Unable to locate the 'active response' feature in Intrusion Prevention Policy in Symantec Endpoint Protection 12.1
| Article:TECH186811 | | | Created: 2012-04-19 | | | Updated: 2012-08-17 | | | Article URL http://www.symantec.com/docs/TECH186811 |
Problem
When 'risk tracer' is enabled in the Antivirus/Antispyware Policy, you will get a warning "The Firewall Policy and the 'active response' feature in Intrusion Prevention Policy must be enabled for this feature to work."
'Active response' is also known as 'Automatically block an attacker's IP address'.
When viewing the Intrusion Prevention Policy, you do not see any feature referencing 'active response' or 'Automatically block an attacker's IP address'.
Cause
This feature was moved in version 12.1 into the "Protection and Stealth" component of Firewall Policy.
Solution
Edit the Firewall Policy, Protection and Stealth, and ensure that 'Automatically block an attacker's IP address' option is checked for 'active response' to become available.
|
|
Article URL http://www.symantec.com/docs/TECH186811
Terms of use for this information are found in Legal Notices
Thank you.