Hi
I am having difficulties with an java application in the browser. When I disable smantec, the application works. I have disabled the intrusion protection for browsers and removed the final block all rule. I seem to get the application to work with these two components disabled. I get quite a bit of blocked traffic from localhost 0.0.0.0 to remotehost 0.0.0.0 over port 0. I am not certain if this is simply broadcast traffic. Please see below example. the ethernet type is sometimes different. From the client, I also see some the below associated with cisco MAC addresses 01-00-0C-CC-CC-CC.
Client Affected
Computer Name
Current: AirPro
When event occurred: AirPro
IP Address
Current: 192.168.2.41
When event occurred: 0.0.0.0
User Name: adear
Location Name: Default
Domain Name: Republic
Group Name: My Company\Airpo
Server Name: RB-SEPM
Site Name: Site RB-SEPM
Risk Detected
Event Time: 08/13/2018 16:18:08
Begin Time: 08/13/2018 16:17:54
End Time: 08/13/2018 16:17:54
Number: 1
Event Type: Ethernet packet
Severity: Info and above
Action: Blocked
Application Name:
Network Protocol: ETHERNET [type=267]
Traffic Direction: Inbound
Remote IP: 0.0.0.0
Remote Host Name:
Alert: 0
Local Port: 0
Remote Port: 0
Rule Name: Block all other traffic and don't log
Any insight is greatly appreciated.
Thanks.
corey