Endpoint Protection

 View Only

  • 1.  Network Threat Protection is always ON

    Posted Sep 18, 2009 09:58 AM
     Running v 11.0.4202.75

    Our install package is setup to include all components of the SEP 11 client. No problems there.

    But the odd thing is that on one of the Client Groups, we have unique polices where the Firewall, Intrusion, and Application Control are disabled.
    (in other words, the 'Enable this Policy' is unchecked).

    But yet, the clients in that group still show the Network Threat Protection as being "ON".

    Shouldn't that say "OFF".

    If go into the SEP Manager console, and look CLIENTS > CLICK ON GROUP > POLICIES it shows those components all grayed out, as they should be.
    The clients have the correct policy version, green dot on the shield in the console and on the client, everything is updating.

    Anyone have any explination as to why NTP would say "ON" when the only Policy that is enabled is the Antivirus? 

    Thank you
    James


  • 2.  RE: Network Threat Protection is always ON

    Posted Sep 18, 2009 10:03 AM
    Hi,

           The Network Threat Protection is a feature and if it is included in the client install package then the the Network Threat Protection will be installed and will remain ON unlesss you disable it. As far as the policies are concerned they are for various feature set and can be configured manually.
           


  • 3.  RE: Network Threat Protection is always ON

    Posted Sep 18, 2009 10:11 AM
    In this case it means that the NTP is installed on the Computer , but it is not getting policy from SEPM. The components  for NTP ( drivers) are present on the computer but they are cosmetic as the policy is not applied to them.

    NTP is a component of SEP along with AV/AVS and PTP and since it is installed on the computer it is ON.
    Policy that  are inherited on the clients from SEPM are not the part of the pacakge rather they are assigned to the computer.


  • 4.  RE: Network Threat Protection is always ON

    Posted Sep 18, 2009 11:46 AM
    Greetings,

    Disabling a policy does not disable the component. If you want it turned off you will want to uninstall it from the machine or allow the users to manually disable it. You can create a package and assign it to a group to remove this component seamlessly if you want.

    One other alternative is to create an "Allow All" rule in your Firewall policy and put it at the top of the list, this will effectively disable anything that the Firewall blocks though it will still allow you to use our Intrusion Prevention system.