Communication between the Symantec Endpoint Protection (SEP) Clients and the Symantec Network Access Control (SNAC) Enforcer is using UDP traffic on port 39999. Clients are not authenticated by SNAC Enforcer.
The issue has been resolved in SEP 12.1 RU5 and higher.
Download the latest version of Symantec Endpoint Protection:
Workarounds for SEP 12.1 pre-RU5: