Symantec software blocks WHR-600D IP (198.168.11.1) because of Port Scanning

quyvle · March 24, 2016, 11:37:21 PM

Hi, I have a work laptop that has the Symantec Endpoint Protection software installed. Whenever I am working from home, I have to log into the VPN. Once I log on, I surf the web for maybe 2-5 minutes and then a pop up appears by Symantec Endpoint Protection (SEP) stating that it has blocked a Port Scanning attack from the IP address 198.168.11.1 (router's ip).

I've done some digging on this issue and it seems to be fairly common. See the following links for details:

http://www.symantec.com/connect/forums/endpoint-protection-blocks-ip-my-router
http://www.symantec.com/connect/forums/issues-portscan-detections

I'm currently working with tech support to either add the IP address to the exception list but I'm not sure if I'll succeed on that front (they could come back to tell me that I just need to suck it up and buy a new router). The other solution could be to turn off port scanning on the router itself. I've done some googling on the product and it doesn't seem like it's possible. Does anyone know if you can indeed turn off port scanning for this router model?

Thanks in advance.

quyvle · April 24, 2016, 11:13:20 PM

I've solved the problem via the solution on this blog post:

http://www.nsftools.com/blog/blog-10-2010.htm#10-31-10

Basically, turn off Network Services which port scans each connected device to discover services.

News:

Symantec software blocks WHR-600D IP (198.168.11.1) because of Port Scanning

quyvle

quyvle