Video Screencast Help

Overview of the SEP Network Activity Tool

Created: 10 Apr 2013 • Updated: 10 Apr 2013 | 6 comments
Language Translations
.Brian's picture
+15 15 Votes
Login to vote

The Network Activity Tool in SEP is a very simple, yet extremely helpful tool. The purpose of this tool is simply to show the incoming/outgoing traffic of the applications running on the system. In order to use it, you need to have the NTP component installed and a firewall policy assigned to the client. Also, to get the most benefit from it, the client should be in Mixed mode. To set the client to Mixed mode, login to the SEPM and go to the Clients tab. Select the group the client is in. Click on the Policies tab. Under Location-specific Policies and Settings, click the + sign next to Location-specific Settings. To the right of Client User Interface Control Settings, click Tasks >> Edit Settings. Check the radio button for Mixed Mode than click Customize. For the purposes of this article, I have set all radio buttons to Client. This is not recommended as it gives the end users full control. I only did this for ease of use in writing the article. Once finished, Click OK to save the changes and let the policy update take affect on the client.

In order to access the Network Activity Tool, open the SEP GUI. Next to Network Threat Protection, click Options and select View Network Activity...

1.JPG

 

You will than be presented with the Network Activity screen

2.JPG

 

An overview of the total amount of incoming/outgoing traffic is shown along with the applications that are currently running and the amount of traffic they're generating.

If you click on the View menu, you will have a few more options to adjust what you would like to see:

3.JPG

 

Clicking on the Tools menu will also give you some helpful options:

4.JPG

 

If you select View Firewall Rules... it will bring up a list of all rules, the action, and who it was created by:

5.JPG

 

This can very helpful when troubleshooting issues suspected to be caused by the firewall. This option is only available when in Mixed mode as already mentioned.

You also have the option to test your network security. This option runs the Norton Security Scan against the client, testing for security holes.

Block All Traffic will immediately stop all traffic. Be careful with this option.

This tool can also be very helpful in looking for suspicious processes that may be running. See this HOWTO to guide you:

http://www.symantec.com/docs/TECH92950

Overall, this is a great tool and I suggest you spend some time exploring its features as it may benefit you greatly.

Comments 6 CommentsJump to latest comment

Sudarshan@123's picture

nice article please provide more

+1
Login to vote
Ambesh_444's picture

Really nice tool Brian..

Cheers!!!!Good luck for next.

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

+1
Login to vote
Haridass shanthakumar's picture

There are lot of similar features with sep 12.1 which is not used by admins.. let's spread them all

+1
Login to vote
.Brian's picture

Don't worry, I plan to do more articles on some of the lesser known features within SEP.

Suggestions are always welcome.

Next up will be using the SEP firewall for forensic analysis.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote
CARLOSMJ's picture

Good One....

+1
Login to vote
nwranich's picture

very useful.  As always, great job.

+1
Login to vote