Endpoint Protection

 View Only

  • 1.  SEPM (11.x): NTP Blocked Applications report?

    Posted Mar 04, 2011 08:41 AM

    Hey just wondering if anybody has an example of what an NTP Blocked Applications report looks like.  I have the report configured to send daily, and yet in 6 months I haven't seen one that had anything in it, though there have been plenty of IPS prevented attacks, viruses, and so on.  I guess I"m just wondering what this report would show if it showed anything :)

     



  • 2.  RE: SEPM (11.x): NTP Blocked Applications report?

    Posted Mar 04, 2011 08:55 AM

    Looks like this:

     

    To my knowledge, this comes from the IPS but only with certain events. I get a whole bunch of IPS alerts but only certain ones fall into this report, mainly malicious HTTP traffic or malicious site re-directs



  • 3.  RE: SEPM (11.x): NTP Blocked Applications report?

    Posted Mar 04, 2011 12:06 PM

    Not all of our IPS signatures block processes. Some will only block access to/from a specific host, depending on the nature of the attack the signature is blocking.

    If the signature does not include configurations to block the application, but simply the traffic, it would not be logged in this location. We can see this from Brian's example above.