Hello.
I'd like to report a very strange behaviour - Windows 8.1 clients with installed SEP software are prety much "killing" Windows Server (2012) with port scanning attacks. At least that's what SEP client on a server is reporting in its' logs.
I'v scanned all computers and server in search of a virus - none. I've disabled "submissions" and "liveupdate" in rules. (http://www.symantec.com/connect/sites/default/files/SEPM_Client_Management_Settings_Submissions_0.jpg)
I've upgraded SEPM, SEP client on a server and a few clients to the latest version 12.1.4 mp1b - no change.
This situation completely disorganizes work in that LAN, clients get cut off from the server for 600 seconds.
From what I've gathered it looks like traffic is generated in search of IP 143.127.102.40 on a variety of ports, mostly very high in numbers like 50000+ but also 5355 and 443.
A new (renewal) license was installed a few days ago, but that problem stared around the end of last month, with only a few days to go on our old license.
That domain doesn't have regular access to the Internet, it's a LAN only environment. SEP Updated via offline file downloads.
Please help.