Endpoint Protection

 View Only

  • 1.  IE vulnerability protection

    Posted Nov 10, 2015 04:40 PM

    I ran accross the article below and would like to enable this feature on my machines.  But I have a few questions:

    http://www.symantec.com/connect/forums/browser-intrusion-prevention-add-problem#comment-5861811

    This article is several years old.  Is GPO still required or can it be done from SEPM?

    The article references CLSID values and folders which seem specific to the particular version of SEP being used.  What would I use for 12.1 RU6?

    Does this feature require the Windows firewall to be enabled? (we disable windows firewall on our machines via GPO)

    We only install AV, Download and Proactive protection on our machines.  Would we have to install firewall and/or Intrusion Protection also?

    Thanks,

    Diego

     



  • 2.  RE: IE vulnerability protection

    Posted Nov 10, 2015 07:42 PM

    Nope, should no longer apply in regards to needing the GPO. Changes were made to the IPS engine so you should be fine. Yes you need the IPS component only, no firewall if you don't plan to use it.



  • 3.  RE: IE vulnerability protection

    Posted Nov 11, 2015 11:31 AM

    What would the ramifications of enabling the IPS be?  I am concerned with interruptions of communications and applications on our corporate network which is the reason we keep the Windows firewall turned off via GPO in the first place.

    Thanks

    Diego



  • 4.  RE: IE vulnerability protection

    Posted Nov 11, 2015 11:37 AM

    IPS signatures looks for malicious network behavior so it should be minimal. IPS should be considered a must in terms of enabling. It is an excellent way to stop additional threats.

    Mick2009 wrote an article on it

    Two Reasons why IPS is a "Must Have" for your Network



  • 5.  RE: IE vulnerability protection

    Posted Nov 12, 2015 10:20 AM

    OK, you convinced me and I will give it a shot.  One more question:

    I had a package assigned to my client sites that used a custom feature set that did not include the IPS module.  I have deleted the package and then re-added it using a new feature set that includes the IPS module.  The SEP version of the package remains the same.

    Will the clients realize I want them to re-apply the package (and pickup the newly added IPS feature) if their current SEP version is the same as the package's?

    Thanks,
    Diego



  • 6.  RE: IE vulnerability protection

    Posted Nov 12, 2015 10:29 AM

    Yep, just follow th steps in this article as it is outlined step by step

    http://www.symantec.com/docs/TECH90936