Video Screencast Help

Can SNAC block clients with no SEP installed?

Created: 05 Apr 2013 • Updated: 09 Apr 2013 | 6 comments
This issue has been solved. See solution.

Hello dear sir/madam,

I need your help and advice to be sure in next,

can SNAC block clients with no antivirus (exactly, SEP) installed? I mean, can a SNAC integrated SEPM prevent packet translating of such computers in the network? (No gateway enforcer installed on the network)

thank you very much friends

Operating Systems:

Comments 6 CommentsJump to latest comment

ᗺrian's picture

Yes, you can do this with a SNAC policy in the SEPM


SEP and SNAC - An Unbeatable Combination

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ambesh_444's picture


Yes you can configure,

Please check with these articals..

What all can you do with Symantec Network Access Control?

Creating and testing a Host Integrity Policy

First you can Create policy

Check this artical.

Creating and testing a Host Integrity Policy

Check this thread

Thank& Regards,


"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

SMLatCST's picture

I'm going to go against the flow heresmiley and say that, unfortunately, you cannot prevent access to the network without some form of enforcement.

While SNAC on it's own can easily detect if there is an AV client installed (as per the above posts), it cannot (by itself) block network access.  For the blocking of network access, you need at least one of the below:

  • SEP Client (including the Firewall) installed, but this immediately negates the SNAC check anyway so is irrelevant
  • DHCP Enforcer
  • Gateway Enforcer
  • LAN Enforcer
  • Integrated Enforcer for NAP

What SNAC can do, without any of the above, is to kick off an install of your preferred AV (in your case SEP), but it does mean you'd need to be in the odd position of having the SNAC client installed, but not the SEP Client.

The more common scenario admins look to remediate, is if neither SNAC nor SEP are installed.  In which case, an enforcer (Gateway/Lan/etc.) is required.  This kind of check and remediation requires you look into the full SNAC license.

Is this an option?

Chuck Edson's picture

SMLatCST is correct.  Without an Enforcer, you cannot enforce the rules you set up.

There has to be something to block access to the network.

If a post helps you, please mark it as the solution to your issue.

Detroit2Baku's picture

Thank you guys for your help, i will dig more to find a solution for this case, with or without SEP :)

best regards :)