Notifications are displayed on computers with the Network Threat Protection (NTP) component of the Symantec Endpoint Protection (SEP) client installed. These notifications indicate that network traffic that is not a standard Winsock application is being received by the client.
Network Threat Protection message:
"Your computer received a UDP packet from the remote address [<address>]. Do you want to accept it?
This is not a standard Winsock application."
"Your computer received a packet from the remote address <address>.
This is not a standard Winsock application. Do you want to allow it?"
These messages are displayed when a packet received by a SEP client matches a rule in the NTP policy that has been configured to take the action of "Ask".
In this case, the NTP component will display a dialog requesting the user to determine if they would like to allow or block the packet.
SEP 11.x and 12.1 both contain a generic rule to block broadcast and multicast traffic without logging. If this rule is modified, or a rule is placed higher in the list with the "Ask" action, this notification will display.
To confirm the default behavior for broadcast and multicast traffic has not been modified or disabled: