Port scan attack symantec. I installed Symantec Endpoint on our 17 machines.

Port scan attack symantec These scans happen every minute from the same IP Addresses: 192. (Recommended) 2. Nov 5, 2014 · Hi, new Spiceworks user, just installed it yesterday, I’m struggling mightily trying to get the inventory scan to work with Symantec Endpoint Protection (12. Port scan attack is logged. The SEP firewall detects the behavior as port scan attack if the same IP address accesses more than 4 ports within 200 seconds. But since then users will get a message that the their machine will bock traffic an internal address for 600 seconds because of a port scan attack. I’ve googled this for a while and tried opening v… Nov 5, 2014 · That only works for managed Symantec clients. You can perform the following tasks in the Security log: I am getting periodic popups from Symantec that I have ongoing port attacks, DoS attack, or simply a notification that my network IP address will be blocked. acatic (Inegolluyum) January 13, 2016, 5:20pm 13 Chetan, Nov 11, 2014 · Hi, new Spiceworks user, just installed it yesterday, I’m struggling mightily trying to get the inventory scan to work with Symantec Endpoint Protection (12. Mar 3, 2015 · We just installed Symantec Security Suite for Enterprise. online-matrix. Jul 23, 2025 · Ports are really significant as they help in tracking the traffic that enters and leaves a computer network. Port scan is a technique hackers use to discover weak points in a network. 0. You can track the trends that relate to viruses, security risks, and attacks. ) I am not a Symantec expert by any May 14, 2014 · I am unable to scan about 15 computers in the network with Spiceworks. I’ve googled this for a while and tried opening v… Jan 28, 2018 · But I'm unable to connect the printer as the Symantec notifies Port Scan attacked is logged. We already have a Spiceworks allow rule in place in SEP to allow Spiceworks through. net. 1 installed. takes control of the Windows Firewall instead of disabling it. network scanning, & how to prevent port checker attacks. I’ve googled this for a while and tried opening v… Oct 30, 2024 · Port scanning attackers scope out their target environment by sending packets to specific ports on a host and using the responses to find vulnerabilities. The workstations and server are showing a message of Symantec Endpoint protection The client w… Logs are an important method for tracking each client computer’s activity and its interaction with other computers and networks. Apr 29, 2014 · I’m having the same problem. I think I figured it out, am in the process of testing now and hopefully will have time to post a detailed resolution soon. Jan 5, 2021 · 2. I’ve googled this for a while and tried opening v… Symantec Endpoint Protection for Windows Client GuideUse this panel to view the log for each type of protection. 0, Its installed on a machine which has ISA server 2004 and ISA server 2004 picking up bright mail as port scan attack. Functionally, PRTG is akin to Spiceworks and WSUS, but the DMZ VM is being blocked. 01. x for next 600s. This doesn’t happen on any of the workstations and, as far as we know only on two of the servers. I’ve googled this for a while and tried opening v… Mar 6, 2015 · Port scan attack message Security symantec question johntobias3149 (Johnnny IT) March 6, 2015, 4:07pm Nov 20, 2007 · I had similar issue with Symantec Bright mail security 5. Common methods to acquire this information include port, vulnerability, and/or wordlist scans using tools that are brought onto a system. All my user workstations are getting a “Port scan attack” popup, and Spiceworks is saying things like “We’ve really got to talk The client works in the background to keep your computer safe from malicious activity. But since then users will get a message that the their machine will bock traffic an internal address for 600 sec… Mar 6, 2015 · We just installed Symantec Security Suite for Enterprise. Here we use zenmap to scan the IP address of our target machine to see how Symantec detects and responds to our port scan. Nov 14, 2016 · SEP port scan attack is logged - Spiceworks unable to scan devices Security general-it-security , question 16 427 May 20, 2014 SEP > "Port Scan" attack by Spiceworks Security discussion , symantec 25 202 March 22, 2016 Symantec anti virus reporting "Port Scan Attacks" scanning using Spiceworks Spiceworks Support discussion , spiceworks-general We have a patch management server that runs a daily discovery service at 8 a. Solution: Added UDP remote port 5355 to the firewall rule Allow LLMNR from private IP addresses to prevent the firewall from detecting this as an attack. Please help on how to solve this problem. m. Jun 8, 2015 · It means your machine is being scanned by another. x. I have Symantec Endpoint Protection. xx. Opening those ports doesn’t seem to be working for me. All of these options are disabled by default. One of the servers (xxx. Aug 9, 2015 · I'm running SEP 12. Port scanning, the most common exploit carried out by attackers can make your network vulnerable to attacks. 