Endpoint Protection

Hi Friends-- Is there any application available to check the policy work or not?? I want to check the usb policy that I have implement in my site is working on all system or not... So pls share if avail..

on the SEPM console you should be able to find the policy number on the client, this shows the policy has been appliued to the client.

Also you can set logs for the policy and check it on the SEPM log.

I know about that option, but I don't know which of the policy I have assigned to SEPM Group is applied on all the client or not, So is their any application to check out the same, because customer told me that these type of tools avail..

Last time the policy has been corrupted and usb have been accessed 4-5 days in one of my branch. So required the application to track the same..

Hi Sumit,

There is not such tool available. As its very rare for a policy to get corrupted and as per design the policy has to work.

To test if a policy is working or not..The widely used procedure is to apply it on a test group and then check if the computer in the test group is behaving as per policy applied.

the ADC policy is applied to the group, the client in that will get the same policy for the said location ( in the group). Hence checking the serial number of the policy on SEPM console on details tab and comparing it with clients status on the SEPM tab will let know the clients policy.

If the policy is applied once on the client, it will not change unless a new policy is applied.

i have checked but my issue is that if the both of the policy are same and if it not owkring then any idea to check out the same..

Hi,

Regarding your statement "So is their any application to check out the same, because customer told me that these type of tools avail.."

These tools could be any that may fall in the following categories:

• Auditing software
• Network monitoring
• Penetration testing software
• Diagnostic software

Searching for them could be a start. Cheers.

i know that policy will be corrupt in rare chances but I want to track that system which are define in the blockage group but policy is not getting update there. It's a daily base activity so i can't be able to download dat manually..

Some one told me that there one tool avail for audit testing purpose, it will show the detail of hostname where policy are not getting apply...

Well even I am not aware of any such tool.

However applying same policy on the test group would mean the same thing (make it shared)

I have testing the policy it working fine but on 3 of the system which have been found by audit, there policy is not working..

what does the message says?

The policy number would be different on these clients.

When he attached the Pendrive with that systems. Pendrives have accessed there.. These systems are in Blocked Group in SEPM

on the SEPM console, compare the policy serial number as that on client and on SEPM.

Yes policy number was different while delete the hwid file from Registry after that policy was worked there. But in future the same issue will be occur in other systems then it create a big problem there..

So if you will be get any information about that tool which help to find the systems where policy not work then pls update me...

I have compared the policy on that time both was different Then I have replace the Sylink and HWID file. After that it's update with same policy but tihs activty is manually base...

Though you have manually copied the sylink and then the policy got updated; it indicates the communication issue.

I have checked the same. System and server is indicating the Green dot(communicating Sign) in SEP Client. But I don't know why the policy was not refreshed there.

may be sylink log might give some information.

One of my team member has tested one of the s/w. That s/w show the detail of that system where compliance issue going on.. I have found there one system where pen drive was enabled

GFI EndPointSecurity is third party utility to help you the find out and scanning the device

Have you tried the GFI EndPointSecurity

Akhilesh

I have tried to download the same but fail, i think some registeration require. Pls confirm any other way.

I have downlaod the same but how to find from this app.

Any solution??

Hi Sumit,

To test your policy, you must meet the following:
1. Make  sure that the Policy rule is enabled on SEPM.
2. The client should have the Application and Device Control module installed.
3. The PC you're testing it on has the same Policy Serial as the one in the test group in the SEPM.

Here's some details:

Compare SEPM > Clients > Details tab...Policy Serial number to SEP Client > Troubleshooting > Management > Policy Serial Number. They should be the same.

Check the client to make sure that all modules are installed and if not, log in as administrator and go to Control Panel > Add/Remove Programs and select SEP, click on 'Change' and then check/enable all that applies.

Then, it's only a matter of testing your policy, make sure that your test procedure/script would include the process of updating the policy and then procedures to test the policy by intentionally violating the rule.

The tools you've requested might not work to test this policy for several reasons but the main would be that these tools use the Windows registry to check for information regarding your policies. Although SEP have entries in the registry, the policies is being handled by a program in SEP and not through the registry. So, auditing softwares might fail to recognize it. And modifying the registry by ADC or some other Windows app would be better.

Additional information can be found here:
Microsoft support - "How can I prevent users from connecting to a USB storage device?": http://support.microsoft.com/kb/823732
Symantec Endpoint Protection Manager - Intrusion Prevention - Policies explained: http://www.symantec.com/docs/TECH104434
Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity: http://www.symantec.com/docs/TECH105894

Cheers.

thanks a lot dear to sharing such a useful doc and link but in this way we can daily manuall download the data and then check out all the information but that is not possible for me. I need the tool to check out the same

pls reply how to use this application?

- double post -

This is very easy tool, you can have only one console where you can see all the settings.

When you open the console, there is option to check the policy, so you can create and edit policy and change it as per your requirement.

After creating the policy you can click on that policy and right side on console you can see the computer list where the policy apply. if you want to move the computer from one policy to another you can easily move it. and update the tool again.

If you have any more query please ask me. I request you to download and evelute the product, but this is only End point security it is not include any antivirus or anti spam.

Regards,

Akhilesh

thanks dear, i will try this and revert.