Endpoint Protection Small Business Edition

 View Only
  • 1.  attack internal network

    Posted Aug 03, 2012 01:04 PM

    Dear, good afternoon.

    There is not any solution for data capture in an attack internal network?

    Looking forward

    Sincerely,

    Fabian



  • 2.  RE: attack internal network
    Best Answer

    Posted Aug 05, 2012 06:28 PM

     

    How to debug the Symantec Endpoint Protection client

    http://www.symantec.com/docs/TECH102412

     

    Enable debugging 

    TSE debugging

    To enable Extended TSE Debugging for Network Threat Protection, stop the SMC process (smc -stop) and import this registry setting.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\TSE]
    "ExtendedDebug"=dword:00000001

    Start the SMC service (smc –start)

         Example from debug.log: 

    01/25 16:46:17 [304:960] TSE extended debugging is turned on. Flag = 

    01/25 16:48:43 [304:592] TSE2415: *********DROP PACKET*********

    01/25 16:48:43 [304:592] TSE: SecurityRule = Block Local File Sharin

    01/25 16:48:43 [304:592] TSE: ApplicationName = C:\WINNT\system32\ntoskrnl.ex

    01/25 16:48:43 [304:592] TSE2417: *** DROP PACKET **

    01/25 16:48:43 [304:592] ======== TsPacket ====== BA: 1 == protocol: 2 === === EtherII Packet=== len:92==== nic:0===== 00-0c-29-4e-d7-c7 ---> ff-ff-ff-ff-ff-ff , protocol = 0x800 ===== IP Packet==== len:78==== 192.168.20.12 --> 192.168.20.255, type: 0x11, Id: 2629, Frg: 0x0 ========= UDP datagram, len: 78==== 192.168.20.12:137 -> 192.168.20.255:137 , DataLen: 5

    01/25 16:48:43 [304:592] TSE2415: *********DROP PACKET********** 

    01/25 16:48:43 [304:592] TSE: SecurityRule = Block and Log Unchecked IP Packets 

    01/25 16:48:43 [304:592] TSE2417: *** DROP PACKET *** 

    01/25 16:48:43 [304:592] ======== TsPacket ====== BA: 1 == protocol: 2 === === EtherII Packet=== len:74==== nic:0===== 00-50-56-c0-00-02 ---> 00-0c-29-4e-d7-c7 , protocol = 0x800 ===== IP Packet==== len:60==== 192.168.20.1 --> 192.168.20.12, type: 0x1, Id: 28535, Frg: 0x0 ===== ICMP Packet==== len:40==== , type: 0x8, Code: 0, Checksum: 0x5a3a

    Check this video yo will get a good view.

    Symantec Endpoint Network Activity Tool

     

    https://www-secure.symantec.com/connect/videos/symantec-endpoint-network-activity-tool

    https://www-secure.symantec.com/connect/forums/need-help-policies-and-network-activity#comment-2713641

    Hope this helps..........



  • 3.  RE: attack internal network

    Posted Aug 06, 2012 02:56 AM

    Muhan, good morning.

    Thank you for your help.

    Sincerely, Fabiano Pessoa



  • 4.  RE: attack internal network

    Posted Aug 06, 2012 06:48 AM

    Use the Network Activity Tool



  • 5.  RE: attack internal network

    Posted Aug 06, 2012 06:55 AM

    Hi Thanks for the help. I am already making arrangements. hugs



  • 6.  RE: attack internal network

    Posted Aug 06, 2012 11:26 PM

    Update me if  you require any further assistance..

    Mark the best answers which resolved your issue...

    Thanks in advance....