1. I’ve googled this for a while and tried opening v… Nov 11, 2014 · Hi, new Spiceworks user, just installed it yesterday, I’m struggling mightily trying to get the inventory scan to work with Symantec Endpoint Protection (12. The Network Threat Protection log shows the generic 'Block All' rule being triggered. But since then users will get a message that the their machine will bock traffic an internal address for 600 sec… Mar 23, 2018 · Networking discussion , general-networking 5 130 September 15, 2014 Symantec and port scan attacks Spiceworks Support discussion , spiceworks-general-support 1 37 July 28, 2015 SEP port scan attack is logged - Spiceworks unable to scan devices Security general-it-security , question 16 442 May 20, 2014 Nov 10, 2014 · Hi, new Spiceworks user, just installed it yesterday, I’m struggling mightily trying to get the inventory scan to work with Symantec Endpoint Protection (12. Nslookup on the IP returned a-sac. These generally include software designed for discovery, monitoring, or security Feb 27, 2015 · We just installed Symantec Security Suite for Enterprise. I installed Symantec Endpoint on our 17 machines. Please advise. I have put that IP into the exceptions list, but it appears those client machines still see it as an attack. I talked to 4 different technicians from Comcast, including one manager, none of them had any knowledge about what I was saying. on our office the firewall blocks several PC's/IP. Nov 11, 2014 · 1 49 July 17, 2015 Symantec anti virus reporting "Port Scan Attacks" scanning using Spiceworks Spiceworks Support discussion , spiceworks-general-support 11 280 January 8, 2016 Cannot get Spiceworks working through Symantec Endpoint Protection Firewall Security discussion , symantec 42 419 July 7, 2011 Spiceworks showing up as a port attack What triggers a port scan detection in Symantec Endpoint The SEP firewall detects the behavior as port scan attack if the same IP address accesses more than 4 ports within 200 seconds, It is not unknown for legitimate software to act in a way which triggers this event, It all comes down to the way in which the software is designed to function and communicate, Administrators should monitor Nov 10, 2014 · 1 49 July 17, 2015 Symantec anti virus reporting "Port Scan Attacks" scanning using Spiceworks Spiceworks Support discussion , spiceworks-general-support 11 280 January 8, 2016 Cannot get Spiceworks working through Symantec Endpoint Protection Firewall Security discussion , symantec 42 419 July 7, 2011 Spiceworks showing up as a port attack Nov 11, 2014 · Hi, new Spiceworks user, just installed it yesterday, I’m struggling mightily trying to get the inventory scan to work with Symantec Endpoint Protection (12. The Security log is the most important log on the client. If these was done on your external IP then I would investigate the IP's that are scanning you. The workstations and server are showing a message of Symantec Endpoint protection The client will block traffic from ip address… for the next 600 seconds. They can also get some information on closed ports. The A port scan attack allows attackers to find open ports that provide potential entry points into your network. 1a as an unmanaged client on Windows 10 with all default firewall rules. Feb 6, 2014 · I've received a couple of alerts from Symantec anti-virus on a server and client computer saying that it is being port scanned. Not much else to go on. Anyone has any information on this domain? Ran the domain through VirusTotal and results are clean. The Windows Firewall control panel displays the message These settings are being managed by vendor application Symantec Endpoint Protection However, the options available in this policy still function as expected. I’ve googled this for a while and tried opening v…. 6. Oct 29, 2014 · Hi, new Spiceworks user, just installed it yesterday, I’m struggling mightily trying to get the inventory scan to work with Symantec Endpoint Protection (12. Jan 15, 2015 · Every 5 minutes or so I get a popup that says port scan attack is logged. I need and explanation and solution how to prevent this attack to our firewall i believe SEM can blocked this things. Handling Port Scan Detections in Symantec Endpoint Protection 12. Eastern Time symantec version 12. If the port scanning was done on your local network, it can be anything from a app/software or someone else in your network scanning. Jan 5, 2016 · Symantec Endpoint Protection block port-scan Security symantec , question 10 699 May 29, 2015 Trying to get Spiceworks to work with Symantec endpoint Protection 11. Port scan detection is key to stopping attacks. I find it really odd. 4013. 3 Port scanning detection and prevention. These settings help detect and protect the client from the attacks that occur through network traffic. I’ve googled this for a while and tried opening various ports, but without success. When the warning popped up, I clicked "stay on the network, but block the device" after a minute or two of trying to figure out what it meant, but now I’m very stressed and worried that the port scan attack already happened before I decided and therefore someone might have discovered vulnerabilities on my computer and been able to exploit them. 3 and others. Port scan attack is logged Recommend ℬrίαη Posted Jun 16, 2010 03:54 PM Feb 27, 2015 · Port scan attack message Security symantec question chetan-symantec (Chetan (Symantec)) February 27, 2015, 5:20pm Mar 24, 2023 · A port scan attack is a technique that enables threat actors to find server vulnerabilities. Did you ever find a solution? After numerous conversations with network security engineer from my company, they find out that Comcast is continuously scanning my port, and this is treated as an attack by symantec and thus blocks my IP address. I’ve googled this for a while and tried opening v… Sep 9, 2014 · Clients are getting the alert of scan port notification from symantec antivirus. Create exceptions within IPS to exclude relevant hosts in your environment. Symantec Endpoint Protection logs a port scan attack and blocks all traffic from the SpiceWorks server for 600 seconds when an inventory is attempted… Feb 27, 2015 · Port scan attack message Security symantec question johntobias3149 (Johnnny IT) February 27, 2015, 3:24pm Mar 3, 2015 · Port scan attack message Security symantec question johntobias3149 (Johnnny IT) March 3, 2015, 5:48pm Feb 27, 2015 · There should also be a log with port scan messages in the Security log on the client. Nov 13, 2024 · You need more details about the Options in the Policies of the Symantec Endpoint Protection Manager (SEPM). Oct 14, 2014 · I need to figure out how to turn off whatever is causing a spiceworks/ Symantec endpoint protection/ server 2012 conflict. Mar 28, 2025 · Port Scan detections are triggered when a series of packets are blocked on unique ports within a short time window. If several people use the same computer, you might be able Feb 27, 2015 · Port scan attack message Security symantec question johntobias3149 (Johnnny IT) February 27, 2015, 6:14pm Apr 26, 2012 · Hello. Mar 3, 2015 · Fix ID: 3208344 Symptom: The Symantec Endpoint Protection client firewall incorrectly detects multiple Link-local Multicast Name Resolution (LLMNR) response packets as a port scan attack. Symantec Endpoint Protection logs a port scan attack and blocks all traffic from the SpiceWorks server for 600 seconds when an inventory is attempted. Apr 28, 2017 · Port Scan attack in Symantec EndPoint Protection I find that a HPscan program is blocked by Symantec Endpoint 14. Please let me know how to rectify this issue and that the printer is connected. 168. Hackers scans your ports looking for an open port to attack. ) Administrators should monitor their networks and grow to recognize what is expected and Aug 22, 2012 · I have a problem on blocked sites on my firewall, it says that the reason is "port scan attack". Read to know hoe these attacks are carried out and how to prevent them. Symantec Endpoint Protection logs a port scan attack and blocks all traffic from the SpiceWorks server for 600 seconds when an inventory is attempted… Nov 11, 2014 · Hi, new Spiceworks user, just installed it yesterday, I’m struggling mightily trying to get the inventory scan to work with Symantec Endpoint Protection (12. M. Will keep you posted on the progress. I’ve googled this for a while and tried opening v… May 13, 2014 · I am unable to scan about 15 computers in the network with Spiceworks. 30) only gives us Symantec Endpoint alerted a port scan attack on one of our endpoints. Mar 23, 2018 · Based on the previous link (I posted), this issue should have been fixed by some rules that are already in place. May 13, 2014 · I am unable to scan about 15 computers in the network with Spiceworks. The setup is server 2012 running active directory, dns and a domain controller mix of May 17, 2012 · When I investigated, the logs showed it was a port scan attack from another computer on the network (private network, but a lot of people on it). Some applications in the network may generate traffic patterns which trigger port scan detections. Exclusion for Spiceworks Server IP Address to the whitelist for IPS doesn’t work because Spicework uses ephemeral ports to perform the scan & SEP detects it as a port scan attack. The attack is coming from an internal address. Discover port scanning techniques, the difference between port scanning vs. Dec 26, 2013 · Hello all: We’re running into an issue where Symantec Endpoint Protection(12. Port scanning attack helps identify of security mechanisms of the network, including active firewalls and anti-viruses. To be on the safe side I have scanned the machines at the known address, and find nothing Jun 20, 2024 · Port scans are used by security teams and pen testers, but