Advanced Threat Protection

Hello Guys , I just wanted to know if anyone of you is currently using Symantec ATP: Endpoint in production network . How powerful this product is and how strong its integration is with SEP ?

Thanks

I would go through this webinar that was just was just released:

https://www-secure.symantec.com/connect/forums/atp-its-webinar-recording

The webinar is great and explains quite a bit.

Hi Brian thanks for sharing the informative webinar. However I've been playing with isolating the client via the ATP manager but it is a misleading becuase you apply a HI policy via the SEPM and then also associate it with a Firewall Quarantine policy . And when the HI check fails it will apply the Firewall Quarantine policy from the SEPM. 

So the only difference you see when you click on isolate button from the ATP Manager itself for this particular endpoint on the agent UI will only see this message " The agent has been Quarantined by the Administrator " And when you rejoin this client from the ATP Manager this message will go away but client will still be placed in the Quarantined location ( and having a quaranted firewall policy applied to it ) 

Have you tested this feature yet or no ?

Thanks 

No, but, very soon.

ATP uses SEP auto location switching to put the SEP client in question into Quarantined location. You will need to assign policies in Quarantined location. The firewall policy should be configured to only allow certain traffic such as DNS, AD or to patch management server.

You do not need to configure a HI policy check for this purpose.

Alan

Hi AL76 thanks for the update but the thing is Quarantine policies are applied when the HI check failed . I have tested it in my lab and it only works when you have a HI policy applied to the group . What normally happens is when you click Isolate from the ATP console on the client it will only then place the client in Quarantine location.