Endpoint Protection

 View Only
Expand all | Collapse all

block msn

Migration User

Migration UserJul 23, 2009 04:22 AM

Migration User

Migration UserJul 23, 2009 05:27 AM

  • 1.  block msn

    Posted Jul 22, 2009 11:29 PM
    I cannot block windows live messenger with symantec endpoint manager.I have try Firewall policies, Device and Control but it won't work. Maybe i missing something. I need solution for this one.


  • 2.  RE: block msn

    Posted Jul 22, 2009 11:55 PM
    How are blocking it..I means how are you creating the policy?
    On the client do you have SEP with all the features installed and communicating with SEPM? 


  • 3.  RE: block msn

    Posted Jul 23, 2009 01:00 AM
    View the MS KB for Live Messenger ports and URL's used.

    http://support.microsoft.com/default.aspx/kb/927847

    Create a FW rule that blocks traffic to the login.live.com domain (https://Login.live.com).



  • 4.  RE: block msn

    Posted Jul 23, 2009 02:39 AM
    first i set the policy in (Appliction and device control-block application from running-block these application(properties)-(wlcomm.exe(enable drive type)and  msnmsgr.exe (enable drive type).
    I try to configure with firewall rule but it won't work. pls show me how to configure.


  • 5.  RE: block msn

    Posted Jul 23, 2009 03:04 AM
    Use the default template to block applications.
    Give the location for wlcomm.exe..set the action to terminate.

     http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/7049d06ba3c9e86f802573620054d9c2?OpenDocument


  • 6.  RE: block msn

    Posted Jul 23, 2009 03:05 AM
    Add Rule--Application--give the location or just name of the exe.
    Select the action block after applying this policy.Move it up to the top 7 rules. 


  • 7.  RE: block msn

    Posted Jul 23, 2009 03:38 AM
    hello vikram kumar
    i try all your solution but it won't work. How could this happen. Is there another way to block window live messenger?


  • 8.  RE: block msn

    Posted Jul 23, 2009 03:45 AM
    Is it  not blocking MSN ..or its not blocking anything at all try to block something else..to check if the problem is something else?


  • 9.  RE: block msn

    Posted Jul 23, 2009 04:22 AM
    I have try another application but it same.


  • 10.  RE: block msn

    Posted Jul 23, 2009 04:28 AM
    Either something is wrong in the policy or policy is not applied on the right group..
    May the client is not receiving the policy 
    Or Firewall and Application and device control is not enabled on these clients..



  • 11.  RE: block msn

    Posted Jul 23, 2009 05:23 AM
    the policy is affected the user. all the firewall, appliction and device is enable on these client.I don't know how to fix that problem.


  • 12.  RE: block msn

    Posted Jul 23, 2009 05:27 AM
    Can you post your policy screenshots


  • 13.  RE: block msn

    Posted Jul 23, 2009 06:11 AM
    here is a link (http://www.megaupload.com/?d=A6C6S42W)


  • 14.  RE: block msn

    Posted Jul 23, 2009 06:29 AM

    I meant to say..Can you edit your Application and device control policy & Firewall policy and show how have you made changes in that..



  • 15.  RE: block msn

    Posted Jul 23, 2009 06:40 AM


  • 16.  RE: block msn

    Posted Jul 23, 2009 07:13 AM

    The firewall policy looks fine..except i cant see what have entered for hosts..

    Application Control policy is wrong.

    In the policy3 screenshot there should be only * and nothing else

    also uncheck that sub processes..check box

    I have exported a working application control policy to block notepad.exe
    You can import and and check it,
     

    http://www.megaupload.com/?d=BTOBZB8Z



  • 17.  RE: block msn

    Posted Jul 23, 2009 07:31 AM
    I choose local/remote. I set local host for symatec endpoint manager IP and Remote host is my IP address.
    I try your application control but it doesn't block.


  • 18.  RE: block msn

    Posted Jul 23, 2009 07:32 AM
    I choose local/remote. I set local host for symatec endpoint manager IP and Remote host is my IP address.
    I try your application control but it doesn't block. I can write and save the notepad.


  • 19.  RE: block msn

    Posted Jul 23, 2009 08:56 AM
    I think you should reinstall or upgrade you SEP client, I believe that the policy canot be override. let me know how it goes


  • 20.  RE: block msn

    Posted Jul 23, 2009 09:44 AM
    Check on the client has it updated the policy

    check this registry entry to know if Application and Device control is enabled..
     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysPlant and the vlaue of Start should be 1.

    On the client itself go to View Logs--Client Management-System Logs..and check when was the policy applied..reboot the client once to make sure the policy is applied and working.


  • 21.  RE: block msn

    Posted Jul 24, 2009 12:51 AM
    Peterpan and vikram kumar

    Today i uninstall the previous version and  upgarde the latest version of symantec endpoint protection 11.0.4000  .And i try all of your solution but it doesn't make any change.I check the Client Management-System Logs and the policy is applied and in the registry Application and Device Control is enable.My Symantec Endpoint Manager is Window XP and all Client are Window Vista.All the windows are 32 bit version.Do you have any idea?


  • 22.  RE: block msn

    Posted Jul 24, 2009 03:31 AM
    http://www.megaupload.com/?d=W45EARNL

    There is a new Working Application control policy for blocking notepad from SEPM ( dat file)
    And the clients policy profile (xml)
    Test it and let me know if it is working..in your test environment.


  • 23.  RE: block msn

    Posted Jul 24, 2009 07:51 AM
    I try your working application control policy in SEPM and the client policy profile in client PC.After that my client machine cannot ping any other machine. And the green dot is disable.


  • 24.  RE: block msn

    Posted Jul 24, 2009 08:37 AM
    It would be after applying Client policy..since it was my Test Machine..so i will have to check was policy I had for the Firewall...You can any time export a working policy and import it..
    But is the Application Control Policy working ? it it blocking the notepad ?

    Also make sure you also test it from the SEPM..


  • 25.  RE: block msn

    Posted Jul 24, 2009 08:54 AM
    https://www-secure.symantec.com/connect/forums/how-block-applications-sep-using-md5


  • 26.  RE: block msn

    Posted Jul 24, 2009 09:42 AM
    Read the discussion posted by mon raralio above ...to get a better idea about how it works.. 


  • 27.  RE: block msn

    Posted Jul 24, 2009 09:59 AM
    Policies tab on the left, under view policies on the screen, choose intrusion prevention, then exceptions. Many IM services are listed, enable and choose block.
    MSN messenger login for example is #20015 in the list.


  • 28.  RE: block msn

    Posted Jul 27, 2009 01:40 AM
    Hello
    I fix it.I block msn with File Fingerprint.I output hash id for live messenger with checksum.exe. Right now i can block the client.thank you  for helping me vikram.

    mon.raralio froum is help me to fix that problem too.


  • 29.  RE: block msn

    Posted Jul 27, 2009 06:20 AM
    Could you post the MD5 hash ID on the link I provided. It would greatly help the community. Thanks in advance.


  • 30.  RE: block msn

    Posted Jul 28, 2009 01:37 AM
    Here is the MSN Live Messenger version 2009(Build 14.08064.206) MD5 HASH ID

    16c3811f3a5cd8ea7030a42a75892136