

You can even block specific actions based on the location of the user. It includes turnkey, proactive technologies that automatically analyze application behaviors and network communications to detect and block suspicious activities, as well as administrative control features that allow you to deny specific device and application activities deemed as high risk for your organization. It also provides advanced threat prevention that protects endpoints from targeted attacks and attacks not seen before. Symantec Endpoint Protection delivers more than world-class, industry-leading antivirus and antispyware signature-based protection. It provides protection against even the most sophisticated attacks that evade traditional security measures, such as rootkits, zero-day attacks, and mutating spyware. Click on 'OK' button for save changes in the Intrusion Prevention policy.Symantec Endpoint Protection combines Symantec AntiVirus with advanced threat prevention to deliver an unmatched defense against malware for laptops, desktops, and servers.Check if the exception edited has been added to 'Intrusion Prevention Exceptions' list.Change 'Action', from 'Block' to 'Allow'.Select Intrusion Prevention policy, and under 'Tasks' select 'Edit the Policy'.Under 'View Policies', select 'Intrusion Prevention'.Open Symantec Endpoint Protection Manager console.To create an exception for Intrusion Prevention Policy to allow a specific ID:

It means, only the IT administrators of a company can change the permissions on the computer. You can create an exception but you would want to be sure the traffic is legitimate. Symantec Endpoint Protection is an antivirus used by companies to manage their computers' security. Check your version to see if it is current.

Symantec Support has info on this and it is supposed to be addresed in a release RU6 MP1. Common on home and small business devices. This is typically found on a router that is doing DNS forwarding from an ISP.

There are some versions of SEP that see DNS traffic from the router as a DoS. As the user mentions, this is usually a malformed address or it is some sort of malware creating traffic. This indicates that there is inbound traffic form the IP mentioned in the alert. Assuming you meant SEP rather than Backup Exec.
