Video Screencast Help

Need Help With Policies and Network Activity

Created: 14 Jul 2009 • Updated: 22 May 2010 | 5 comments
This issue has been solved. See solution.

Hi Everyone,

I am very new to the whole security thing and will probably be ridiculed for asking such a stupid question.

I have Endpoint 11 setup in a test environment. I have created a client and a set of policies to govern. I can see the client in the Manager.

What I want to do is change policies on the client computer. I make a change and click update the policy on the client, but nothing seems to happen.
In reports it says the clients have the latest Policies.

Question 1. Is there a way of checking the current policy setup of the client?
Question 2. Do policies deploy instantly?

The next part is Endpoint Client has Network Activity Monitor component. I have it open but it says 0 across the board. Even if I do stuff on the network, such has ICMP requests, browse the web, copy files from servers. Is it suppose to give me information?

Thank you everyone.

Comments 5 CommentsJump to latest comment

pete_4u2002's picture

Question 1. Is there a way of checking the current policy setup of the client?
if on SEPM , you need to check the reports.
If on client open the client gui, click on Help and Support == Troubleshooting and check for policy serial number . This should match one shown in the details tab of SEPM.

Question 2. Do policies deploy instantly?
The policies are deployed as soon client cpmmunicates with SEPM.

The next part is Endpoint Client has Network Activity Monitor component. I have it open but it says 0 across the board. Even if I do stuff on the network, such has ICMP requests, browse the web, copy files from servers. Is it suppose to give me information?

Are you referring to packet log? Check the Traffic log on the client, you will see the list. The traffic will be listed if the NTP component is installed and configured to log/block for configuration.

cheers
Pete

Nuggetbro's picture

I am talking about Network Activity. If you go into the client by clicking on the toolbar icon. Then under Status -> Network Threat Protection -> Options -> View Network Activity.

It is all blank!

Vikram Kumar-SAV to SEP's picture

Netowork Activity monitor does work and is very good.
If you are connected to the intrernet and downloading anything or if you are copying files from your server the graph does move.

Thisi s how it works :

Network Activity
Use the Network Activity dialog box to view, allow, or block the applications and the services that run on the client. The applications that appear in the Network Activity dialog box are the applications and the services that have run since the client service started.

Note:
The toolbar options and menu commands may or may not appear. Their appearance depends on how your administrator configured the client.

Table: Network Activity options

Option
Description

Incoming and Outgoing graphs
Displays the volume of the inbound traffic and the outbound traffic.

Incoming and Outgoing Traffic History graphs
Displays real-time data about the last two minutes of the inbound traffic and the outbound traffic.

This display includes the traffic that is allowed and the traffic that is blocked. The green lines and bars indicate the allowed traffic, and the red coloring indicates the blocked traffic.

Attack History Graph
Displays the number of attacks against your computer.

Running Applications
Displays a list of the applications and services that currently run on your computer.

You can run several commands on the application or service. Each command displays the following status on the application's icon:

Allow

Icon appears normal, with no marks. A blue dot appears on the lower left-hand corner of the icon when the application receives traffic. When the application sends traffic, the blue dot appears on the lower right-hand corner.

Block

Icon appears with a red circle and crossed-out mark.

If you right-click an application in this list and click either Allow or Block, the application is added to the list in the View Application Settings dialog box.

For all statuses, the icon displays a dot with the following colors:

Green

Allow

Red

Block

You can also terminate the process, which closes the application or ends the process.

You can display the applications and services in the following formats:

Large Icons

Displays the applications and the services as 32x32 icons.

Small Icons

Displays the applications and services as 16x16 icons.

List

Displays the applications and the services as small icons, with the icons displayed in a standard list.

Applications Details

Provides a list of applications and their version numbers and paths.

Connection Details

Displays the following information for each application: application name, protocol, status, port numbers, IP address, process number, and path.

Show Windows Services

Displays the Windows services that the client runs.

Show Broadcast Traffic

Displays the broadcast traffic. If you uncheck the check box, it displays only unicast traffic.

Broadcast traffic is the network traffic that is sent to every computer in a particular subnet, and is not directed specifically to your computer. Unicast traffic is the traffic that is directed specifically to your computer.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

SOLUTION
dries_vb's picture

Set the communication mode (between SEPM en SEP clients) to PUSH MODE. This way your server will propagate policy changes practically on the fly to the SEP clients. But don't do this when in a production environment with many clients.

Good luck with the tests!

Maximilian's picture

On the SEP Manager console you can find the policy serial number on the tab "Clients".

Choose your group where the client is under and go to tab "Details".

You will see a similar picture as below which you can compare to the same that is on the client described by pete_2u2002
imagebrowser image