Endpoint Protection

hi, all
I need a guide,knowledge to block https sites like https://www.youtube.com, https://twitter.com, https://www.facebook.com etc. etc.

I tried to block through both Symantec firewall and Symantec intrusion prevention. All policies are working fine with http sites but not with https. I tried to change the services in firewall part with 80,443, and application specific like "iexplore.exe,chrome.exe,firefox.exe" and even 'any' also, but no effect. I mean sometimes it is blocking and mostly not. It's not behaving properly. One day when I am changing services from 'any' to '80,443' and after deploying to a client it worked but very next day again all are opening.

The intrusion prevention signature is as follows :
[rule tcp, dest=(80,443,8080,7070), msg="",content="www.facebook.com"]
[rule tcp, dest=(80,443,7070,8080), msg="",content="www.youtube.com"]

firewall policy as follows :

Is there any trick that I am missing ! Is there anybody to guide !

Thanks in advance.
Manas

check this link

Block certain websites

http://www.symantec.com/business/support/index?page=content&id=TECH95248

https://www-secure.symantec.com/connect/articles/how-block-internet-address-sep-manager-firewall-rule

Blocking a Website using Symantec Endpoint Protection

http://www.symantec.com/docs/TECH92405          

How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients

http://www.symantec.com/docs/TECH92097

Hello,

Follow these steps as you do not want the users to visit to any website except for certain sites no matter what browser they use.

Solution

The above configuration can be done by creating only 2 firewall rules. Please follow the below steps to configure the rules.

1. Go to Firewall policy > Rules.

2. Click on Add Rule button. Select Host > Next > From Address Type drop down menu select DNS domain.

3. Select DNS Domain as *.* then Click Next > Click Finish.

4. Once the rule is created, highlight the New Rule. Go to Service column, right click and edit, then select Add. The rule will be TCP, Source/destination with remote port 80,443 click ok and ok again. Then go to Action column and make it set to "Block".

The above rule is to block all the websites. To create a rule to allow only selected websites, please follow the steps below.

1. Go to firewall policy> Rules.

2. Click on Add Rule. Select Host > Next > From Address Type drop down menu select DNS domain.

3. Enter DNS Domain as *.*symantec*.* This is an example which means all the urls related to symantec will be allowed.

4. Click Next > Click Finish. Multiple websites can be added to the same rule.

5. Once the rule is created, highlight the new rule. Go to Action column and make it to Allow.

Note: Place the "Allow" rule on top of "Block" rule.

Assign the policy to the required group. This will allow only the selected website and block all other website.

Caution: If the above rule is applied to the SEPM itself, we need to allow Symantec domain in order to run the liveupdate. This should be applicable to all the machine where Liveupdate will run.

Check these articles - 

1) How to block all website and allow only certain websites using Network Threat Protection Firewall rule.

2) How to block/allow website access using the Symantec Endpoint Protection Manager custom Intrusion Prevention Signature policy

http://bit.ly/uLiS84

3) Video: Allow and Block websites using Symantec Endpoint Protection Firewall

https://www-secure.symantec.com/connect/videos/allow-and-block-websites-using-symantec-endpoint-protection-firewall

4) Article: How To Block Internet address via Sep Manager Firewall Rule

https://www-secure.symantec.com/connect/articles/how-block-internet-address-sep-manager-firewall-rule

5) How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients

http://www.symantec.com/docs/TECH92097

Hope that helps!!