Symantec Endpoint Protection (SEP) Network Threat Protection (NTP) requests the user to accept packets

book

Article ID: 177507

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Notifications are displayed on computers with the Network Threat Protection (NTP) component of the Symantec Endpoint Protection (SEP) client installed. These notifications indicate that network traffic that is not a standard Winsock application is being received by the client.

Network Threat Protection message:

"Your computer received a UDP packet from the remote address [<address>]. Do you want to accept it?
This is not a standard Winsock application."
 

or

"Your computer received a packet from the remote address <address>.   This is not a standard Winsock application. Do you want to allow it?"    

 

Cause

These messages are displayed when a packet received by a SEP client matches a rule in the NTP policy that has been configured to take the action of  "Ask".
In this case, the NTP component will display a dialog requesting the user to determine if they would like to allow or block the packet.

SEP 11.x and 12.1 both contain a generic rule to block broadcast and multicast traffic without logging. If this rule is modified, or a rule is placed higher in the list with the "Ask" action, this notification will display.

Resolution

To confirm the default behavior for broadcast and multicast traffic has not been modified or disabled:

  1. Open the Symantec Endpoint Protection Manager (SEPM) Console
  2. Locate the applicable Firewall policy under Policies>Firewall
  3. Click Edit the policy in the Tasks pane
  4. Select the Rules tab
  5. Find the applicable rule for the version of SEPM:
    1. "Don't log broadcast and multicast traffic" for SEP 11.x
    2. "Block Broadcast and multicast traffic and don't log" for SEP 12.1
  6. Confirm that the Enabled check box is selected
  7. Ensure that the value in the Action column is set to "Block" and not "Ask"
  8. Click the OK button to close the Firewall Policy window