Endpoint Protection

Hi,

I want to all the systems which are having less than 1 month old definition file could not connect to network. (HI Policy)

Please suggest.

Hi,

You can create Custome Policy

Antivirus Requirement – You can set Antivirus Requirement in your organization that means your clients should be running the Antivirus you have specified or it will be rejected from network or sent to Quarantined network. Antivirus Products that SNAC supports are AnhLab V3 Internet Security, AVG Internet Security/Antivirus, Bit Defender Internet Security/Total Security, CA eTrust Antivirus/InoculateIT, Kaspersky Antivirus/Internet Security, McAfee VirusScan, Microsoft ForeFront Client Security, Microsoft Live OnceCare Antivirus, Norton Antivirus, Panda Antivirus, Sophos Antivirus, Symantec Endpoint Protection, Trend Micro OfficeScan Corporate Edition and Trend Micro Pc-Cillin. With these Antivirus Products you can check if they are installed, Running and having latest definitions. If not then you can redirect them to a location where the Antivirus will be automatically installed or the users can download and install the AV software or the latest virus definitions. If the Antivirus is turned off you can also enable the antivirus.

You can also select Any Antivirus, in this option you can check the definitions and direct them to download the definitions but the options for installing or starting a specific application are not available

Working with Custom HOST INTEGRITY (HI) Policy using the “CUSTOM REQUIREMENT LOGIC”

https://www-secure.symantec.com/connect/articles/working-custom-host-integrity-hi-policy-using-custom-requirement-logic

https://www-secure.symantec.com/connect/forums/hi-policy-sepm

Can You Please help to impliment the policy ?

HI,

Check this thread

https://www-secure.symantec.com/connect/forums/snac-2

SNAC is the best way as ashish suggested

Open and login to the SEPM
 
Click Monitors

Click Notifications

Click Notification Conditions
 
Click Add
 
Select "Virus definitions out-of-date"

Enter the notification name(eg- old defintion)

Select condition (eg- 3 computers with virus definitions older than 30 and so on days )

Add your email id here.

Then Ok.

Hi Nagesh;

Ashish is right, you need to get SNAC and license for it then combined with your SEPM Console, you can perform what we use to call "Self-Enforcement" with a Quarantine zone defined on your SEPM and the rest of your location.

Create an Host Integrity policy with your specific condition like definitions should not be later than 30 days, otherwise the clients will switched to quarantine zone.

On your quarantine zone, you'll just have to definie a very strict firewall policy to make the client not able to join your internal network. It can be done also like simply adding a Firewall like like block all subnet then the machines in quarantine will get no network and will be restricted to local only

Here the nice article that explains the possibilities you could with SEPM+SNAC and an exmple of Sel-Enforcement

=> http://www.symantec.com/business/support/index?page=content&id=TECH102534

Kind Regards,

A. Wesker

Hi,

Check this thread as well.

https://www-secure.symantec.com/connect/forums/snac-implementation-doubts

Hello,

I would suggest you to check these Articles:

About antivirus conditions http://www.symantec.com/docs/HOWTO55511

Adding Host Integrity requirements http://www.symantec.com/docs/HOWTO55496

About custom requirements http://www.symantec.com/docs/HOWTO55504

Adding an IF THEN statement http://www.symantec.com/docs/HOWTO55506

About the IF, THEN, and ENDIF statement http://www.symantec.com/docs/HOWTO55675

and check these SNAC Whitepapers

Symantec Network Access Control Whitepapers

https://www-secure.symantec.com/connect/downloads/symantec-network-access-control-whitepapers

Hope that helps!!

If u r using soft installation you can use custome rule with condition like if definition is less than 30 days and use quarantine firewall rule to block traffic.

Thanks Wesker,

It mean we required SNAC Device to block the access?