Endpoint Protection

 View Only

  • 1.  Network Threat Protection

    Posted Apr 16, 2009 09:59 AM
    When M$ sends out certain security updates sometimes it affects the NT Kernel and Network Threat Protection has a notice
    imagebrowser image

    Now because of the nature of the change and the request i.e. access to the network, the only way i can view this message is if i log on to the local machine as an administrator, because if i log on to the domain this error does not pop up and endpoint protection does not give me access to the network.

    Is there a way I can get around this without having to log on to hundreds of computers localy and say yes to this dialog box?


  • 2.  RE: Network Threat Protection
    Best Answer

    Posted Apr 16, 2009 12:19 PM
    King there are a couple of ways around this. 

    1.  Right now I'm assuming your application monitoring settings are set to ask.  You could change this to allow and log.  This is how I have my system configured.  You do this from the policies tab when clients is selected on the left pane of the management console.  Network Application Monitoring is listed under policies.  Click it to bring up your settings

    2.  You could add the NT kernel executables to the unmonitored application list (also found under application monitoring settings). 





  • 3.  RE: Network Threat Protection

    Posted Apr 16, 2009 03:42 PM
    Thanks Disco you're a life saver.


  • 4.  RE: Network Threat Protection

    Posted Sep 08, 2009 02:37 PM
    is there a way to use a wildcard for the fingerprint? I've added all the ntoskrnl's from the search but i dont know if users will be prompted about it during the next patch tuesday. I would definitely prefer to not have to update the NAM list after every patch tuesday. Maybe if  i add it manually and only put in the path. I cannot find any documentation on whether that works or not.

    Thanks,