Configuring Symantec Endpoint Protection for use with Lansweeper

To pull data from the Linux, Unix, Mac and Windows computers, VMware servers and other devices in your network, Lansweeper queries a number of ports on the devices. A list of scanned ports can be found in this knowledge base article. It is important to allow traffic from your Lansweeper server to these ports, to ensure a successful network scan.

Since the release of Lansweeper 6.0, Symantec Endpoint Protection in particular is prone to wrongly identifying Lansweeper traffic as port attacks on your devices. This may result in traffic being blocked and errors similar to the one below in your Symantec installation. Lansweeper 6.0 scans the same network device ports as previous Lansweeper releases, but does so more quickly to speed up scanning. Symantec identifies this sped up traffic as port attacks in some cases. An easy way to prevent errors like the one below and to allow for a successful network scan is to whitelist all traffic coming from your Lansweeper server. More restrictive rules may work as well.

The client will block traffic from IP address <IP of Lansweeper server> for the next 600 seconds (from <date and time> to <date and time>).

To whitelist all traffic from the Lansweeper server in Symantec Endpoint Protection, do the following:

  1. Open Symantec Endpoint Protection Manager.
  2. Select the Policies tab.
  3. Select the Firewall tab.
  4. Select the existing policy applied to your client machines on the right and hit Edit the policy. Alternatively, create a new policy to apply to your clients.
    firewall policies in Symantec Endpoint Protection Manager
    editing a firewall policy in Symantec Endpoint Protection Manager
  5. In the policy popup, select the Rules tab.
  6. Hit the Add Rule... button.
    adding a firewall rule in Symantec Endpoint Protection Manager
  7. Give your rule a name, e.g. "Lansweeper". Hit Next to continue.
    giving a firewall rule a name in Symantec Endpoint Protection Manager
  8. Tick Allow connections. Hit Next to continue.
    allowing connections in Symantec Endpoint Protection Manager
  9. Tick All Applications. Hit Next to continue.
    allowing all applications in Symantec Endpoint Protection Manager
  10. Tick Any computer or site. Hit Next to continue.
    allowing any computer or site in Symantec Endpoint Protection Manager
  11. Tick All types of communication (all protocols and ports, local and remote). Hit Next to continue.
    allowing all types of communication in Symantec Endpoint Protection Manager
  12. Optionally, choose to have a log entry generated when a connection is made by the Lansweeper server. Hit Finish to create the rule.
    log entry for firewall rule in Symantec Endpoint Protection Manager
  13. Once the rule has been created, double-click in the Host column and submit your Lansweeper server's IP address, to only apply the rule to traffic coming from your Lansweeper server. In the example below, the IP address of the Lansweeper server is 192.168.1.50. Hit OK several times to close all popups and submit your changes.
    changing the host of a firewall rule in Symantec Endpoint Protection Manager
    changing the host of a firewall rule in Symantec Endpoint Protection Manager
    changing the host of a firewall rule in Symantec Endpoint Protection Manager

Related Articles