also malicious hackers. Ports monitoring helps network admins track all the traffic that comes and goes through the network. Port scan attack is logged 0 Recommend ℬrίαη Posted Jun 16, 2010 03:54 PM Options Dropdown Oct 24, 2018 · Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation. I'm not very computer savy, but ever since 4/25/2010 since around 10:50 P. The IP (x. But I’ve tested it and so far have 42% of my workstations showing up in Spiceworks inventory scan (because I have to do it on each one individually, unmanaged Symantec clients, it takes some time. How do I stop that? Feb 27, 2015 · Port scan attack message Security symantec question johntobias3149 (Johnnny IT) February 27, 2015, 3:35pm Jan 3, 2014 · Hello all: We’re running into an issue where Symantec Endpoint Protection (12. As a time being workaround can bypass the Firewall & IPS policy to let the Inventory scan run successfully, after successful scan reassign both the policies. 4013) is reporting “Port Scan Attack Logged” on a couple of our severs. Learn more about port scan attacks and how to detect and block them. Attack name: portscan. You can use this data to analyze the overall security status of the network and modify the protection on the client computers. All the clients are showing up in spiceworks with no scan errors, but when logged onto Spiceworks server there is a port scan attack every few minutes from the clients. Using NAT networking for VMs, rather than bridged Jan 8, 2016 · Withdrawing the policy, scan works fine. ip blocked for next 600 sec. Jul 28, 2016 · If it's legitimate traffic you can set up a list of computers for which the client does not match attack signatures or check for port scans or denial-of-service attacks. Types of alerts and notifications Alert Description Scan results dialog box If a scan detects a virus or a security risk, the scan results or Symantec Endpoint Protection Detection Results May 13, 2014 · I am unable to scan about 15 computers in the network with Spiceworks. So, how do I keep Spiceworks from doing a port scan? Jul 16, 2015 · Symantec is aware of this issue and now working with Spicework as well to find a permanent solution. I was wondering what a network administrator would do about these warnings? Should I just setup a wireshark capture on the computer and see where the scans are coming from Apr 27, 2012 · Hello. Further investigation revealed it was actually my computer in the other room that was sending the port scans. Dec 16, 2015 · There is a known issue with Spicework scan and Symantec Endpoint Protection (SEP). 6 Spiceworks Support discussion , spiceworks-general-support 11 33 November 19, 2012 Spice Works Inventory VS Symantec Endpoint Protection Spiceworks Support discussion The Symantec Endpoint Protection (SEP) logs provide information about management, connections, and protection. Please help 1. 671. However, I’ll try the fix in your link as well and see if it works! Topic Replies Views Activity Port scan attack message Security symantec , question 22 1517 March 6, 2015 Little help with a Scan to Email Please Hardware & Infrastructure discussion , printers-copiers-scanners When I investigated, the logs showed it was a port scan attack from another computer on the network (private network, but a lot of people on it). Re-assigning the policy, the scan fails again, citing the port scan attack. I was and still am recieving attempts that are being succesfully blocked every minute. 1 What triggers a port scan detection in Symantec Endpoint Protection (SEP) May 15, 2002 · As an attacker scans a target (whether the scan is a sequential port scan or a random port scan) PortSentry checks the array to determine if the attacker's IP has been seen before and, if so, increments the counter. Over 50 devices being blocked by Symantec, workstations popping up with “port scan attack” alerts. Why I have to be the one publishing it, instead of someone much more knowledgeable from Symantec or Spiceworks, I have no idea. aa. For unmanaged clients the firewall settings needs to be done on each one, individually. The popup does not show an IP address, but when I look at the log, the IP address that Oct 3, 2023 · The SEP firewall detects the behavior as port scan attack if the same IP address accesses more than 4 ports within 200 seconds. I’ve googled this for a while and tried opening v… Mar 3, 2015 · Port scan attack message Security symantec question johntobias3149 (Johnnny IT) March 3, 2015, 3:42pm Guys we are experiencing IP / PORT scan attack , we have the firewall watch guard and our versions SEM 11. It does this for every port it monitors and detects packets coming from the attacker's IP address. We already have a Spiceworks allow rule in place in SEP to allo… May 13, 2014 · I am unable to scan about 15 computers in the network with Spiceworks. Sometimes the client needs to notify you about an activity or to prompt you for feedback. You or your administrator may need this information for troubleshooting. This leads to loss of connectivity. It is not unknown for legitimate software to act in a way which triggers this event. I notice Dec 16, 2015 · I am unable to scan about 15 computers in the network with Spiceworks. 