Symantec Endpoint Protection (SEP) Network Threat Protection (NTP) requests the user to accept packets


Article ID: 177507


Updated On:


Endpoint Protection


Notifications are displayed on computers with the Network Threat Protection (NTP) component of the Symantec Endpoint Protection (SEP) client installed. These notifications indicate that network traffic that is not a standard Winsock application is being received by the client.

Network Threat Protection message:

"Your computer received a UDP packet from the remote address [<address>]. Do you want to accept it?
This is not a standard Winsock application."


"Your computer received a packet from the remote address <address>.   This is not a standard Winsock application. Do you want to allow it?"    



These messages are displayed when a packet received by a SEP client matches a rule in the NTP policy that has been configured to take the action of  "Ask".
In this case, the NTP component will display a dialog requesting the user to determine if they would like to allow or block the packet.

SEP 11.x and 12.1 both contain a generic rule to block broadcast and multicast traffic without logging. If this rule is modified, or a rule is placed higher in the list with the "Ask" action, this notification will display.


To confirm the default behavior for broadcast and multicast traffic has not been modified or disabled:

  1. Open the Symantec Endpoint Protection Manager (SEPM) Console
  2. Locate the applicable Firewall policy under Policies>Firewall
  3. Click Edit the policy in the Tasks pane
  4. Select the Rules tab
  5. Find the applicable rule for the version of SEPM:
    1. "Don't log broadcast and multicast traffic" for SEP 11.x
    2. "Block Broadcast and multicast traffic and don't log" for SEP 12.1
  6. Confirm that the Enabled check box is selected
  7. Ensure that the value in the Action column is set to "Block" and not "Ask"
  8. Click the OK button to close the Firewall Policy window