I am having difficulties with an java application in the browser. When I disable smantec, the application works. I have disabled the intrusion protection for browsers and removed the final block all rule. I seem to get the application to work with these two components disabled. I get quite a bit of blocked traffic from localhost 0.0.0.0 to remotehost 0.0.0.0 over port 0. I am not certain if this is simply broadcast traffic. Please see below example. the ethernet type is sometimes different. From the client, I also see some the below associated with cisco MAC addresses 01-00-0C-CC-CC-CC.
When event occurred: AirPro
When event occurred: 0.0.0.0
User Name: adear
Location Name: Default
Domain Name: Republic
Group Name: My Company\Airpo
Server Name: RB-SEPM
Site Name: Site RB-SEPM
Event Time: 08/13/2018 16:18:08
Begin Time: 08/13/2018 16:17:54
End Time: 08/13/2018 16:17:54
Event Type: Ethernet packet
Severity: Info and above
Network Protocol: ETHERNET [type=267]
Traffic Direction: Inbound
Remote IP: 0.0.0.0
Remote Host Name:
Local Port: 0
Remote Port: 0
Rule Name: Block all other traffic and don't log
Any insight is greatly appreciated.
Are you sure this is the correct log entry? Normally, it would show the application name and port/protocol that is blocked.
This was taken directly from SEPM. The log in the SEP client looks similar. with the 0.0.0.0 entries. The only thing i could do was allow traffic based on ethernet type via particular MAC addresses from Hosts. I do not like this option as I believe it opens the system more. But I am really not certain what could be causing the application not to work as I don´t seem to have supporting logs to determine what is being blocked. Further, the intrusion protection block for browsers has a log detections but do not block option which does not seem to work. I don´t see anything being blocked but the application works when I disable the option altogether.
It turned out that there is also an intrusion protection feature via Application Hardening. I removed the Application Hardening feature and was able to use the Java application.