Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Symantec Vulnerability Protection Add on

Created: 18 Jun 2013 | 8 comments

I do not have an Intrustion Prevention policy in my SEPM installation yet when I push out 12.1.3 clients I am noticing the Symatnec Vulnerability Protection add on is being installed in Internet Explorer as well.  I am on the understanding that this add on is part of IPS.

I have verified my Install Feature set does not enable IPS.

How can I stop this add on from being installed? 

Operating Systems:

Comments 8 CommentsJump to latest comment

Rafeeq's picture

In the Symantec Endpoint Protection Manager (SEPM), under Admin, Install Packages, Client Install Feature Set, add a Client Install Feature Set.
Uncheck the box for Advanced Download Protection.  A warning will pop up that this will reduce protection against threats.  SONAR Protection and Intrusion Protection are automatically unchecked as well.
There is currently no way to install SONAR and Intrusion Protection without the Advanced Download Protection.
Click OK to save this feature set.

This feature set can be used when deploying new clients and will show up in the drop down list for feature sets when exporting install packages or adding clients.  To change the client install features of existing clients, add a client install package in the Client Install Package tab of the client group and select this feature set.  Clients will get the new install package when they heartbeat into the manager (SEPM) and uninstall the SONAR and IPS components on their own.

.Brian's picture

You are correct. It is installed as part of the IPS component and there is no way to de-select it. You can only disable it via the policy. See this KBA:

Enabling or disabling network intrusion prevention or browser intrusion prevention

Article:HOWTO80887  |  Created: 2012-10-24  |  Updated: 2013-06-06  |  Article URL http://www.symantec.com/docs/HOWTO80887

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

JoshuaT's picture

Thank you Rafeeq.  Where does it say in the Manual that Advanced Download Protection = Symantec Vulnerability Protection browser add on? 

It appears to actually be used as part of Insight for reputation defense.

http://www.symantec.com/business/support/index?page=content&id=TECH171776

.Brian's picture

There is a brief blurb here:

How Symantec Endpoint Protection policy features work together

Article:HOWTO80982  |  Created: 2012-10-24  |  Updated: 2013-06-06  |  Article URL http://www.symantec.com/docs/HOWTO80982

Download Protection is part of Auto-Protect and gives Symantec Endpoint Protection the ability to track URLs. The URL tracking is required for several policy features.

If you install Symantec Endpoint Protection without Download Protection, Download Insight has limited capability. Browser Intrusion Prevention and SONAR require Download Protection.

The Automatically trust any file downloaded from an intranet website option also requires Download Protection.

It doesn't say Advanced Download Protection is Symantec Browser IPS add-on. It just means browser IPS needs download protection to function correctly. There is still no way to de-select the browser IPS add-on from installing. If you install IPS, browser is also installed. You can only disable it via policy.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

since BI also works using IPS they both have to be selected. If you select IPS the other one gets added automatically no way to deselect those.

How intrusion prevention works

.Brian's picture

Yes, if you install IPS you automatically get the browser IPS, there is no way around this currently. They're not separated out.

You can only disable via policy AFTER it's installed.

Either that or you don't install the IPS (Not recommended)

Similar threads here:

https://www-secure.symantec.com/connect/forums/sep...

https://www-secure.symantec.com/connect/forums/sym...

You can use a GPO to automatically enable the addon. See the solution here:

https://www-secure.symantec.com/connect/forums/bro...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SebastianZ's picture

For the followers of this thread please check as well:

https://www-secure.symantec.com/connect/forums/sym...

Currently the IPS engine has been updated to version 12.0.1.3 that is compatible up to the newest Firefox 24.x version. The update of the IPS Engine comes automatically with the IPS Definitions update (you need IPS defs from 2013.10.02 or newer revision). You can check the version of the your IPS Engine on the SEP Client -> Troubleshooting -> Versions -> Engines -> Intrusion Protection Engine (or IPS depending on the SEP Version used).