The text "GUI% GUICONFIG#[email protected]#Normal" is shown from the client side rules (Mixed or Client control mode) when viewing the traffic log, and is difficult to distinguish what the rule function or rule name is.
This problem is fixed in Symantec Endpoint Protection 11.0.6000.550 (RU6) to show the rule name. For information on how to obtain the latest build of Symantec Endpoint Protection, read Obtaining an upgrade or update for Symantec Endpoint Protection 11.x or Symantec Network Access Control 11.x.
Workaround prior to RU6 release to find the actual rule name or function:
1. Open Symantec Endpoint Protection (SEP) client.
2. Under Status > Network Threat Protection > Options, click Configure Firewall Rules.
3. In the Configure Firewall Rules dialog box you will see a list of rules, the first rule used is at the top which will be rule 100 (or position1), the next rule down is 101, 102, 103, 104, and so forth...
4. When viewing the traffic log from the SEP client (View Logs > Network Threat Protection > View Logs > Traffic Log) you may see an action that shows a Rule similar to one of these: