I have recently 'upgraded' my NIS suite to the 2012 version to take account of my OS upgrade to Mac OSX Lion. I get constant ARP Cache Poison warning linked to the wi-fi MAC address for my HTC phone. I think it is also slowing down my Mac considerably, how do I resolve this? Any advice gratefully received.
A bug regarding ARP cache poisoning detection was recently fixed in NIS 5 for Mac. You may want to manually run LiveUpdate to verify that NIS 5 is up to date.
For your information, there are more details here.
Please let us know if you're still experiencing the problem after running LiveUpdate. One of the engineers can look into it (although you may need to give them a bit extra time due to the holiday schedule).
In the meantime, if you're on a local (home) network, it's probably safe to temporarily disable ARP cache poisoning detection in Vulnerability Protection, as a "workaround," so your Mac isn't slowed down by the constant warnings.
Thanks, I shall check it out when I get home and let you know how I get on.
Hi there, I have just connected my HTC phone to the home wi-fi network and I am receiving the same ARP cache poison warnings as before. Ihave manually updated my NIS just 10 mins ago so am assuming that the bug fix mentioend in the replies above have been applied to my system. Would really appreciate any help or advice you can give me
You may want to upload your SymantecInfo.txt to provide the engineers with some useful information to examine. You can find instructions in the following KnowledgeBase article:
http://www.symantec.com/business/support/index?page=content&id=TECH134761
Hopefully Symantec will be able to determine whether the network data sent from your HTC phone is triggering a false positive warning, or if the phone is trying to redirect network traffic. (Is your phone's personal Wi-Fi hotspot enabled?)
Thanks MacUserSW17 and karigane
MacUserSW17,
could you please tell us what type of phone you have and what OS (and version) it is running?
Thanks for your help and patients.
David
MacUserSW17,
please send us your IPS log file, which is located at /Library/Application Support/Symantec/UIAgent/Logs/SymIPSLog
Please disable the signature in the IPS signatures window (Norton Firewall -> Advanced -> Vulnerability Protection -> Signatures -> ARP Cache Poison Detection) until we are able to get back to you.
It sounds like your Mac is behind a home network router. If that is the case, it is safe to disable this signature.
Thanks
David