12-21-2011 03:27 AM
I have recently 'upgraded' my NIS suite to the 2012 version to take account of my OS upgrade to Mac OSX Lion. I get constant ARP Cache Poison warning linked to the wi-fi MAC address for my HTC phone. I think it is also slowing down my Mac considerably, how do I resolve this? Any advice gratefully received.
12-21-2011 05:26 AM
A bug regarding ARP cache poisoning detection was recently fixed in NIS 5 for Mac. You may want to manually run LiveUpdate to verify that NIS 5 is up to date.
For your information, there are more details here.
Please let us know if you're still experiencing the problem after running LiveUpdate. One of the engineers can look into it (although you may need to give them a bit extra time due to the holiday schedule).
In the meantime, if you're on a local (home) network, it's probably safe to temporarily disable ARP cache poisoning detection in Vulnerability Protection, as a "workaround," so your Mac isn't slowed down by the constant warnings.
12-21-2011 02:16 PM
Hi there, I have just connected my HTC phone to the home wi-fi network and I am receiving the same ARP cache poison warnings as before. Ihave manually updated my NIS just 10 mins ago so am assuming that the bug fix mentioend in the replies above have been applied to my system. Would really appreciate any help or advice you can give me
12-21-2011 05:41 PM
You may want to upload your SymantecInfo.txt to provide the engineers with some useful information to examine. You can find instructions in the following KnowledgeBase article:
Hopefully Symantec will be able to determine whether the network data sent from your HTC phone is triggering a false positive warning, or if the phone is trying to redirect network traffic. (Is your phone's personal Wi-Fi hotspot enabled?)
12-21-2011 06:01 PM
12-21-2011 06:28 PM
please send us your IPS log file, which is located at /Library/Application Support/Symantec/UIAgent/Logs/SymIPSLog
Please disable the signature in the IPS signatures window (Norton Firewall -> Advanced -> Vulnerability Protection -> Signatures -> ARP Cache Poison Detection) until we are able to get back to you.
It sounds like your Mac is behind a home network router. If that is the case, it is safe to disable this signature.