Endpoint Protection

 View Only
  • 1.  Blocking binaries to connect to the internet using umananged SEP client ?

    Posted Jun 02, 2014 08:37 AM

    Hi All,

    I'm using SEP clients v12.1.2015 unmanaged in some remote Office location.

    How can I block some type of binaries to connect to the internet ?

    Thanks



  • 2.  RE: Blocking binaries to connect to the internet using umananged SEP client ?
    Best Answer

    Posted Jun 02, 2014 08:38 AM

    You can create a firewall rule to do this. For unmanaged:

    • Open the SEP GUI
    • Under NTP select Options >> Configure Firewall Rules
    • Click Add
    • Create a Rule name and make sure it's set to "Block this traffic"
    • Edit the Hosts and Ports and Protocols tab for more granularity
    • On the Applications tab select which app you want to block traffic to/from
    • Click OK and move the rule to the top of the stack


  • 3.  RE: Blocking binaries to connect to the internet using umananged SEP client ?

    Posted Jun 03, 2014 12:37 AM

    So no matter how the binary got renamed or moved to different location, would this still FW rule be enforced or applicable ?



  • 4.  RE: Blocking binaries to connect to the internet using umananged SEP client ?
    Best Answer

    Posted Jun 03, 2014 04:24 AM

    If you identified the application by file fingerprint, then it would be matched regardless of name or folder location.

    Identifying by file fingerprint is very accurate, but does not account for multiple versions (as they'd each have a different fingerprint).

    Don't forget you can use the "Add From" button in the "Applciations" section of the FW Rule creation, to load a list of application known by your SEPM.  This list is generated from clients in groups that have the "Learn Applications that run on the client computers" option enabled in the "Communications Settings".



  • 5.  RE: Blocking binaries to connect to the internet using umananged SEP client ?

    Posted Jun 03, 2014 07:57 AM

    Cool, many thanks !