Hi everyone. I have downloaded the trial SEP for review and testing, and am having a problem with the firewall. I cannot get the endpoint protection software to block an application that I wrote that sends out email. Also, I have Eudora for email purposes, and I cannot get endpoint protection to block that application as well. I have set up my client to be in total control of the NTP segment, blanked out my application list and also all firewall rules. Then I added a few rules, block all IP, block all TCP, and even some rules blocking TCP port 110, and port 25. All rules created log any traffic. I cannot get SEP to block the email program, and not only that, if I create one single rule, allow all traffic and log, I can't even get the emailing software to show up in the traffic or packet logs. What am I doing wrong? Please be aware that I can successfully configure FTP rules in SEP, which correctly block and log any ftp traffic that I attempt - so I know the firewall portion does in fact work. (also when block all is in effect, internet explorer doesn't work, etc - which is correct )
Also, I have run wireshark to verify what ports I am using within the emailing software, but that really shouldn't matter once you use a "block all IP traffic rule", should it???
I have this feeling that I am missing something, what is it?