I need a solution
One of my clients is getting a notification roughly every 2 minutes from Symantec Endpoint Protection stating "Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer." When I view the log file it is detecting this attack from both of my domain controllers. On my Symantec endpoint manager firewall policy I've got "Enable Anti-MAC Spoofing" turned off. My client has build 14.0.3897. This issue has just started occuring in the past 3 days.
0
