Endpoint Protection

Does anyone know if it's possible to create custom network connection type in SEP 11.0.4? We need to create one based on VMWare Virtual NIC and even though I can add a new NIC, I can't find a way to add a new connection type to be used in Locations criterea.
For those wondering WHY I would need to do this, we have a policy that disables bridging between wireless and wired networks on endpoint machine. So the policy says that when connection type is Ethernet AND connection type is Wireless at the same time, block all access via the firewall rule. This works fine on machines without VMware apps installed, but if you have either VMWare Server or Workstation installed, Virtual NICs are created and they reside on their own private network. Well, guess what? SEP sees these NICs as connected and will treat them as Ethernet, as it should, and will block all traffic on machine that has Wireless AND Virtual NIC enabled. I'm trying to figure out a way to exclude VMWare Virtual NICs from this.

Thanks!

You can set an exclusion for the Virtual NIC.
To obtain the Device ID of the virtual NIC for exclusion purposes, Symantec offers a tool, somewhere on the CD, can't remember where though.  IT simply extracts this data either way, the same information can be found by going to the "device manager".

In the device manage, right click on the Virtual NIC and properties. 
In properties go to the "Device" tab.
Use the drop down box to go to "Matching Device ID".

Use this to make an exception in the SEPM Console. 
device ID's are almost always the same for Hardware.  Since this is a Virtual NIC it shoud be the same all the time.

Hope that helps.

Hi,

        The information provided above is right ..let me further help you..I am attaching a screen shot. Please go to the CD2 folder ..Tools/NoSupport/DevViewer....this toolwill help you get the device id.

Gentlemen,
Thank you both for replying. I am aware of a way to exclude the NIC by eithere device ID or, in my case below, I am excluding it by using a registry search for a VMNet service that is installed by VMWare.
My problem is a little different. If I exclude machines with VMWare NICs installed, the exclusion is global per machine. In other words, my policy says that if machine has Wired and Wireless connected at the same time, and VMNet service is not installed -- go ahead and Quarantine it, but if VMNet service is present, do NOT. The issue is that *ANY* machine with VMWare installed will be able to bridge as a result of this policy.
I need to be able to intelligently *exclude* VMWare NIC from this checking while still maintaining the other checks that prevents user from bridging. So far I can't figure out what to allow and what to exclude to make it happen.

Thanks!

Hi,

       As of now we dont have a ready solution for you however we will keep you informed as and when its available for this particular scenario