Endpoint Protection

 View Only

  • 1.  Using SEP to block MS Word Web access

    Posted Jul 24, 2012 01:46 PM

    I am using SEP11, and wants to know if SEP is able to block user not able to access remote web via the opening of MS word (or similar xls, ppt etc) documents?

     

    Please advice.

     



  • 2.  RE: Using SEP to block MS Word Web access

    Posted Jul 24, 2012 02:12 PM

    I assume you mean they would click on a link in the Word doc which would than open up the system's default browser?

    You could use an application and device control policy to block which ever browser they use from opening a browser session via the Word doc, as long as winword.exe is the calling (parent) process.

    Or do you want to block Microsoft Word Help?



  • 3.  RE: Using SEP to block MS Word Web access

    Trusted Advisor
    Posted Jul 24, 2012 02:12 PM

    Hello,

    Could you please explain your requirements a bit in detail?

    Are you talking about blocking html links from the MS Office documents?

    OR 

    Do you want to block the MS updates ?

    If want to block html links, then you could not disable the html links via SEPM.

    However, you could block the websites via SEPM

    Check these Articles:

    Blocking a Website using Symantec Endpoint Protection http://www.symantec.com/docs/TECH92405

    How to block/allow website access using the Symantec Endpoint Protection Manager custom Intrusion Prevention Signature policy http://bit.ly/uLiS84

    Allow and Block websites using Symantec Endpoint Protection Firewall (VIDEO) http://bit.ly/PdxO7m

    Awaiting your reply..



  • 4.  RE: Using SEP to block MS Word Web access

    Posted Jul 24, 2012 09:54 PM

    the situation is the web link was inside the word file, when user open the word file. MS word will directly connect to the sites without launching the browser.

     



  • 5.  RE: Using SEP to block MS Word Web access

    Trusted Advisor
    Posted Jul 25, 2012 07:30 AM

    Hello,

    "MS word will directly connect to the sites without launching the browser." - quite suspicious.

    Could you please submit this suspicious file to the Symantec Security Response Team?

     

    You would have to Submit the Files to the Symantec Response Team on the Following Sites:

    https://submit.symantec.com/websubmit/essential.cgi

    http://www.threatexpert.com/submit.aspx

    Note: ThreatExpert is owned by Symantec.

    Also work on the steps provided in the article below:

    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    Hope that helps!!



  • 6.  RE: Using SEP to block MS Word Web access

    Posted Jul 25, 2012 07:39 AM

    You should submit this file. That is not expected behaviour.



  • 7.  RE: Using SEP to block MS Word Web access

    Posted Jul 26, 2012 01:57 AM

    So is it external content you refer to that is loaded afterwards in the word document?

    If Im not wrong you can actually deny this download of external content via Word Policy, then the users explicitly need to click that the content will be loaded.

    In general it could be a bit hard to block it without even affect word properly as when you would create a custom IPS policy for this activity you may need to block also "good" acceess from word to the web and maybe word is gonna use the thread of IE to connect, what even makes it more difficult.

    So try with the word settings first I would suggest.