Mighty all, is it possible to programm a custom IPS rule to check only for a specific bytes of the packet? I understand that I can specify offset and depth, but it seems like IPS does not only check the specified "range" but continues checking rest of the packet.
Thanks in ...
Currently there is no way of setting the maximum size of the list of learned applications.
Being unable to set the limit on it has several known performace&stability risks + requires a lot of yoda-yoda with the backend DB to keep this list within a reasonable size.
I suggest ...
Here's an idea: have SEPM save MD5 hash of a file matched by a firewall rule/IPS/Custom IPS.
This information can be further used in application and device control policies to enchance security and address "smart" moves of renaming an app to overcome layer of firewall ...
Right now SEP stores list of exclusions in clear text in the registry. An attacker might take advantage of this. I sugget to add a featre to encrypt exclusions (please don't use "one key fits all workstaions in the world" approach) to enchance security on endpoints.
I'm looking for a way to email myself on a regular basis data from Monitors-Logs-Network Threat Protection-Traffic. Is there a way to do so without leveraging 3rd party tools like SQL Reporting?
Thanks in advance!
Here's an idea: allow creating exceptions for applications signed by a "trusted" publishers.
We often come across a situation, when our internally developed software or software that comes from our vendors triggers false positives in SEP12.
I came across a situation, where there is no native way of unattended removal of a SEP client whenever it there is an uninstall password protection and tamper protection in place. In order to workaround this problem, I used powershell to parse the uninstall log and as soon as password prompt ...