The Symantec Endpoint Protection (SEP) client UnManaged Detector sending wrong logs.
1. Disable the SEP client UnManaged Detector on the machine sending the wrong report.
2. If the firewall is not installed on the machine configured as a UnManaged Detector
a) Install firewall component on the client.
b) Reboot the machine after installation.
3. If the firewall is installed on the machine configured as a UnManaged Detector
a) Repair the SEP client via the Control panel Add/Remove Programs applet.
b) Reboot the machine
4. Verify the SEP client firewall (teefer) driver is running.
To verify if the driver is running
a) Start > Run
b) Open cmd.
c) Type in sc query teefer2.
5. Once the driver has been verified as running, re-enable the SEP client as an UnManaged Detector.
Symantec Endpoint Protection 12.1