Symantec Endpoint Protection Network Threat Protection doesn't seem to be able to block outbound connection to tcp port 25 (SMTP)
Last Updated February 08, 2011
You have created a firewall rule to block outbound connection to tcp/25 and this rule has been correctly applied to the clients. However, the rule doesn't seem to have any effect.
The clients who have the firewall rule applied have Symantec Endpoint Protection POP3/SMTP Email Scanner installed and Internet Email Auto-Protect is enabled.
You have the firewall rule created correctly for the purpose, similar to what the screen shot shows below:
You find out that after the rule applied, you can still telnet to a remote system on tcp port 25.
SEP POP3/SMTP email scanner is installed and enabled.
This behavior is by-design. When the POP3/SMTP email scanner is installed and enabled email messages are passed from the client software to the Symantec email proxy (which provides POP3/SMTP antivirus functionality). The Symantec email proxy then sends the scanned message to the server. Because the email proxy is considered a trusted process it is allowed through the firewall.
Imported Document ID: TECH132583
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe