Overview of the SEP Network Activity Tool
The Network Activity Tool in SEP is a very simple, yet extremely helpful tool. The purpose of this tool is simply to show the incoming/outgoing traffic of the applications running on the system. In order to use it, you need to have the NTP component installed and a firewall policy assigned to the client. Also, to get the most benefit from it, the client should be in Mixed mode. To set the client to Mixed mode, login to the SEPM and go to the Clients tab. Select the group the client is in. Click on the Policies tab. Under Location-specific Policies and Settings, click the + sign next to Location-specific Settings. To the right of Client User Interface Control Settings, click Tasks >> Edit Settings. Check the radio button for Mixed Mode than click Customize. For the purposes of this article, I have set all radio buttons to Client. This is not recommended as it gives the end users full control. I only did this for ease of use in writing the article. Once finished, Click OK to save the changes and let the policy update take affect on the client.
In order to access the Network Activity Tool, open the SEP GUI. Next to Network Threat Protection, click Options and select View Network Activity...
You will than be presented with the Network Activity screen
An overview of the total amount of incoming/outgoing traffic is shown along with the applications that are currently running and the amount of traffic they're generating.
If you click on the View menu, you will have a few more options to adjust what you would like to see:
Clicking on the Tools menu will also give you some helpful options:
If you select View Firewall Rules... it will bring up a list of all rules, the action, and who it was created by:
This can very helpful when troubleshooting issues suspected to be caused by the firewall. This option is only available when in Mixed mode as already mentioned.
You also have the option to test your network security. This option runs the Norton Security Scan against the client, testing for security holes.
Block All Traffic will immediately stop all traffic. Be careful with this option.
This tool can also be very helpful in looking for suspicious processes that may be running. See this HOWTO to guide you:
Overall, this is a great tool and I suggest you spend some time exploring its features as it may benefit you greatly.