Video Screencast Help

Does Endpoint Protection 2013 have central firewall logging?

Created: 04 Oct 2012 • Updated: 05 Oct 2012 | 4 comments
This issue has been solved. See solution.

We're looking at evaluating endpoint protection products and during our eval we have a need to put the firewall in logging mode and have it report back centrally to the admin interface so that we can see what has been blocked (incoming/outgoing) or allowed on certain machines.

It doesn't appear that MS FEP can do this (firewall logs seem to be stored locally on the machine).

Same thing with McAfee HIPS (firewall logs are located on the machine itself)

Anyone know if Symantec's product can log these back to the admin interface (in the database of course) so that you don't have to manually fetch them from each machine?

Discussion Filed Under:

Comments 4 CommentsJump to latest comment

pete_4u2002's picture

the SEPM console manages the firewall rules for managed clients. The logging/block/allow (actions) can be set here.

Once the client gets the policy considering you have set the rules to log, during the client heartbeat the client upload it's logs which will have the logged details.

kjhurni's picture

Thanks Pete, that does appear to do what we would want it to do.