Endpoint Protection

We are testing the use of keyboard and mouse sharing application Input Director.  It works by installing it on a two separate PCs, a master and slave PC with the keyboard and mouse physically connected to the master PC which are shared to the slave PC via the application.

I've allowed the inbound ports in the firewall policy and it is working fine on WinXP and Win7, but it is working only after the user has logged into the slave PC.  (which defeats the purpose because you have to connect another keyboard to log in the slave PC)  It does not work pre-login, and when I log in manually, I notice it starts working immediately when the SEP client shield icon shows up in the system tray. 

When I temporarily move the PC into a group in SEP without the firewall policy applied, the application works before login allowing them to mouse over to the slave PC and enter their login credentials (so Input Director apparently runs as a service).

In the firewall group, "Allow IP traffic" is selected in the "Unmatched IP Traffic Settings" area of Server Control, and "Block all traffic until the firewall starts and after the firewall stops" is not checked in the Security Settings tab of the group's General Settings.

Are there any other settings I can modify?  I'm not looking to enable all traffic before the firewall stops, I'm just looking for it to apply my firewall policy ruleset pre-login so the rule allowing Input Director will take effect and allow Input Director to work properly.

Thanks.

open the sep interface.

check the firewall logs, do u see any rules getting blocked?

You can troubleshoot this issue by putting an "Allow All" rule at the top of the firewall policy. Run your login testing while moving the rule down one line at a time. Once you get to the point where the login fails, you then know the one rule above is the problem rule. You can then modify the blocking rule to allow the desired traffic.

The only time it doesn't work is pre-login, before a user has logged in.  It works properly after a user is logged into the PC and the SEP client firewall is started.  This confirms the ruleset is accurate and the firewall policy correctly allows the traffic.  The question is, why isn't it working pre-login?

If I temporarily remove the SEP firewall policy, it works pre-login, so I know the issue is somewhere in SEP and not with Input Director.  Again, it works fine with the SEP client firewall enabled but only after a user has logged in, so it shouldn't be an issue with the ruleset.

In the firewall group, "Allow IP traffic" is selected in the "Unmatched IP Traffic Settings" area of Server Control, and "Block all traffic until the firewall starts and after the firewall stops" is not checked in the Security Settings tab of the group's General Settings.

Thanks. 

Hello,

Please check if the System Account has enough permissions.

If I am not mistaken, the Machine works at System Account Level when the User is not Logged in.

Proabably that may solve your issue.

Can you give me more details of what kind of permissions you are referring to and where I go to confirm it?  Thanks. 

Hello,

Check the Microsoft Link:

http://msdn.microsoft.com/en-us/library/ms684190%28v=vs.85%29.aspx

For more Details, Contact Microsoft.

Hello,

Check the Symantec Video on

Logging in to a machine with SYSTEM account

https://www-secure.symantec.com/connect/videos/logging-machine-system-account