Summary: For optimal protection, firewalls should operate in "Whitelist Mode" --any traffic not explicitly permitted would be blocked. Occasionally, one needs to lower the protection to "Blacklist Mode" --any traffic not explicitly blocked would be permitted, in order to accommodate poorly designed applications that are not "firewall friendly." This should be done only as an interim procedure, for testing/assessment purposes, during the rule adding phase.

Step 1:   Launch Symantec Endpoint Protection (SEP) main console by double-clicking the tray icon (look for a yellow shield). Unhide icons first, if necessary.

Step 2:   Click the Options button next to "Network Threat Protection" (not Proactive...)

Step 3:    Select  "Change settings..."

Step 4:  At the "Network Threat Protection Settings" screen, under section "Unmatched IP Traffic Settings, " click  Allow IP traffic, and click OK to save the setting.

Step 5:    (optional?)  Later on... AFTER you're done with all rule adding, return to this screen once again, and set it back to Whitelist Mode by clicking  Allow only application traffic.

End of instructions.

NOTE: Just to reiterate... Blacklist mode firewall is absolutely unacceptable from the IT point of view. It is effectively 99.999% disabling outbound traffic filtering, which of course is one of the primary areas of concern in recent years, and one of the few still effective areas of threat mitigation.