symantec client user interface.
- Click on Network and Host Exploit Mitigation.
- Select Configure Firewall Rules.
- Click [Add].
- On the General tab, select Allow this rule.
- On the Hosts tab, enter the IP address.
- Check the security logs under Client Management for Denial of Service Detections for the communication server IP address to confirm the issue.
- Open your Intrusion Prevention Policy.
- Choose the Settings on the left side.
- Check the box for Enable excluded hosts, and then click [Excluded Hosts].
- Add the IP address of your communication server, then click [OK].
- Open Symantec Endpoint Protection Manager console.
- Select the Policies tab.
- Under View Policies, select Intrusion Prevention.
- Select Intrusion Prevention policy, then under Tasks select Edit the Policy.
- Select the Exceptions tab.
- Click [Add].
- Search and select the blocked ID.
- Click [Next].
- Change Action from Block to Allow.
- Click [OK].
- Check if the edited exception has been added to the Intrusion Prevention Exceptions list.
- Click [OK] to save changes in the Intrusion Prevention policy.
- Log into the Symantec Endpoint Protection Manager (SEPM).
- Click Policies, then click Intrusion Prevention.
- Edit the intrusion prevention policy that applies to the client.
- Click Settings.
- Uncheck Enable denial of service detection.
Note: This will completely disable DoS detection on the client. There is not currently a way to add an exclusion for DoS detection.
- Go to Control Panel.
- From Add/Remove Programs, select Symantec Endpoint Protection and click [Modify].
- Disable the Network Threat Protection and Application and Device Control.