After upgrading the Symantec Endpoint Protection (SEP) or Symantec Endpoint Security (SES) agent to 14.3 RU5 (14.3.8262.5000) the EAPOL traffic is dropped by the firewall.

Release: 14.3 RU5 prior to build 14.3.8268.5000.

Component: Firewall

A change introduced in SEP 14.3 RU5 created an issue with the Firewall parsing non-IP traffic. As a result, non-IP traffic is blocked and not logged.

In build 14.3.8268.5000 of SEP/SES the firewall is able to parse non-IP traffic again. Upgrade to this latest build if you are experiencing this issue.

Workarounds prior to upgrade:

1. For Symantec Endpoint Protection Manager (SEPM) managed and unmanaged clients place an "Allow All" rule at the bottom of the Firewall Policy. Do not set "Host" and "Services" conditions. The non-IP traffic can be allowed by this rule.
2. For ICDM-managed SES clients Disable the Firewall.

Incident Description: EAPOL traffic is blocked after upgrading to 14.3 RU5 - New fixes and component versions in Symantec Endpoint Protection 14.3 RU5