4013). What is the remote IP. Spiceworks and WSUS used to be blocked until I whitelisted them. Symantec Endpoint Protection logs a port scan attack and blocks all traffic from the SpiceWorks server for 600 seconds when an inventory is attempted… Feb 27, 2015 · Port scan attack message Security symantec question brianpohlman (_Brian) February 27, 2015, 3:45pm Nov 12, 2014 · Hi, new Spiceworks user, just installed it yesterday, I’m struggling mightily trying to get the inventory scan to work with Symantec Endpoint Protection (12. Thanks! Jul 28, 2015 · I have found many post on the port scan attacks created by Symantec on client computers, however it seems my port scan attacks are being blocked on the Spiceworks server side. Symantec Endpoint Protection logs a port scan attack and blocks all traffic from the SpiceWorks server for 600 seconds when an inventory is attempted… Symantec Endpoint Protection for Windows Client GuideUse this tab to enable firewall settings. It’s coming from the Spiceworks server, and currently there are no scheduled scans, nor are any scans enabled. (It all comes down to the way in which the software is designed to function and communicate. Hello. 4971 was reporting in my task bar Blocked port scan attacks. Try this workaround to stop detections: 1. Make sure you're confident on what it is before you go adding exceptions. 1 What triggers a port scan detection in Symantec Endpoint Protection (SEP) Oct 29, 2014 · Hi, new Spiceworks user, just installed it yesterday, I’m struggling mightily trying to get the inventory scan to work with Symantec Endpoint Protection (12. Did a whois and server location is based in Netherlands. Nov 12, 2014 · Hi, new Spiceworks user, just installed it yesterday, I’m struggling mightily trying to get the inventory scan to work with Symantec Endpoint Protection (12. Here is the resolution to this. The Security log records suspicious activity, such as port scanning, virus attacks, or denial-of-service attacks. On two Windows 7 machines in my LAN I have Symantec Endpoint Protection 12. You can expand or condense each category of logs. Symantec Endpoint Protection logs a port scan attack and blocks all traffic from the SpiceWorks server for 600 seconds when an inventory is attempted… May 14, 2014 · I am unable to scan about 15 computers in the network with Spiceworks. , and Symantec sees that as a port scan attack. x) of the HP multifunction printer is logged in Security Log - Client Managment Logs "The lcient will block traffic from IP x. But since then users will get a message that the their machine will bock traffic an internal address for 600 sec… ℬrίαη Jun 16, 2010 03:54 PM Is there any way to turn this notification off on the client? 1. See What triggers a port scan detection in Symantec Endpoint Protection (SEP)? for more information. I’ve googled this for a while and tried opening v… Jan 14, 2016 · SEPM’s report on port scan attacks shows attacks from the Spiceworks Server, WSUS server, and the DMZ Citrix Web Server. If you can, please post that as well. Ports enable devices to recognize different kinds of traffic: webpages, emails, instant messages, etc. I have a problem on blocked sites on my firewall, it says that the reason is "port scan attack". Jul 9, 2024 · This document describes the challenges of running network vulnerability scans when the Symantec Endpoint Protection (SEP) client is installed on the scanner computer, and/or the target computers of the scan. Feb 11, 2015 · I have a few clients that are getting warnings from Symantec that is has blocked a vulnerability. Symantec Endpoint Protection logs a port scan attack and blocks all traffic from the SpiceWorks server for 600 seconds when an inventory is attempted… Jul 5, 2012 · Modifying port scan detections to allow this type of behavior would potentially impact the ability of the product to detect a malicious port scan attack. SEP is blocking another computer on my local network for a 'port scan attack'. The default 'Allow Ipv4 LLMNR from private IP addresses' rule is enabled and has priority over the 'Block Ipv4 LLMNR' rule. [1] Within cloud environments, adversaries may attempt to discover It means your machine is being scanned by another. Things work fine, but several time per day I get to see the following warning: I had a thorough look at the m to detect and log potential attacks on the client and block spoofing attempts. Packets and data that are transmitted over ports tell Cyber-Attackers if the specific port can be vulnerable to attack. Network intrusion prevention and peer-to-peer authentication allow any source traffic from hosts in the excluded hosts list. brcwmjy qqlu bgjv kqox wddwac omk iaxnb vzbq yjeimo gxty uvpcep zuefc aclddq olfhxgh afwubz