Symantec Network Access Control protects networks from unauthorized, misconfigured, and infected endpoint computing devices. For example, Symantec Network Access Control can deny network access to the client computers that do not run specific versions of software and signatures. If client computers do not comply, Symantec Network Access Control can quarantine and remediate the computers. For example, if client computers have antivirus definitions that are more than a week old, Symantec Network Access Control can quarantine the computers. Symantec Network Access Control can update the computers with the latest antivirus definitions (remediation), and then permit the computers to access the network.

Symantec Network Access Control lets you control this protection with Host Integrity policies. You create Host Integrity policies with Symantec Endpoint Protection Manager Console, and then apply the policies to groups of client computers. If you install Symantec Network Access Control client software only, you can require that client computers run antivirus, antispyware, and firewall software. You can also require that they run the latest operating system service packs and patches, and create custom application requirements. If client computers do not comply, you can run commands on those client computers to try and update those computers.

If you integrate Symantec Network Access Control with Symantec Endpoint Protection, you can apply a firewall policy to the clients that do not comply with Host Integrity policies. This policy can restrict the ports that the clients can use for network access, and can limit the IP addresses that the clients can access. For example, you can restrict non-compliant computer communications to only the computers that contain the software and updates that are required. This integration is called self-enforcement.

If you integrate Symantec Network Access Control with Symantec Enforcer, an optional hardware device, you can further restrict non-compliant computers from gaining access to your network. You can restrict non-compliant computers to specific network segments for remediation, and you can completely prohibit access to non-compliant computers. For example, with Symantec Gateway Enforcer, you can control external computer access to your network through VPNs. With Symantec DHCP and LAN Enforcers, you can control internal computer access to your network by assigning the non-routable IP addresses to non-compliant computers. You can also assign non-compliant computers to quarantined LAN segments