Video Screencast Help

Symantec Endpoint IP Exclusion

Created: 22 Sep 2010 • Updated: 30 Oct 2010 | 3 comments
This issue has been solved. See solution.

We use Symantec Endpoint Protection v11.

We are attempting to perform employee Phishing testing via Core Impact as follows:
1. Test Phishing emails are initiated from Core Impact, to select employees.
2. Once an employee clicks an embedded hyperlink (which resolves to "http://<Core Impact Device's IP Address/..."), they are redirected back through the Core Impact device (all behind the firewall) to a designated URL (e.g. www.Google.com or an Intranet page).  
3. Core impact notes which employee(s) click the link.
The issue I'm seeing is that, in doing its job, Symantec is blocking step #2 at the clients.
We've found that, by temporarily disabling "Network Threat Protection" on a client workstation, everything works correctly
How can I create an exclusion (or whitelist) to state that access to "http://<Core Impact Device's IP Address/...") is allowed?
 
Thank you

Comments 3 CommentsJump to latest comment

Vikram Kumar-SAV to SEP's picture

In SEP Manager console --Policies--Firewall--Edit Firewall Policy--Rules

Add Rule--Allow you IP address.

Once Rule is created move that rule to the top..

This might also be due to Intrusion Prevention

Exclude your Core Impacts server

SEP Manager console --Policies-Intrusion Prevention--Settings..

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

SOLUTION
TTCTECH's picture

Thank you very much for the quick response.

I was just informed that we are not currently utilizing the Firewall feature within SEP, so I'm not sure that the issue is reated to that setting.

Vikram Kumar-SAV to SEP's picture

Network Threat Protection component is combo of Firewall+ IPS

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.