Endpoint Protection

 View Only
  • 1.  "Always Ask" when opening unknown application, Network Threat Protection

    Posted Mar 17, 2015 06:33 AM

    Hello, 

    I am concerned about the end point Network Threat Protection. It allows every software internet access by default but I would like it to ALWAYS ask me on wether to Allow/Deny a specific application connection if there is not a rule for it already.

     

    I can "View Network Activity" and select an appliation and choose "Ask". Which then asks me wether to allow/deny application. Which is EXACTLY what I want for ALL application that does not have a rule for it.

     

    This is how almost every firewall I know works. 

     

    How can I enable this in endpoint network threat protection?

     

    Thanks



  • 2.  RE: "Always Ask" when opening unknown application, Network Threat Protection

    Posted Mar 17, 2015 06:35 AM

    You can enable this as it is part of network application monitoring

    It's on the Clients page under Policies, see here:

    Setting up network application monitoring



  • 3.  RE: "Always Ask" when opening unknown application, Network Threat Protection

    Broadcom Employee
    Posted Mar 17, 2015 07:27 AM

    Hi,

    SEP does allow every software internet access by default as per firewall rule nuber 25.

    You can change the action from 'Allow' to 'Ask'.

    Applications.jpg

    Or else

    You can configure the client to detect and monitor any application that runs on the client computer and that is networked. Network applications send and receive traffic. The client detects whether an application's content changes.

    An application's content changes for the following reasons:

    1.  A Trojan horse attacked the application.
    2.  The application was updated with a new version or an update.

    If you suspect that a Trojan horse has attacked an application, you can use network application monitoring to configure the client to block the application. You can also configure the client to ask users whether to allow or block the application.

    You may want to disable network application monitoring if you are confident that the client computers receive adequate protection from Antivirus and Antispyware Protection. You may also want to minimize the number of notifications that ask users to allow or block a network application.

    Network Monitoring.jpg

    Network Monitoring-1.jpg



  • 4.  RE: "Always Ask" when opening unknown application, Network Threat Protection

    Posted Mar 17, 2015 08:06 AM

    Thanks for the help guys.

    Is there a way to do it only from the client side?

    I can configure the "Network Threat Protection Settings", which allows me to "Enable network application monitoring" in "Firewall -> Traffic Settings", however, I do not see an option to choose action (Allow/Ask/Block). 

    Also, when I go to Firewall Rules Control, I do not see a way to "Ask". It's only allow or deny.

    ss2.PNG

     

    Firewall Rule:

    ss1.PNG

    Thanks



  • 5.  RE: "Always Ask" when opening unknown application, Network Threat Protection

    Posted Mar 17, 2015 08:08 AM

    I assume this is an unmanaged client? If so, the only way to do it is by what you mentioned in your original post.



  • 6.  RE: "Always Ask" when opening unknown application, Network Threat Protection

    Broadcom Employee
    Posted Mar 17, 2015 08:15 AM

    What options do you get under 'View Application Settings'?



  • 7.  RE: "Always Ask" when opening unknown application, Network Threat Protection

    Posted Mar 17, 2015 01:02 PM

    Yes, this is an unmanaged client. Can someone tell me why they chose not to add this feature that every other firewall has on unmanaged client?

    Under "View Application Settings", the only things I see are: programs and configuration for those specific programs only. Nothing sort of global config that says "Ask all". 



  • 8.  RE: "Always Ask" when opening unknown application, Network Threat Protection

    Posted Mar 17, 2015 01:06 PM

    Couldn't really speculate other than it's an enterprise product meant to be centrally managed. Other than that I wouldn't know...



  • 9.  RE: "Always Ask" when opening unknown application, Network Threat Protection
    Best Answer

    Posted Mar 18, 2015 02:14 AM

    Solved the problem!! On Firewall Settings -> Unmatched IP Traffic Settings -> Check "Prompt before allowing application traffic"



  • 10.  RE: "Always Ask" when opening unknown application, Network Threat Protection

    Broadcom Employee
    Posted Mar 18, 2015 02:31 AM

    Glad to know issue has been resolved.