Endpoint Protection

From what I have read here this is no longer possible using SEP 11.0 on an unmanaged client. I think this was a major oversight on Symantec's part with regard to SEP concerning unmanaged clients. Hopefully this will be resolved in the next revision of SEP (or in a future update to SEP, I don't know how much code would need to be updated in order to allow access to this feature on an unmanaged client).

Good question!

Many have asked this, but there is no answer from Symantec. In my opinion allowing all apllication to access the Internet by default is a security problem (leakage).

As for the managed clients, you can edit the preconfigured firewall rule "Allow All Applications" and change it to "Ask" from "Allow", but then each time you restart your machine the firewall will "Ask" you again for the same applications that you have permited before. Even if you create some rules in applications rules, eg permit only outbound traffic for browsers or permit traffic from specific IP's for a server application, the rules will be lost after a reboot. The firewall is not able to remember.

So until know you can have an unmanaged client which is tottaly unprotected from leakage or a managed client unable to remember the Application Rules list.:smileymad:

edit: Forgot to mention that the client's manual in the Network Activity window help page (or in the pdf) says that there are three options in the graphical user interface (allow,ask,block) which i am unable to configure even from the SEP Manager.

Running Applications

Displays a list of the applications and services that currently run on your computer.

You can run several commands on the application or service. Each command displays the following status on the application’s icon:

ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/11.0/manuals/client_guide.pdf

Client Guide PDF, page 123

12 In the View Applications List dialog box, to change the action, right-click the
application, and then click Allow, Ask, or Block.
13 Click OK.
You can also change the action for the application from the Network Activity
dialog box.
To change an application's action from the Network Activity dialog box
1 In the client, in the sidebar, click Status.
2 Beside Network Threat Protection, click Options > View Network Activity.
3 In the Network Activity dialog box, in the Running Applications field,
right-click the application or service, and then click Allow, Ask, or Block.
4 Click Close.

Where are the options? Am i missing something?



Message Edited by Hans on 10-15-2007 06:19 PM

Message Edited by Hans on 10-15-2007 06:22 PM

Message Edited by Hans on 10-15-2007 06:23 PM