Video Screencast Help

block msn

Created: 22 Jul 2009 • Updated: 21 May 2010 | 29 comments

I cannot block windows live messenger with symantec endpoint manager.I have try Firewall policies, Device and Control but it won't work. Maybe i missing something. I need solution for this one.

Discussion Filed Under:

Comments 29 CommentsJump to latest comment

Vikram Kumar-SAV to SEP's picture

How are blocking it..I means how are you creating the policy?
On the client do you have SEP with all the features installed and communicating with SEPM? 

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Thomas K's picture

View the MS KB for Live Messenger ports and URL's used.

http://support.microsoft.com/default.aspx/kb/927847

Create a FW rule that blocks traffic to the login.live.com domain (https://Login.live.com).

Ooyala - Check us out!

Monkeyhead's picture

first i set the policy in (Appliction and device control-block application from running-block these application(properties)-(wlcomm.exe(enable drive type)and  msnmsgr.exe (enable drive type).
I try to configure with firewall rule but it won't work. pls show me how to configure.

Vikram Kumar-SAV to SEP's picture

Use the default template to block applications.
Give the location for wlcomm.exe..set the action to terminate.

 http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/7049d06ba3c9e86f802573620054d9c2?OpenDocument

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Vikram Kumar-SAV to SEP's picture

Add Rule--Application--give the location or just name of the exe.
Select the action block after applying this policy.Move it up to the top 7 rules. 

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Monkeyhead's picture

hello vikram kumar
i try all your solution but it won't work. How could this happen. Is there another way to block window live messenger?

Vikram Kumar-SAV to SEP's picture

Is it  not blocking MSN ..or its not blocking anything at all try to block something else..to check if the problem is something else?

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Monkeyhead's picture

I have try another application but it same.

Vikram Kumar-SAV to SEP's picture

Either something is wrong in the policy or policy is not applied on the right group..
May the client is not receiving the policy 
Or Firewall and Application and device control is not enabled on these clients..

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Monkeyhead's picture

the policy is affected the user. all the firewall, appliction and device is enable on these client.I don't know how to fix that problem.

Vikram Kumar-SAV to SEP's picture

Can you post your policy screenshots

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Vikram Kumar-SAV to SEP's picture

I meant to say..Can you edit your Application and device control policy & Firewall policy and show how have you made changes in that..

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Vikram Kumar-SAV to SEP's picture

The firewall policy looks fine..except i cant see what have entered for hosts..

Application Control policy is wrong.

In the policy3 screenshot there should be only * and nothing else

also uncheck that sub processes..check box

I have exported a working application control policy to block notepad.exe
You can import and and check it,
 

http://www.megaupload.com/?d=BTOBZB8Z

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Monkeyhead's picture

I choose local/remote. I set local host for symatec endpoint manager IP and Remote host is my IP address.
I try your application control but it doesn't block.

Monkeyhead's picture

I choose local/remote. I set local host for symatec endpoint manager IP and Remote host is my IP address.
I try your application control but it doesn't block. I can write and save the notepad.

Peterpan's picture

I think you should reinstall or upgrade you SEP client, I believe that the policy canot be override. let me know how it goes

:-)

Vikram Kumar-SAV to SEP's picture

Check on the client has it updated the policy

check this registry entry to know if Application and Device control is enabled..
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysPlant and the vlaue of Start should be 1.

On the client itself go to View Logs--Client Management-System Logs..and check when was the policy applied..reboot the client once to make sure the policy is applied and working.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Monkeyhead's picture

Peterpan and vikram kumar

Today i uninstall the previous version and  upgarde the latest version of symantec endpoint protection 11.0.4000  .And i try all of your solution but it doesn't make any change.I check the Client Management-System Logs and the policy is applied and in the registry Application and Device Control is enable.My Symantec Endpoint Manager is Window XP and all Client are Window Vista.All the windows are 32 bit version.Do you have any idea?

Vikram Kumar-SAV to SEP's picture

http://www.megaupload.com/?d=W45EARNL

There is a new Working Application control policy for blocking notepad from SEPM ( dat file)
And the clients policy profile (xml)
Test it and let me know if it is working..in your test environment.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Monkeyhead's picture

I try your working application control policy in SEPM and the client policy profile in client PC.After that my client machine cannot ping any other machine. And the green dot is disable.

Vikram Kumar-SAV to SEP's picture

It would be after applying Client policy..since it was my Test Machine..so i will have to check was policy I had for the Firewall...You can any time export a working policy and import it..
But is the Application Control Policy working ? it it blocking the notepad ?

Also make sure you also test it from the SEPM..

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

mon_raralio's picture

https://www-secure.symantec.com/connect/forums/how...

“Your most unhappy customers are your greatest source of learning.”

Vikram Kumar-SAV to SEP's picture

Read the discussion posted by mon raralio above ...to get a better idea about how it works.. 

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

ShadowsPapa's picture

Policies tab on the left, under view policies on the screen, choose intrusion prevention, then exceptions. Many IM services are listed, enable and choose block.
MSN messenger login for example is #20015 in the list.

Monkeyhead's picture

Hello
I fix it.I block msn with File Fingerprint.I output hash id for live messenger with checksum.exe. Right now i can block the client.thank you  for helping me vikram.

mon.raralio froum is help me to fix that problem too.

mon_raralio's picture

Could you post the MD5 hash ID on the link I provided. It would greatly help the community. Thanks in advance.

“Your most unhappy customers are your greatest source of learning.”

Monkeyhead's picture

Here is the MSN Live Messenger version 2009(Build 14.08064.206) MD5 HASH ID

16c3811f3a5cd8ea7030a42a75892136