Endpoint Protection

 View Only
  • 1.  Need Help With Policies and Network Activity

    Posted Jul 14, 2009 03:06 AM
    Hi Everyone,

    I am very new to the whole security thing and will probably be ridiculed for asking such a stupid question.

    I have Endpoint 11 setup in a test environment. I have created a client and a set of policies to govern. I can see the client in the Manager.

    What I want to do is change policies on the client computer. I make a change and click update the policy on the client, but nothing seems to happen.
    In reports it says the clients have the latest Policies.

    Question 1. Is there a way of checking the current policy setup of the client?
    Question 2. Do policies deploy instantly?

    The next part is Endpoint Client has Network Activity Monitor component. I have it open but it says 0 across the board. Even if I do stuff on the network, such has ICMP requests, browse the web, copy files from servers. Is it suppose to give me information?

    Thank you everyone.


  • 2.  RE: Need Help With Policies and Network Activity

    Broadcom Employee
    Posted Jul 14, 2009 03:38 AM
    Question 1. Is there a way of checking the current policy setup of the client?
    if on SEPM , you need to check the reports.
    If on client open the client gui, click on Help and Support == Troubleshooting and check for policy serial number . This should match one shown in the details tab of SEPM.

    Question 2. Do policies deploy instantly?
    The policies are deployed as soon client cpmmunicates with SEPM.

    The next part is Endpoint Client has Network Activity Monitor component. I have it open but it says 0 across the board. Even if I do stuff on the network, such has ICMP requests, browse the web, copy files from servers. Is it suppose to give me information?

    Are you referring to packet log? Check the Traffic log on the client, you will see the list. The traffic will be listed if the NTP component is installed and configured to log/block for configuration.

    cheers
    Pete


  • 3.  RE: Need Help With Policies and Network Activity

    Posted Jul 14, 2009 04:59 AM
    Set the communication mode (between SEPM en SEP clients) to PUSH MODE. This way your server will propagate policy changes practically on the fly to the SEP clients. But don't do this when in a production environment with many clients.

    Good luck with the tests!


  • 4.  RE: Need Help With Policies and Network Activity

    Posted Jul 14, 2009 10:08 PM
    I am talking about Network Activity. If you go into the client by clicking on the toolbar icon. Then under Status -> Network Threat Protection -> Options -> View Network Activity.

    It is all blank!


  • 5.  RE: Need Help With Policies and Network Activity
    Best Answer

    Posted Jul 16, 2009 01:31 AM
    Netowork Activity monitor does work and is very good.
    If you are connected to the intrernet and downloading anything or if you are copying files from your server the graph does move.

    Thisi s how it works :

    Network Activity
    Use the Network Activity dialog box to view, allow, or block the applications and the services that run on the client. The applications that appear in the Network Activity dialog box are the applications and the services that have run since the client service started.

    Note:
    The toolbar options and menu commands may or may not appear. Their appearance depends on how your administrator configured the client.


    Table: Network Activity options

    Option
    Description

    Incoming and Outgoing graphs
    Displays the volume of the inbound traffic and the outbound traffic.

    Incoming and Outgoing Traffic History graphs
    Displays real-time data about the last two minutes of the inbound traffic and the outbound traffic.

    This display includes the traffic that is allowed and the traffic that is blocked. The green lines and bars indicate the allowed traffic, and the red coloring indicates the blocked traffic.

    Attack History Graph
    Displays the number of attacks against your computer.

    Running Applications
    Displays a list of the applications and services that currently run on your computer.

    You can run several commands on the application or service. Each command displays the following status on the application's icon:

    Allow

    Icon appears normal, with no marks. A blue dot appears on the lower left-hand corner of the icon when the application receives traffic. When the application sends traffic, the blue dot appears on the lower right-hand corner.

    Block

    Icon appears with a red circle and crossed-out mark.

    If you right-click an application in this list and click either Allow or Block, the application is added to the list in the View Application Settings dialog box.

    For all statuses, the icon displays a dot with the following colors:

    Green

    Allow

    Red

    Block

    You can also terminate the process, which closes the application or ends the process.

    You can display the applications and services in the following formats:

    Large Icons

    Displays the applications and the services as 32x32 icons.

    Small Icons

    Displays the applications and services as 16x16 icons.

    List

    Displays the applications and the services as small icons, with the icons displayed in a standard list.

    Applications Details

    Provides a list of applications and their version numbers and paths.

    Connection Details

    Displays the following information for each application: application name, protocol, status, port numbers, IP address, process number, and path.

    Show Windows Services

    Displays the Windows services that the client runs.

    Show Broadcast Traffic

    Displays the broadcast traffic. If you uncheck the check box, it displays only unicast traffic.

    Broadcast traffic is the network traffic that is sent to every computer in a particular subnet, and is not directed specifically to your computer. Unicast traffic is the traffic that is directed specifically to your computer.




  • 6.  RE: Need Help With Policies and Network Activity

    Posted Jul 16, 2009 04:22 AM
    On the SEP Manager console you can find the policy serial number on the tab "Clients".

    Choose your group where the client is under and go to tab "Details".

    You will see a similar picture as below which you can compare to the same that is on the client described by pete_2u2002
    imagebrowser image