Overview of the SEP Network Activity Tool

Created: 10 Apr 2013 • Updated: 10 Apr 2013
_Brian's picture
Login to vote
+15 15 Votes

The Network Activity Tool in SEP is a very simple, yet extremely helpful tool. The purpose of this tool is simply to show the incoming/outgoing traffic of the applications running on the system. In order to use it, you need to have the NTP component installed and a firewall policy assigned to the client. Also, to get the most benefit from it, the client should be in Mixed mode. To set the client to Mixed mode, login to the SEPM and go to the Clients tab. Select the group the client is in. Click on the Policies tab. Under Location-specific Policies and Settings, click the + sign next to Location-specific Settings. To the right of Client User Interface Control Settings, click Tasks >> Edit Settings. Check the radio button for Mixed Mode than click Customize. For the purposes of this article, I have set all radio buttons to Client. This is not recommended as it gives the end users full control. I only did this for ease of use in writing the article. Once finished, Click OK to save the changes and let the policy update take affect on the client.

In order to access the Network Activity Tool, open the SEP GUI. Next to Network Threat Protection, click Options and select View Network Activity...

View Inline Image

 

You will than be presented with the Network Activity screen

View Inline Image

 

An overview of the total amount of incoming/outgoing traffic is shown along with the applications that are currently running and the amount of traffic they're generating.

If you click on the View menu, you will have a few more options to adjust what you would like to see:

View Inline Image

 

Clicking on the Tools menu will also give you some helpful options:

View Inline Image

 

If you select View Firewall Rules... it will bring up a list of all rules, the action, and who it was created by:

View Inline Image

 

This can very helpful when troubleshooting issues suspected to be caused by the firewall. This option is only available when in Mixed mode as already mentioned.

You also have the option to test your network security. This option runs the Norton Security Scan against the client, testing for security holes.

Block All Traffic will immediately stop all traffic. Be careful with this option.

This tool can also be very helpful in looking for suspicious processes that may be running. See this HOWTO to guide you:

http://www.symantec.com/docs/TECH92950

Overall, this is a great tool and I suggest you spend some time exploring its features as it may benefit you greatly.

Filed Under

Tags:

Comments

16
Apr
2013

nice article please provide

nice article please provide more

Ambesh_444
Partner
Accredited
16
Apr
2013

Really nice tool

Really nice tool Brian..

Cheers!!!!Good luck for next.

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

16
Apr
2013

lot of hidden

There are lot of similar features with sep 12.1 which is not used by admins.. let's spread them all

_Brian
Trusted Advisor
Certified
16
Apr
2013

Don't worry, I plan to do

Don't worry, I plan to do more articles on some of the lesser known features within SEP.

Suggestions are always welcome.

Next up will be using the SEP firewall for forensic analysis.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

04
May
2013

Good One....

Good One....

12
Sep
2013

very useful.  As always,

very useful.  As always, great job.