Endpoint SWAT: Protect the Endpoint Community

 View Only
Back to Library

Custom IPS Signatues to detect various filetype downloads 

Jan 05, 2015 02:41 PM

To build on my last IR article:

How to utilize SEP 12.1 for Incident Response - PART 6

I'm attaching a custom IPS policy which will detect the download of various filetypes via HTTP and HTTPS.

The signatures are in Allow mode and set to write to the Packet log for detailed information.

As of now, this policy will detect 37 different filetypes. I will update it as I add more.

Feel free to use and let me know if you have any questions or feedback.

Statistics
0 Favorited
2 Views
1 Files
0 Shares
0 Downloads
Attachment(s)
zip file
Various file extension downloads - Custom IPS.zip   6 KB   1 version
Uploaded - Feb 25, 2020
 
Download

Tags and Keywords

Comments

sharath kumar
Nov 22, 2018 03:53 AM

how to block downloading images from google using Intrusion Prevention policy

ℬrίαη
Aug 26, 2018 04:06 PM

Yes.

Sulman Mushtaq Mushtaq Hussain
Aug 26, 2018 01:49 PM

Hi Brian. Would this possible be able to work on SEPM 14.x ? Thanks.

ℬrίαη
Jan 10, 2017 07:41 AM

14 supports 12.1 clients. 

Migration User
Jan 10, 2017 02:32 AM

Thanks for this post. And could you tell me that will SEPM 14 support SEPM 12.x client which is running on windows XP and  if it will support than how long it will support XP.

Team Symantec
Jul 30, 2015 02:40 AM

Hello brain,

Thanks for the information.

Will it possible to get modified for blocking the attachments receiveing through email .

 

Thanks in advance

 

Migration User
Jul 08, 2015 01:35 PM

That's a good contribution Brian. Will go through the article that you have created as well....

Thanks for sharing!

Related Entries and Links

No Related Resource entered.