A weird issue was seen with CAM communication being blocked by Symantec End Point Protection where small UDP packets (1024 bytes) were allowed but default packet size (8397) was not being allowed.
A techdoc regarding the same has been published.
The techdoc does not give more details, but is the issue present if the firewall module from SEP is not installed ?
I emailed Lenny, the author of this techdoc and this posting. I reject both the premise and conclusion of the document as it asserts there's some general incompatibility between ITCM and SEP, which is not true; and the conclusion of directing a customer to uninstall their antivirus solution is not a real world conclusion. It certainly can be a valid troubleshooting step, but not a valid conclusion.
The truth of the matter is this document outlines a problem, without a definitive conclusion, that is specific only to one particular customer scenario that Lenny has been troubleshooting. To my understanding this does not represent any generic case between ITCM and Symantec Protections. To my knowledge, the customer scenario is complicated by involving multiple corporate networks connected by a series of VPN tunnels between the ITCM environment, and the endpoint(s) exhibiting the communication problems.
After much troubleshooting by Lenny and coworkers, the customer is now pursuing their scenario with Symantec Support, as we were able to at least narrow the cause to intermittent/heuristic behavior of SEP to block our CAM traffic in their particular scenario. I've worked with many customers using SEP and nearly every other mainstream AV solution out there, and I'm unaware of any general incompatibility that ITCM has with SEP.
-Brian Fontana, CA Support
thank you for the reply and the description of the support case that produced this announcement. I hope the outcome of the SEP support case would shed more light on whether it's a particular combination of SEP/ITCM/network configuration that causes problems or it's a more general issue in a product involved.
I had this issue with my customer due to an updated version of SEP.
They had to downgrade it until Symantec provides a solution.