Network Access Control

 View Only

  • 1.  Can SNAC block clients with no SEP installed?

    Posted Apr 05, 2013 04:34 AM

    Hello dear sir/madam,

    I need your help and advice to be sure in next,

    can SNAC block clients with no antivirus (exactly, SEP) installed? I mean, can a SNAC integrated SEPM prevent packet translating of such computers in the network? (No gateway enforcer installed on the network)

    thank you very much friends



  • 2.  RE: Can SNAC block clients with no SEP installed?

    Posted Apr 05, 2013 07:55 AM

    Yes, you can do this with a SNAC policy in the SEPM

    https://www-secure.symantec.com/connect/forums/what-are-extra-benifits-i-will-get-if-i-use-snac-sep

     

    SEP and SNAC - An Unbeatable Combination

    https://www-secure.symantec.com/connect/articles/sep-and-snac-unbeatable-combination

     



  • 3.  RE: Can SNAC block clients with no SEP installed?

    Posted Apr 05, 2013 08:00 AM

    Hello,

    Yes you can do this for SNAC.

    https://www-secure.symantec.com/connect/forums/snac-2

    https://www-secure.symantec.com/connect/forums/snac-implementation-doubts



  • 4.  RE: Can SNAC block clients with no SEP installed?



  • 5.  RE: Can SNAC block clients with no SEP installed?
    Best Answer

    Posted Apr 05, 2013 10:00 AM

    I'm going to go against the flow heresmiley and say that, unfortunately, you cannot prevent access to the network without some form of enforcement.

    While SNAC on it's own can easily detect if there is an AV client installed (as per the above posts), it cannot (by itself) block network access.  For the blocking of network access, you need at least one of the below:

    • SEP Client (including the Firewall) installed, but this immediately negates the SNAC check anyway so is irrelevant
    • DHCP Enforcer
    • Gateway Enforcer
    • LAN Enforcer
    • Integrated Enforcer for NAP

    What SNAC can do, without any of the above, is to kick off an install of your preferred AV (in your case SEP), but it does mean you'd need to be in the odd position of having the SNAC client installed, but not the SEP Client.

    The more common scenario admins look to remediate, is if neither SNAC nor SEP are installed.  In which case, an enforcer (Gateway/Lan/etc.) is required.  This kind of check and remediation requires you look into the full SNAC license.

    Is this an option?



  • 6.  RE: Can SNAC block clients with no SEP installed?

    Posted Apr 05, 2013 11:05 AM

    SMLatCST is correct.  Without an Enforcer, you cannot enforce the rules you set up.

    There has to be something to block access to the network.



  • 7.  RE: Can SNAC block clients with no SEP installed?

    Posted Apr 09, 2013 01:30 PM

    Thank you guys for your help, i will dig more to find a solution for this case, with or without SEP :)

    best regards :)