Video Screencast Help

Is it possible to block all messengers as like yahoo messenger

Created: 04 Jul 2010 • Updated: 08 Aug 2010 | 11 comments
This issue has been solved. See solution.

Is it possible to block all messengers as like yahoo messenger, windows messenger, nimbuzz messenger for individual IP or users by SEPM.
my SEPM verson= 11.0.1000.1375

Comments 11 CommentsJump to latest comment

pete_4u2002's picture


check this article and let know if it helps

however the SEPM version you using is toooooooo old. Use the latest version.

Fatih Teke's picture

Hello Qamrul,
You can block MSN via firewall rules or application and device policy rules,
for example you can block MSN domain from Firewall rules or you can block MSN.exe from application and device rules.
But please don't forget if user change exe names can continue to use. Therefore you can use hash rule (but all exe files have change hash :) )

Best Regards.

 Everything works better when everything works together.

deepak.vasudevan's picture

>>You can block MSN via firewall rules

This would be the most more convincing way.

Farzad's picture

Yes. But it seems to be a hard task! Create a custom signature of the applications using the attached PDF file

Steps_to_create_a_custom_IDS_signature_0.pdf 499.01 KB

ESET Certified Specialist \ Symantec Certified Specialist  \  MCSE +Security  \  CCNSE

Thomas K's picture

I second what Pete said. Use Application and Device Control policy and get rid of that old build. The latest is 11.0.6005.562 (RU6). There have been thousands of fixes since the MR1 release came out.


ShadowsPapa's picture

Symantec provides a pretty simple way.......... simply change what they have to "block".
Go to your policies, intrustion prevention policy, edit, then "add exceptions" and select anything IM related, add it and change to blocked.  It would seem to me that this should work and save a lot of work since they have these things pre-defined, but not blocked by default.

Fatih Teke's picture

Good information from Shadows Papa :)


Best Regards.

 Everything works better when everything works together.

Farzad's picture

Shadow PAPA
When I select the IPS exception, it says it is empty.
What is wrong?

ESET Certified Specialist \ Symantec Certified Specialist  \  MCSE +Security  \  CCNSE

ShadowsPapa's picture

highlight your intrusion prevention policy, choose edit.
Then click the exceptions button - lower button on left side.
It will be empty most likely. Now choose the Add..... button at the bottom.

It will bring up all the Symantec supplied intrusion prevention signatures and their status - blocked or not blocked. You select from that list, choose to block since the IM by default is not blocked, log if you wish, and OK.
Then those will move into the exceptions list like you see in my example.
Symantec provides the signatures, but doesn't block. To block IM, you have to make it an "exception" so need to add from their list into your exception list which starts empty.
It's sort of the opposite of the AV exceptions. Usually AV blocks something, but maybe you know it's good so you want to let it through. So you create an exception. In this case, IM is let through, you want to block it, so you need to add it to your exception list. Other things, like some of the nasty HTML based stuff is already blocked. Some things like VNC is in the list but not blocked. We do not want VNC in here, so I move it to my exception list and mark it as "block".
You can sort - when you go to your empty exception list and click the Add.... button and the list of possibilities pops up, you can sort by "blocked/not blocked" and that way get the unblocked stuff all in one place and choose from that list, then choose blocked for it.
Go ahead and experiment - you can always choose cancel, or remove from the exceptions if you change your mind.

Farzad's picture

My server was not troughly updated. I found that.
Thank you PAPA!

ESET Certified Specialist \ Symantec Certified Specialist  \  MCSE +Security  \  CCNSE

teiva-boy's picture

Side note, I hope the poster will update his software to something higher than 11.0.5000.  11.0.1000 is pretty darn old and plagued with bugs.

There is an online portal, save yourself the long hold times. Create ticket online, then call in with ticket # in hand :-) "We backup data to restore, we don't backup data just to back it up."