Using " * " or "Any" as "Application" when creating firewall rules in Symantec Endpoint Protection

Article:TECH104295  |  Created: 2008-01-28  |  Updated: 2014-10-03  |  Article URL
Article Type
Technical Solution


How to use " * " (Asterisk) or "Any" as Application when creating firewall rules in Symantec Endpoint Protection (SEP) 11.0 or 12.1. What is the difference between " * " and Any? Why does the "Allow all applications" rule not work with ICMP/ping or broadcast traffic?



When creating firewall a rule in the Symantec Endpoint Protection Manager (SEPM), there is a difference between leaving the Application field as "Any" and entering an asterisk (*) to match all applications.

  • “Any”
    This setting will include all packets, no matter which application they’re destined for/coming from or if they are not associated with a running application at all. Therefore this setting will match traffic such as incoming broadcast packets and Internet Control Messaging Protocol (ICMP).
  • Asterisk (*)
    This setting will include only packets that are associated with a running application matching the " * " rule for the file name. Incoming broadcast and ICMP traffic for example, would be excluded from a rule with this configuration.

The default "Allow all applications" rule that is included when a new firewall policy is created uses the asterisk/star (*) in the rule and therefore does not match incoming ICMP traffic. To allow a ping of the host running the Symantec Endpoint Protection client, the "Allow ping" rule should also be enabled.


Legacy ID


Article URL

Terms of use for this information are found in Legal Notices