Endpoint Protection

 View Only

  • 1.  Block outbound port 25 without using Firewall policy

    Posted May 09, 2012 01:10 AM

    Hello.  I have probably somewhat of a strange situation I'm hoping someone may know an answer to (if there is an answer)

    We just purchased SEPM 12.1 and I am preparing to migrate clients over from McAfee/ePolicy (AV+AS Modules only).  This is a big project so I am taking things in stages.  First will be deployment of the SEP client with AV rules enabled.  Once we have everything migrated, I'll start implementing the Firewall and the other protections.

    McAfee's AS client has some very basic port blocking functionality including what they call 'Prevent mass mailing' which blocks outbound port 25.  I'm looking for a way to prevent outbound port 25 from being used in between getting the SEP client installed and deploying the firewall policy which could take 2-3 months to complete.  One option I'm looking at is adding it to the Windows Firewall but I would rather not do that if I don't have to.

    Any ideas? 



  • 2.  RE: Block outbound port 25 without using Firewall policy

    Broadcom Employee
    Posted May 09, 2012 01:34 AM

    if you block port 25 SMTP will not work, you may also cannot send a mail using SMTP.



  • 3.  RE: Block outbound port 25 without using Firewall policy

    Trusted Advisor
    Posted May 09, 2012 11:48 AM

    Hello,

    As I see in your case, during Transition period, there is not much of a choice other than blocking via IPSec. Check this: http://support.microsoft.com/kb/813878

    Again, agreed with pete's comment above.

    However, once the Migration is complete in Symantec Endpoint Protection, it has Internet Email Auto-Protect, which protects both incoming email messages and outgoing email messages that use the POP3 or SMTP communications protocol over the Secure Sockets Layer (SSL). When Internet Email Auto-Protect is enabled, the client software scans both the body text of the email and any attachments that are included.

    You can enable Auto-Protect to support the handling of encrypted email over POP3 and SMTP connections. Auto-Protect detects the secure connections and does not scan the encrypted messages. Even if Internet Email Auto-Protect does not scan encrypted messages, it continues to protect computers from viruses and security risks in attachments.

    File System Auto-Protect scans email attachments when you save the attachments to the hard drive.

    Reference:http://www.symantec.com/docs/HOWTO27134

    Hope that helps!!



  • 4.  RE: Block outbound port 25 without using Firewall policy

    Posted May 09, 2012 01:15 PM

    If your clients are windows XP, it can be done.  If your clients are windows Vista/7 it has to be done through Windows Firewall or through SEPM Firewall.

    You could of course, flush all the default Firewall rules in SEPM and add a firewall rule to just block port 25... 



  • 5.  RE: Block outbound port 25 without using Firewall policy

    Posted May 09, 2012 04:03 PM

    Thanks for the replies everyone.  We're just going to re-think our deployment plan.