I have decided to enable the sep 12 firewall on a single sepm group only. When i do this. I get periodic warnings, on the win7 nodes in that group, pertaining to attempted port scans from a file server. I have analyzed and av scanned that file server many times. It does not appear to have any viruses/malware registered from multiple scanners(what has been found has been cleaned). I've noticed that the mac address registered at the sepm for this alert is the mac of the server. So that makes spoofing less likely. I have packet analyzed the server multiple times. It appears that the only thing that could possibly be causing this is ssdp(simple service discover protocol). The packet analysis has picked this up as coming from the server and going to the client periodically. Could SSDP be causing the symantec firewall to register as a port scan?
ソリューションが必要です
