Hello, We are on SEPM 14 MP2. We have 1 SEP Manager and about a dozen endpoints/client machines running Windows OS. We are noticing that the ccSvcHst.exe process on all the endpoints tries communicating with some public ip-addresses very often. These public ip's belong to Microsoft and the traffic is over port 443. Please see below screenshot. We understand this is safe/legit communication but how can we disable the clients from not making these connection attempts at all ?
The issue is our network firewall is getting overwhelmed because all the clients (that have symantec endpoint) keep trying to connect to those public ips every now n then. I am fine if the SEPM manager server communicates out to internet for updates and other normal stuff but we dont want clients to keep going out as well. I have checked with Symantec support n they are saying this is default behaviour of SONAR and Auto Protect feature as it does ip-reputation lookups.
In the SEPM Manager, Under "Policies >> LiveUpdate Settings Policies" we have made sure that the Windows client settings are set to use the "Default Management Server" only for updates . This has been verified with tech support so there should be no reason for clients to check further online for anything. The other option somewhere to send anonymous data has also been disabled.
Surely in an environment which has 1000s of endpoints, this can cause lot of un-necessary traffic on the firewall leading to frustation. Any words of advise ?