Endpoint Protection

 View Only

  • 1.  Isolating XP Machines before April 8th - How To?

    Posted Mar 20, 2014 09:22 PM

    SEPM Version:  12.1.4023.4080
    Client Version:  12.1.4013.4013


    Can you suggest how we can isolate XP machines that run critical applications that will not meet the April deadline for Win7 upgrade by utilizing the following SEPM Policies.

    Custom Intrusion Prevention
    System Lockdown
    Network Application Monitoring
    Firewall
    Intrusion Prevention
    SEP Harding Application and Device Control

    A new Group would be created for the XP machines.

    For example, we have an XP box that runs an application that sends data via FTP to another box on the same network. I would like to lock it down as much as possible, allowing only essential services like DNS, Remote Management, and the FTP client. Access to the Internet is not needed.


    I never worked with firewall policies in their most restrictive state and then allowing services/applications in or out. I would imagine logging on the client side will aid in isolating items that need to be allowed or blocked.


    I know this is asking a lot, but with time ticking down, I think this might become a popular request.  Perhaps some sample polices that establish a baseline.



  • 2.  RE: Isolating XP Machines before April 8th - How To?

    Posted Mar 20, 2014 09:37 PM

    The main thing to remember is content will still continue to get updated so SEP will protect the machines from new vulns. You just won't get patches from MS.

    Aside from that than yes you can run ADC to lockdown temp directories from being written to. There are many more great ADC policies to chose from here:

    http://www.symantec.com/security_response/securityupdates/list.jsp?fid=adc

    You can also use System Lockdown so only approved executables can run. System Lockdown would work really well in this case assuming you have the time and resources to spend with it.



  • 3.  RE: Isolating XP Machines before April 8th - How To?

    Posted Mar 21, 2014 04:30 AM

    Thumbs up to Brian's post yes

    Though I might also link you the Symantec KB articles on Hardening with SEP:

    http://www.symantec.com/docs/TECH132337
    http://www.symantec.com/docs/TECH132307

    Also, if these are critical system likely to be in use for a while yet, I'd personally recommend you take a look at CSP.  Very handy product in these circumstances:

    http://www.symantec.com/critical-system-protection



  • 4.  RE: Isolating XP Machines before April 8th - How To?

    Posted Mar 21, 2014 09:01 AM

    See this Blog

    How will the end of Windows XP impact your organization?

    https://www-secure.symantec.com/connect/blogs/how-will-end-windows-xp-impact-your-organization