Advanced Threat Protection

 View Only

  • 1.  ATP ITS Webinar recording

    Posted Jan 26, 2016 11:41 AM

     

     

    Posting ITS Webinar recording for the Connect community.

     

    https://vimeo.com/153096782

     

     



  • 2.  RE: ATP ITS Webinar recording

    Posted Jan 27, 2016 02:52 AM

    Hi John . It was very informative , really liked it. However I have one question in this regard. I believe ATP : Network is also supported now in inline mode as of the version 2.0 , Isn't it ?



  • 3.  RE: ATP ITS Webinar recording

    Posted Jan 27, 2016 06:24 PM

    Inline is not currently available in this release. Symantec roadmap shows that is will be available in the upcoming release in April 2016



  • 4.  RE: ATP ITS Webinar recording

    Posted Jan 28, 2016 04:56 AM

    Hi John , I would really appreciate if you can kindly answer my following query. I've been playing with isolating the client via the ATP manager but it is a misleading becuase you apply a HI policy via the SEPM and then also associate it with a Firewall Quarantine policy . And when the HI check fails it will apply the Firewall Quarantine policy from the SEPM. 

    So the only difference you see when you click on isolate button from the ATP Manager itself for this particular endpoint on the agent UI will only see this message " The agent has been Quarantined by the Administrator " And when you rejoin this client from the ATP Manager this message will go away but client will still be placed in the Quarantined location ( and having a quaranted firewall policy applied to it ) 

    Have you tested this feature yet or no ?



  • 5.  RE: ATP ITS Webinar recording

    Posted Jan 29, 2016 12:16 PM

    SymSpec,

     

    We have tested this process and see below for our results.

    When we click isolate a endpoint from the ATP console the endpoint see these results.

    red.png

    after.png

    After rejoining the endpoint from the ATP console we get this:

     

    Green.pngbefore.png

     

    As you can see HI changes the location when it places the endpoint into isolation (Default >Quarantine) and when we rejoin it HI changes the location back to (Default)

     

    Please let me know if this answers your question.



  • 6.  RE: ATP ITS Webinar recording

    Posted Jan 29, 2016 12:23 PM

    Thanks for the reply John. I am getting the same result in my results as you showed in the screenshot , Just one last thing . Can you please also share the screenshot of HI policy that you have applied to this client on SEPM ?  That will surely remove my last remaining doubt. Many thanks



  • 7.  RE: ATP ITS Webinar recording

    Posted Jan 29, 2016 01:02 PM

    HI.png

    Quarantine Firewall Policy.

    FW.png

     

     



  • 8.  RE: ATP ITS Webinar recording

    Posted Jan 29, 2016 01:12 PM

    John thanks for the kind reply actually I was refering to the requirements section in the HI . Can you please share that ? I am sorry for the inconvenience .  Regards !