Endpoint Protection

Hello, We're using a program which must be connected to the server for live check and update of information. It also has a p2p part which isn't needed and that we'd need to disable on demand without breaking communication with the server. P2P part would also need to be disabled between our computer in the same network. If 2 client running on the same machine/windows (no virtualization) p2p block is something that can be done, it would be ideal. Downloaded endpoint small business to test if it work before puchasing it but can't figure how to do it. Adding the program to the list of exception doesn't show option to block p2p only. Read on some symantec post that we need to set it in endpoint management but couldn't find the download link. Is there any way to manage this? Thank you in advance Lewis

Go into the firewall policy and you should see the Peer-to-Peer Authentication Settings tab.

Configuring peer-to-peer authentication for Host Integrity enforcement

But this has to do with Host Integrity check.

Are you seeing some sort of issue?

Can't see Peer to peer Authentication tab. Is it available in SEP (what we installed) or only in SEPM?

You're running SBE correct? If so, it's not available in SBE.

Are you getting a specific error?

We run 4 pc under win 8.1 pro. I installed Symantec Endpoint Protection (40ish Mb download) to see if we could stop the p2p part that we need. There's no specific error, simply can't find the open you are talking about and that i saw in some other documents. Most document says to go in policies in their Endpoint protection manager, but i dont have the manager. Only the trial SEP. If needed, i'll get other program if you point to me which one we need.

Do you know the application name and port this application uses for P2P? If so, it should be as simple as creating a firewall rule to block the traffic. You do have another option as well using an application control policy to stop it from executing altogether.

Yes, you would want the SEPM for this. It should be apart of the trial.

If the concerned application uses a (permanent) specific port for P2P communication, it can be blocked by creating a new firewall rule on the SEP clinet. please follow the article at the below link on how to create firewall rules in standalone SEP clients.

Firewall policies on unmanaged Endpoint Protection clients
http://www.symantec.com/docs/TECH105725

 But, if the users can change the port used by the application for P2P communication, then blocking just one port will not be effective. In such cases, its to better to create 2 rules as follows asnd place them at the top of the list in the same order.

Rule 1 - To Allow traffic from "application.exe" on specific port that the app uses to communicate with "server".

Rule 2 - To Block ALL traffic from "application.exe".

Thanks Seyad.

There's many different server that the application use and has such, the IP from server vary greatly. Also, I got told it communicate with 2 server (API and another).

 

I tried understanding the netlog to no avail. I tried using the host integrity check but it provide inconsistent result. One time it seemed to work, losing contact with about 10 other user at once, yet another time it didn't stop comms from other user.

 

Is there a way to know on which port the application communicate with the server and which one is used for p2p? Can it be on the same port? If they can't be on the same port, will force connection to server to a specific port and try your method.