Endpoint Protection

 View Only

  • 1.  Can you block SSL 3.0 via Symantec Endpoint Protection?

    Posted May 21, 2015 10:43 AM

    We have SEP 12.1.4.  We are looking for a quick method to block SSL 3.0 and we wanted to know if SEP could be used to do this.



  • 2.  RE: Can you block SSL 3.0 via Symantec Endpoint Protection?

    Posted May 21, 2015 10:44 AM

    You could write a custom IPS signature which is challening. Aside from that I don't believe any of the other features would get it done.



  • 3.  RE: Can you block SSL 3.0 via Symantec Endpoint Protection?

    Posted May 21, 2015 12:44 PM

    An Audit Signature designed to detect usage of the SSL 3.0 protocol has been released for Symantec Endpoint Protection (SEP). Audit Signatures do not block traffic associated with these non-malicious applications, but empower SEP administrators to learn which endpoints in their network are running such software in case it is something that is not desired on the corporate network. The administrators can take action as they see fit.

     

    https://www-secure.symantec.com/connect/forums/poodle-attack-siganture



  • 4.  RE: Can you block SSL 3.0 via Symantec Endpoint Protection?

    Posted May 21, 2015 12:47 PM

    Nice, forgot about this! Thanks for the reminder.
     



  • 5.  RE: Can you block SSL 3.0 via Symantec Endpoint Protection?

    Posted May 22, 2015 11:19 AM

    Thanks.  I enabled the signature on some machines.  How do I check the logs for it from the SEP console?



  • 6.  RE: Can you block SSL 3.0 via Symantec Endpoint Protection?

    Posted May 22, 2015 11:26 AM

    It will show in the NTP >> Attacks logs from the Monitors page