Video Screencast Help

How to block Yahoo Messenger File transfer?

Created: 13 Apr 2011 | 3 comments

Is there anyway to use Symantec Endpoint to block Yahoo Messenger File transfer?

Comments 3 CommentsJump to latest comment

Santhosh k's picture

once try with Firewall policies.

Becuase yahoo uses so many random port s.

Mithun Sanghavi's picture

Hello Wilson, 

Symantec provides a pretty simple way.......... simply change what they have to "block".

Go to your policies, intrustion prevention policy, edit, then "add exceptions" and select anything IM related, add it and change to blocked. 

It would seem to me that this should work and save a lot of work since they have these things pre-defined, but not blocked by default.

Incase, selecting the IPS exception, if you see no Policy.

Highlight your intrusion prevention policy, choose edit.

Then click the exceptions button - lower button on left side.

It will be empty most likely.

Now choose the 'Add' button at the bottom.

It will bring up all the Symantec supplied intrusion prevention signatures and their status - blocked or not blocked.

You select from that list, choose to block since the IM by default is not blocked, log if you wish, and OK.

Then those will move into the exceptions list like you see in my example.

Symantec provides the signatures, but doesn't block. To block IM, you have to make it an "exception" so need to add from their list into your exception list which starts empty.

It's sort of the opposite of the AV exceptions. Usually AV blocks something, but maybe you know it's good so you want to let it through. So you create an exception. In this case, IM is let through, you want to block it, so you need to add it to your exception list. Other things, like some of the nasty HTML based stuff is already blocked. Some things like VNC is in the list but not blocked. We do not want VNC in here, so I move it to my exception list and mark it as "block".

You can sort - when you go to your empty exception list and click the Add.... button and the list of possibilities pops up, you can sort by "blocked/not blocked" and that way get the unblocked stuff all in one place and choose from that list, then choose blocked for it.

Go ahead and experiment - you can always choose cancel, or remove from the exceptions if you change your mind.

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

wilsonlht's picture

I did try to add exception for IPS to block the YM file transfer, but it does not work?