Video Screencast Help

Blocking websites

Created: 13 Dec 2011 • Updated: 13 Dec 2011 | 22 comments
SKP's picture

Kinldy help me to block particular Website .I had followed the video provide by mudit kumar but it is not working.I had tested it on SEPM 12.1

Comments 22 CommentsJump to latest comment

Marius Salay's picture

Hello,

Have a look at this! ;-)

http://www.symantec.com/business/support/index?page=content&id=TECH92405&actp=search&viewlocale=en_US&searchid=1323777286693

According to this, you should be able to create firewall rules to block the website.

 

Regards,

Marius

SKP's picture

I had tried the same but not working

Marius Salay's picture

What does "not working" mean? Are the users able to access the site? Or do you get errors?

Marius Salay's picture

You may test blocking traffic to ALL websites by following this article:

http://www.symantec.com/business/support/index?page=content&id=TECH95248&actp=search&viewlocale=en_US&searchid=1323777286693

Let me know if that works!

 

Regards,

Marius

Mithun Sanghavi's picture

Hello,

A Quick Note: It is important to have the Application and Device control and Firewall Installed on each Client machine. 

Here are few Articles for the same:

How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients
 
 
How to block all website and allow only certain websites using Network Threat Protection Firewall rule.
 

 

There are few Threads on the same issue as well, I would suggest a quick look into the same.

https://www-secure.symantec.com/connect/forums/custom-ips-signature-website-blocking

https://www-secure.symantec.com/connect/forums/how-block-access-specific-websites-both-url-and-ip-address

https://www-secure.symantec.com/connect/forums/website-blocking-custom-ips-signatures

 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SKP's picture

User can able access the site .kinldy find the policy file attached below

AttachmentSize
Google Block.zip 11.83 KB
pete_4u2002's picture

have you checked the polciy been taken by client? have you restarted the client?

SKP's picture

Policy taken by client but not restarted

Marius Salay's picture

Restart your client and try again to access to website!

Marius Salay's picture

Import, distribute, restart, try again!

AttachmentSize
Google Block.zip 174 bytes
SKP's picture

Getting error while importing the dat file Error:Invalid import file

Marius Salay's picture

my mistake! Try again with the new file...

AttachmentSize
Google Block.zip 11.67 KB
Marius Salay's picture
  • Change rule, enter DNS domain as: *.*google*.*
  • enable logging
  • distribute to client
  • flush DNS Cache of test machine
  • try again
Marius Salay's picture

Check traffic log of the affected machine.

Attach it to this thread.

ShadowsPapa's picture

Firewall rules only work under certain conditions, and I've not had good luck with the domain blocking in SEP. For one thing, with the akaimi or whatever it's called, the IP addresses are shared. I tried to block ebay's addresses (there are a lot of them) and ended up Walmart and many other sites got blocked because of the server and address caching with the akaimi or whatever it's called.

HOWEVER, the URL won't change - say there's malware that's on www.mymalware.com and folks get redirected to that or it's a link in email and you want to block it. So you find the IP, put it in the firewall and block it today. That works for this morning - but the malware folks know they've been found out and folks are blocking them so they move to a different server........ SAME URL, different server and IP. NOW your great firewall rule won't do anything.

Enter Custom IPS signatures!

Policies, Intrusion Prevention, Custom Intrusion prevention policies

and here is a rule that blocks a phishing site:

rule tcp, dest=(80), saddr=$LOCALHOST, msg="Amazon phishing site", content="bfgzdxbj.info"

You can block specific or multiple or all ports, set specific source addresses, the content can contain a simple URL string, or be more complex as needed. They have some decent documents on creating custom IPS rules here somewhere - but I'm fighting a few fires here so don't have a lot of time to dig and post 'em sorry..........

 

Marius Salay's picture

Well, IPS is not my darling...but here are some of the links ShadowsPapa mentioned:

Creating Custom IPS Signatures:

http://www.symantec.com/docs/HOWTO18301

About Custom IPS Signatures:

http://www.symantec.com/docs/HOWTO18308

Also have a look to this Connect-Thread:

Block Web Sites

https://www-secure.symantec.com/connect/forums/block-web-sites

;-)

Mohankumar's picture

 

1. Block particular site by Symantec Endpoint protection:
2. Choose particular Group and select policies
3. Uncheck Inherit Policies check box
4. Click on Firewall Policies and click on "Creat Non Shared policies from copy"
5. Select Rules opton which on Leftside
6. And then click on Add Rule and Click on Next
7. Select Accroding to the requirements
8. Select Host to Block particular site or system or Ip address
9. Select Accroding to the requirements
10.For Example : Here I want to block Facebook site
11.Select DNS domain
12. Provide the site name as below and click on next
13. For example Type *.facebook.com and Click on Finish
14. Rule 0 is created
15. Select rule 0 and right click in the action column and select Block / Allow as per the requirements:
16. To block/allow particular Port , click on Services column
17. To block/allow any application , Click on application coloumn
 
 
Mick2009's picture

Followers of this thread may be interested in this new whitepaper:

Scams and Spam to Avoid on Facebook

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/scams_and_spam_to_avoid_on_facebook.pdf

Please do keep yourselves (and any FB fans on your office network!) informed and secure!

With thanks and best regards,

Mick