Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SEP Blocking Port Scans From PC on Internal Network


  • Please log in to reply
1 reply to this topic

#1 David_W

David_W

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 30 January 2013 - 02:08 AM

Hi all!

I am having an issue where Symantec Endpoint Protection is blocking port scans on my internal network. SEP is running on my laptop (where I'm typing this) and the scans all come from my desktop PC (192.168.0.5) on my wireless network. Blocked scan is UDP on port 5355 and it's logging it several times per minute.

Desktop is DIY kit with 32 bit AMD processor running Windows 7 Home Premium SP1 32 bit OS.
Desktop security software is Norton Security Suite 5.2.2.3 (provided by Comcast before I moved. I now have Time Warner cable).

Laptop is HP Pavilion with 64 bit AMD processor running Windows 7 Home Premium SP1 64 bit OS.
Laptop security software is Symantec Endpoint Protection, unmanaged, ver 12.1.671.4971 (provided by the Navy).

All patches and virus definitions are up to date.

Home network is all wireless, 802.11g AES II encryption.
Other devices on the network are 2 iPads, 2 Droids (motorola and HTC) and 1 Wii, none of which have antivirus software (do they need it?) and all of which seem to be working fine.

For a couple months I was also having an issue on the laptop where it was blocking traffic from Svchost.exe but I found some help for that on Symantec's website and disabled IPv6 on my Laptop and changed the firewall rule to allow IPv6 and uPNP discovery from local computers. That seems to have resolved (or made me ignorant of the continued existance of) that problem.

In addition to the already installed security suites I have run complete scans using AVG, PCMatic, and MalwareBytes on both laptop and desktop. The desktop had some tracking cookies and Malwarebytes found pup.faceThemes on the laptop, which it quarentined. None of the others found that one, whatever it is. I have since uninstalled AVG since it seemed to trip over the Norton and vice versa.

I have noticed two other symptoms:
- I can't print from the laptop to the printer attached and shared by the desktop anymore, probably because the firewall is blocking all traffic from that machine
- web pages load extremely slowly on the laptop - on the order of minutes - and the browser is unresponsive while it's waiting. Resource monitor shows no unusual activity, as far as I can tell, while this is going on.

Happy to send logs or run additional diagnostics and sure would appreciate the help. Thanks for what you guys do!

Dave

BC AdBot (Login to Remove)

 


#2 David_W

David_W
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 30 January 2013 - 02:31 AM

Hello again. I just found a Norton support discussion that said that UDP traffic on port 5355 is normal on a LAN so I changed the firewall settings to allow it on my internal subnet. I'll let you know if that solves the problem. Would appreciate it if someone would let me know if I just made myself ignorant of a real problem. Also wondering why SEP doesn't know the subnet and subnet mask of my internal network. Seems I shouldn't have to set that for each rule.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users