This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint protection blocking local server... why?

I've seen this problem before and now I am facing it again. I had to completely uninstall endpoint protection in order to access a local ubuntu virtual server I recently turned up via ping, ssh, https, or webmin (port10000). When the server was created on the local network I was able to access it for about 48 hours and then nothing. The nothing part is what bothers me. I could access the server from my UTM or any other device that did not have endpoint protection installed. I still can, in fact. But on desktops or servers with the endpoint installed, no luck. Worst of all, I can't find anywhere a log entry being made regarding the attempt to access an apparently forbidden ip address. I've tried disabling the endpoint but that is as frustrating as no log data. Much easier to just delete the damn thing to confirm it is the issue.

When this sort of problem occurs where am I supposed to go to find the root cause so I can address it?



This thread was automatically locked due to age.
Parents
  • So much help that I am overwhelmed! I'm no longer impressed, nor of a mind to recommend endpoint protection as a viable solution to my peers.

    After unistalling and reinstalling endpoint protection I can now access the server on my local network. Of course no explanation why, no evidence to be found in windows logs or Sophos logs. And yes, I had rebooted the desktop prior to removing the Sophos endpoint protection and it made no difference. The only way I figured out Sophos was the guilty party was making a list of the devices that could or could not see the local server, then looking for the common feature among them. 

Reply
  • So much help that I am overwhelmed! I'm no longer impressed, nor of a mind to recommend endpoint protection as a viable solution to my peers.

    After unistalling and reinstalling endpoint protection I can now access the server on my local network. Of course no explanation why, no evidence to be found in windows logs or Sophos logs. And yes, I had rebooted the desktop prior to removing the Sophos endpoint protection and it made no difference. The only way I figured out Sophos was the guilty party was making a list of the devices that could or could not see the local server, then looking for the common feature among them. 

Children