Good question!
Many have asked this, but there is no answer from Symantec. In my opinion allowing all apllication to access the Internet by default is a security problem (leakage).
As for the managed clients, you can edit the preconfigured firewall rule "Allow All Applications" and change it to "Ask" from "Allow", but then each time you restart your machine the firewall will "Ask" you again for the same applications that you have permited before.
Even if you create some rules in applications rules, eg permit only outbound traffic for browsers or permit traffic from specific IP's for a server application, the rules will be lost after a reboot. The firewall is not able to remember.
So until know you can have an unmanaged client which is tottaly unprotected from leakage or a managed client unable to remember the Application Rules list.:smileymad:
edit: Forgot to mention that the client's manual in the Network Activity window help page (or in the pdf) says that there are three options in the graphical user interface (allow,ask,block) which i am unable to configure even from the SEP Manager.
Running Applications
Displays a list of the applications and services that currently run on your computer.
You can run several commands on the application or service. Each command displays the following status on the application’s icon:
Allow
Icon appears normal, with no marks. A blue dot appears on the lower left-hand corner of the icon when the application receives traffic. When the application sends traffic, the blue dot appears on the lower right-hand corner.
Ask
Icon appears with a small, yellow question mark.
Block
Icon appears with a red circle and crossed-out mark.
Where is the icon with the yellow question mark?ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/11.0/manuals/client_guide.pdf
Client Guide PDF, page 12312 In the View Applications List dialog box, to change the action, right-click the
application, and then click
Allow, Ask, or Block.
13 Click OK.
You can also change the action for the application from the Network Activity
dialog box.
To change an application's action from the Network Activity dialog box
1 In the client, in the sidebar, click Status.
2 Beside Network Threat Protection, click Options > View Network Activity.
3 In the Network Activity dialog box, in the Running Applications field,
right-click the application or service, and then click
Allow, Ask, or Block.
4 Click Close.
Where are the options? Am i missing something?
Message Edited by Hans on
10-15-2007 06:19 PMMessage Edited by Hans on
10-15-2007 06:22 PMMessage Edited by Hans on
10-15-2007 06:23 PM