Screencasts - Hilfsvideos

Follow-up: a way to document Symantec Endpoint Protection 11 firewall rules

Created: 07 Mai 2012 • Aktualisiert: 07 Mai 2012 | 3 Kommentare

It was a few years ago when I posted this:

Now what we do is slightly different depending on whether the person is a user of SEPM (an administrator) or one of the Security team, who administrates SEP itself.

If it's an end-user, the same basic process is right, with a twist, I would now recommend that they use XML Explorer instead of Excel to view their rules. XML Explorer makes it much easier to understand and see the raw rules. I could really use a tool though to parse up the XML and make it look like the ruleset you have when you're inside SEPM.

But if it's an administrator of SEPM, we have another cool option, since we have behind-the-scenes access to the files which the clients are downloading... This access allows us to search for IP addresses and subnets in use, so when they are retired or decommissioned then we can be sure they are gone. (Please let me know if you know of a better way though.)

To search the rules (we have some scripts) here are the essentials:

On a web front end server,

cd "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent"

The subdirectories contain XML which is not exactly sent to the client, what the clients actually get seems to be "compiled".

In each directory you can do a "grep" or find for:



"SubNet NetAddr"   if you're looking for subnets

If you want the name of the group the XML applies to, grep for "Path"

Warning: If you copy scripts to the agent directory they may hang because the directories and files seem to be rebuilt on a schedule (5 minutes?) so it's a race condition to get in, get your data, and get out of there. But reading the files this way seems to have no bad side-effects.

I hope this helps someone!

Kommentare KommentareZum neuesten Kommentar

das Bild der Brɨans

Have you seen this:

Default Symantec Endpoint Protection 12.1 RU1 Firewall Policy explanation

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

das Bild der Mohan Babus

Good one 

Mohan Babu

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)

das Bild der Ashish-Sharmas


Check this artical

Default Symantec Endpoint Protection 12.1 RU1 Firewall Policy explanation

Default_FW_Rules.xls 31.5 KB

Thanks In Advance

Ashish Sharma