Endpoint Protection

 View Only

  • 1.  SEP compatibility with Microsoft Network Access Protection (NAP)

    Posted Jun 22, 2011 05:59 AM

    Hi,

    In a lab setup, my Win 7 client is using SEP ver 11.0.63.00.803 and we are trying to integrate with Microsoft NAP solution. (Firewall, Anti-virus & Anti-spam policy checks). Need to seek advice and help on the following scenarios.

    1) Disabling "Antivirus & Antispyware protection" will trigger the client to be shifted to a non-compliant VLAN as it is not compliant with the NAP health checks.

    However after around 5 mins, the client will be shifted back to the compliant VLAN even though the "Antivirus & Antispyware protection" on the SEP client remains disabled. 

    If we disabled windows firewall, the client will be shifted to a non-compliant VLAN as it is not compliant with the NAP health checks. It does not experience the same symptoms of being shifted back to the compliant VLAN. Not too sure if it's a bug on the SEP module?

    2) As Microsoft NAP provides policy checks on Anti-spam, would also like to find out if SEP "Antivirus & Antispyware protection" is supportable via the NAP Anti-spam policy or it's only just "Antivirus & Antispyware protection" via the NAP Anti-virus policy?

    From what we have tested thus far, it appears the SEP "Antivirus & Antispyware protection" is not integrated with NAP Anti-spam policy. :(



  • 2.  RE: SEP compatibility with Microsoft Network Access Protection (NAP)

    Posted Jun 22, 2011 06:25 AM

    You answered it right.....Its not integrated...



  • 3.  RE: SEP compatibility with Microsoft Network Access Protection (NAP)

    Posted Jun 22, 2011 07:09 AM

    Hi,

    Is the autoprotect configured to enable itself after 5 minutes? You can check it in your SEPM in the Antivirus and Antispyware policy settings FileSystem Auto-Protect > Advanced.



  • 4.  RE: SEP compatibility with Microsoft Network Access Protection (NAP)

    Posted Jun 22, 2011 08:20 AM

    Both Rafeeq and Costa are correct.

    for 1st answer by default SEP re-enables itself after 5 minutes

    for 2nd question they are not integrated.



  • 5.  RE: SEP compatibility with Microsoft Network Access Protection (NAP)

    Posted Jun 22, 2011 11:41 AM

    That is correct Vikram, SEP has its own network access control called SNAC.

    However, since SEP also reports its status (enabled/disabled as well as definitions updated) to Windows so it should be possible to use it with Microsoft NAC



  • 6.  RE: SEP compatibility with Microsoft Network Access Protection (NAP)

    Posted Jun 22, 2011 03:00 PM

    Yes SEP will work with Microsoft NAP however it is not integrated with NAP Anti-spam policy.



  • 7.  RE: SEP compatibility with Microsoft Network Access Protection (NAP)

    Posted Jun 23, 2011 10:16 AM

    Thanks Rafeeq, Joao Costa & Vikram Kumar.

    You guys have been a great help! :)

    I will get my team to confirm on Joao Costa's suspicions on the "auto-protect"

    Would just like to confirm if the status of the "Antivirus & Antispyware protection" would be seen as enabled when the "auto-protect" feature kicks in? I was pretty sure the SEP status was still seen as disabled even though the shift back to the compliant VLAN was trigged. Hmm.....