Video Screencast Help
As we strive to continually improve your experience on our site, please help us by taking this survey and tell us about your satisfaction level using Symantec Connect. One lucky winner will receive 500 Connect points! * Take the survey.

Firewall and Application Control Policy to Block Peer to Peer Applications

Created: 11 Nov 2009 • Updated: 14 Nov 2009 | 18 comments
Vikram Kumar-SAV to SEP's picture
+18 18 Votes
Login to vote

  I have attached the Firewall and Application Control policy  Policy to Block Peer to Peer Applications as per this article

.https://www-secure.symantec.com/connect/articles/what-do-p2p-applications-do-and-how-block-peer-peer-applications-p2p-using-symantec-endpoin

Import the Policy from your Symantec Endpoint Protection Manager and Assign it to the groups you want.

Note:Default Template has been taken for both the Policies only addition is the new Firewall rule was added for P2P applications and Block Application from running have been modified for blocking P2P applications.

Comments 18 CommentsJump to latest comment

Naor Penso's picture

Thumbs UP from me :)

For Forum threads, please click "Mark as Solution" if answered.
For all content, please give a thumbs up if you agree with or support the post.
Thanks :)

0
Login to vote
jomargonzales's picture

Thanks for the policy!

Jomar Gonzales

0
Login to vote
Prashant Thumar's picture

Thanks a lot for such a valuable information.

Regards,

Prashant Thumar

0
Login to vote
illusion's picture

Template has been taken for both the Policies only addition is the new Firewall rule was added for P2P applications 

0
Login to vote
cmptekinc's picture

Hey guys,

I followed the instructions above as well as in the link that Vikram provided, it does seem to work. Tested with installing Limewire, it did actually install but failed to connect.. good....
My issue is that I don't receive an e-mail alert when this rule blocks files listed in the rule....
I checked and verified that my e-mail address is setup  in Admin > Edit Administrator Properties
I also selected "Send e-mail alert" in the properties of the rule itself.
Am I missing something ?

Thanks in advance.

0
Login to vote
brett.simpson-123's picture

So I run into an issue where users rename the offending exe's after they download them (those that can function with a single exe). Wouldn't it be better for the App policy to block the file and folder access attempts to the named files rather than to do a process block? Or would you need both to prevent it from launching and from changing the file?

0
Login to vote
AR Sharma's picture

Useful Stuff

Thanks & Regards,

AR Sharma, CISSP

IBM Certified System Admin- Lotus Domino V7

ITIL V2 Certified

0
Login to vote
kishorilalWipro's picture

Hi Vikram sir,

valuable applications, can you provide some information while implementing the SEPM and SEP on endpoints. how it can be configured to perform best other than virus defination updates which is must.

Regards

Kishorilal

0
Login to vote
symuser20's picture

Hi,

Came across this thread. I understand this is quite an old thread. I tried to import the policy but it presented an error:

Failed to import policy.

Error: Invalid import file.

 i am using SEPM 12.1. Any suggestions ?

0
Login to vote
ℬrίαη's picture

Works fine for me on 12.1.5.

You unzipped and tried to import the .dat file?

​​

0
Login to vote
symuser20's picture

yes. Tried to import application and device control policy when i got the mentioned error.

0
Login to vote
SymSpec's picture

Does this also works for 12.1.6 ? I tried using IPS to block P2P traffic but there wasnt any effect utorrent was still able to download though on the client I was getting the notifications that P2P traffic has been detected and SEP is blocking it , but there wasnt any effect on the downloading.

0
Login to vote
ℬrίαη's picture

That's probably because it just switched to a different tracker. But yes this still works.

​​

0
Login to vote
SymSpec's picture

Hi Brian , thanks for your reply but for some reasons it is not working for me. The download still keeps on going in parallel with the IPS rules triggering. 

0
Login to vote
ℬrίαη's picture

Without knowing or seeing your setup I'm working blind here.

SEPM IPS policy has a default IPS rule to detect Tor that you need to set to block?

ID 22862 and ID 27315

Did you apply the firewall rule attached in this thread?

​​

0
Login to vote
SymSpec's picture

Hi Brian , In IPS policy in exceptions for whole P2P catogery I have set it to block.

Now on client when I start running utorrent client I see the notifcations that SEP IPS is detecting and blocking P2P traffic but on the utorrent client it is succesfullly downloading without having any interuption or dropping the connection. 

0
Login to vote
ℬrίαη's picture

and the client has the IPS component enabled and latest policy?

​​

0
Login to vote