On the Symantec Endpoint Protection (SEP) client, in rare instances Intrusion Prevention Service (IPS) detections may include an invalid MAC address for the local or source MAC address of the devices involved.
8/23/2019 5:08:21 AM Intrusion Detection System Major 10.110.6.126 0.0.0.0 0 Incoming Auto-Block Event 0 8/23/2019 5:06:48 AM 8/23/2019 5:07:18 AM 7 Symantec Endpoint Protection [redacted] 00-00-00-00-62-6130-32-3A-41-36-3A [redacted]
This occurs as a result of corrupted event logs sent by the SEP client to the SEP Manager. The SEP Manager reads the ASCII strings as binary values and translates accordingly.
Symantec is aware of this issue and will update this article when a solution becomes available. Click the Subscribe to this Article button to be notified of future updates through email.
Subscribing will provide email updates when this Article is updated. Login is required.