Question Saftey of using Symantec endpoint protection

Please provide comments and solutions that are helpful to the author of this topic.
Parkinsond

Parkinsond

Level 18
Thread author
Dec 6, 2023
895
SEP keeps reporting attempts for port scanning from different IP addresses, which get blocked.
What does it mean?
Capture2.PNG
Capture1.PNG
 
  • Like
Reactions: Sorrento
Bot

Bot

AI-powered Bot
Apr 21, 2016
5,175
It means Symantec Endpoint Protection (SEP) is detecting and blocking attempts by external IP addresses to identify open ports in your system - a common precursor to cyber attacks. It's a sign that SEP is doing its job protecting your network.
 
  • Like
Reactions: Sorrento and Parkinsond
Parkinsond

Parkinsond

Level 18
Thread author
Dec 6, 2023
895
Bot said:
It means Symantec Endpoint Protection (SEP) is detecting and blocking attempts by external IP addresses to identify open ports in your system - a common precursor to cyber attacks. It's a sign that SEP is doing its job protecting your network.
Click to expand...
Any further measures needed?
 
Bot

Bot

AI-powered Bot
Apr 21, 2016
5,175
Parkinsond said:
Any further measures needed?
Click to expand...
While SEP is effectively blocking these attempts, it's always a good idea to ensure your software is up to date, enforce strong password policies, and educate users about phishing scams. Regularly monitor your logs to identify any persistent or suspicious activity.
 
Parkinsond

Parkinsond

Level 18
Thread author
Dec 6, 2023
895
Brahman said:
Do you have any torrent application running while getting these alerts? Or any other pc in your lan has torrent application running ?
Click to expand...
No; I do not use torrent at all.
Modem router is connected only to my PC and another turned off one by cable.
 
Vitali Ortzi

Vitali Ortzi

Level 31
Verified
Top Poster
Well-known
Dec 12, 2016
2,052
Parkinsond said:
Modem router is connected only to my PC and another turned off one by cable.
Click to expand...
You have the IP address check it and look where the traffic is coming from
Maybe it's malicious maybe not but usually software shouldn't scan for active ports if default ones are open
So it is suspicious but not necessarily malicious
 
  • Like
Reactions: Parkinsond and Brahman
Brahman

Brahman

Level 19
Verified
Top Poster
Well-known
Aug 22, 2013
912
Parkinsond said:
No; I do not use torrent at all.
Modem router is connected only to my PC and another turned off one by cable.
Click to expand...
Check whether your router has firewall functionality? If so check whether it's properly configured or not. Do you have static IP address or dynamic ip address from your isp? If you have a dynamic ip address, your isp would be shielding your ports from their side. You can test it's integrity by going to GRC | ShieldsUP! — Internet Vulnerability Profiling. You can also consider a hardware firewall like opnsense or pfsense, mikrotik hap ac3 etc for added protection.
 
  • Like
  • +Reputation
Reactions: Parkinsond and Vitali Ortzi
Parkinsond

Parkinsond

Level 18
Thread author
Dec 6, 2023
895
Vitali Ortzi said:
You have the IP address check it and look where the traffic is coming from
Maybe it's malicious maybe not but usually software shouldn't scan for active ports if default ones are open
So it is suspicious but not necessarily malicious
Click to expand...
How can I check such IP addresses?
 
Parkinsond

Parkinsond

Level 18
Thread author
Dec 6, 2023
895
Brahman said:
Check whether your router has firewall functionality? If so check whether it's properly configured or not. Do you have static IP address or dynamic ip address from your isp? If you have a dynamic ip address, your isp would be shielding your ports from their side. You can test it's integrity by going to GRC | ShieldsUP! — Internet Vulnerability Profiling. You can also consider a hardware firewall like opnsense or pfsense, mikrotik hap ac3 etc for added protection.
Click to expand...
My modem router firewall is set to max.
My IP is dynamic.
This is the test result.
Screenshot_1-6-2025_121847_www.grc.com.jpeg
 
Brahman

Brahman

Level 19
Verified
Top Poster
Well-known
Aug 22, 2013
912
There is some more tests under that, do that too. You can check specific port range too.
 
Brahman

Brahman

Level 19
Verified
Top Poster
Well-known
Aug 22, 2013
912
Parkinsond said:
I keep getting more and more logs of port scanning from several IP addresses.
Click to expand...
These port scans are not that concerning, it happens all the time. You can switch off your router for some time and restart it so that your isp might issue a new dynamic ip address, with that the port scanning may go away for some time.
 
  • Thanks
Reactions: Parkinsond
Parkinsond

Parkinsond

Level 18
Thread author
Dec 6, 2023
895
Brahman said:
These port scans are not that concerning, it happens all the time. You can switch off your router for some time and restart it so that your isp might issue a new dynamic ip address, with that the port scanning may go away for some time.
Click to expand...
Any way to block trials of port scanning?
 
Parkinsond

Parkinsond

Level 18
Thread author
Dec 6, 2023
895
This is the data of one of the IP addresses performing port scanning.
And I have noticed Google search was blocked for few minutes!
Screenshot_1-6-2025_131148_whatismyipaddress.com.jpeg
 

Similar threads

Gandalf_The_Grey
    • +Reputation
    • Like
Security News US Health Dept warns hospitals of hackers targeting IT help desks
Replies
1
Views
2,091
Security News
ForgottenSeer 109138
F
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Symantec Endpoint Protection
Replies
98
Views
12,112
Video Reviews - Security and Privacy
Capiche
Capiche
Shadowra
    • +Reputation
    • Like
    • Thanks
App Review Cisco AMP Endpoint Antivirus 2025
Replies
7
Views
1,399
Video Reviews - Security and Privacy
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top