The Symantec Endpoint Protection (SEP) client displays notifications regarding "Unsolicited ARP request."
Unsolicited ARP request
There are several possible causes:
Unsolicited ARP requests from a server or appliance can be caused by applications or appliances that uses "gratuitous-arp". Gratuitous ARP is used when hosts need to update other local host ARP tables. Gratuitous ARP updates ARP tables on computer even though it is not solicited, triggering SEP events like ARP Poisoning and MAC Spoofing.
Different behaviors of suspicious traffic can trigger these events: two examples are
To identify the threat and remove it, please follow the steps in Best Practices for Troubleshooting Viruses on a Network.
Use a tool such as Wireshark to help you to identify the source of this issue.
Download Wireshark: http://www.wireshark.org/download.html
Normally, if it is only one computer affected, the root cause of the unsolicited ARP request is an application or environmental issue.
If all environments or specific switches and other appliances, normally it is the environment.
Application issues can be related to threats.