Endpoint Protection

Hi all,

Please see the attached screenshot.

Attachment(s)

1-5-5707-Sep Error.doc   677 KB 1 version

Hi Anil,

Check this Forums.

https://www-secure.symantec.com/connect/forums/sep-121-how-disable-denial-service-detection-sepm

hi,

Check this

https://www-secure.symantec.com/connect/forums/denial-service-how-add-host-exeptions

https://www-secure.symantec.com/connect/image/denial-service-detection

check the atttacking system and update the system with all the required patches.

check the latest patch insttaled on system or not..

if not then installl that patches

Hello,

The message what you are getting is from IPS  ( intrusion prevention signatures)

various kinds of attacks are there , in that DOS Denial of service is one of them.

http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=21422

its good that symantec is blocking it, safe.

I would also suggest you to check these Threads:

https://www-secure.symantec.com/connect/forums/denial-service-1

https://www-secure.symantec.com/connect/forums/denial-service-logged-what-gives

Hope that helps!!

Hi Anil,

IP address 10.2.228.200 is from inside network or outside network?

By looking at local IP (10.64.9.45) I believe it's from outside network.

If it's happening on any specific system then there is hight possibility that system is not fully patched.

Most probably it's happening due to OS vulnerability.

It is recommended to install all the Symantec features AV / PTP/ NTP with latest definitions.Always make sure that your computers are receiving definitions regularly.

You can upgrade your product to latest built.

You windows machines should have all the latest windows updates /Patches.

Upgrade all the installed third paty software.

Disable Autorun.

Please follow best practice guide to handle virus issue.

http://www.symantec.com/business/support/index?pag...