Endpoint Protection

 View Only

  • 1.  how can I use terminate founction in the network activity windows

    Posted Jan 11, 2012 03:18 AM

    Today ,I found the differenence in the server management and self-managed .In the Network Activity window I can terminate the application by right click.But in the server management I can't found the founction on  the menu. How to config on the sepm to active this founction.



  • 2.  RE: how can I use terminate founction in the network activity windows

    Broadcom Employee
    Posted Jan 11, 2012 03:37 AM

    can you explain about the network activity window?

    can you post the screen capture?



  • 3.  RE: how can I use terminate founction in the network activity windows

    Trusted Advisor
    Posted Jan 11, 2012 06:29 AM

    Hello,

    I believe you are talking about:

    Using Symantec Endpoint Protection 11's Network Activity Tool to Identify Suspicious Processes
     
     
     
    For SEP 11 / SEP 12.1 clients that have the Network Threat Protection (NTP) component installed, a built-in tool called Network Activity can help identify files that are making suspicious network connections.
     
    This Tool requires the SEP with Network Threat Protection Feature Installed.
     
    SEPM is just a console -- A Manager Console Tool for SEP Managed Clients.
     
    Hope that helps!!


  • 4.  RE: how can I use terminate founction in the network activity windows

    Posted Jan 11, 2012 09:22 AM
      |   view attached

    YES, I want to kill the suspicious processes by the Network Activity Tool.I am using Chinese version, in my enterprise. There has been no termination of the program functions.Why?



  • 5.  RE: how can I use terminate founction in the network activity windows
    Best Answer

    Posted Jan 11, 2012 11:01 AM

    Don't know if it is the only possibility, but just change the group or location to client control:

    Clients > [Group] > Policies > Location-specific settings

    By default, the group is set to Server control. If you change it to Client control, you can terminate/block etc. in Network Activity window.

    However, Client control is a dangerous setting because you will transfer the complete Firewall and IPS responsibility to the user, which is not wanted in 99% of the cases.

    You can block applications in the SEPM firewall policy as well.