Video Screencast Help

Network Threat Protection won't block application

Created: 15 Sep 2013 | 7 comments

I'm trying to use SEP's firewall to block an application (uTorrent) from using my Wi-Fi adapter, so that the application will only work when I'm connected to a VPN. I've created the following rule: http://i.imgur.com/sONwnlk.png

Unfortunately, uTorrent still works over my Wi-Fi adapter with the rule enabled. In addition, I went poking around in the Network Activity Monitor while using uTorrent to see if there was a different service I should be blocking, and I noticed that the monitor wasn't showing any traffic from uTorrent. I took a screenshot: http://i.imgur.com/MouUjPi.png

For the heck of it I created an identical rule except this time I blocked Chrome, but Chrome kept working too. What am I missing here?

Operating Systems:

Comments 7 CommentsJump to latest comment

.Brian's picture

Are you blocking traffic from utorrent.exe or did you specify the ports it uses? I don't see if specifically for utorrent.exe. On the applications tab, add utorrent.exe

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

greg12's picture

Is your SEP client unmanaged or managed?

If it is managed, check the Control Settings (Server Control / Mixed Control / Client Control) in the SEPM console:

SEPM > Clients > [Group] > Policies tab > Location-specific settings >
Client User Interface Control Settings

If the setting is "Mixed Control", the firewall rules above the blue line in the SEPM firewall policy are being executed before the client firewall rules. There may be a SEPM rule above the blue line that will be always triggered so that all your rules at client level are not relevant.

Austin PA's picture

The SEP client is unmanaged. I tried reinstalling it, but it didn't help. I should point out that no rules I create seem to work. If I block chrome.exe, Chrome still works. If I block steam.exe, Steam still works. If I make a blanket rule to block all traffic from all remote hosts using all IP protocols, everything still works. It's like the firewall is completely malfunctioning. I am very sad panda.

.Brian's picture

Since it's unmanaged and when you were going thru the process of creating the rule, on the Applications tab, you did select utorrent and add it to the list?

If so, I'm thinking something else is wrong here as this should basically do it...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Austin PA's picture

Yeah I added it in the applications tab. I think you're right about something else being wrong, I just have nooo idea what it could be.

StephanK's picture

This may sound silly, but is your Firewall-Module actually loaded and active?

 

Regards Stephan