Endpoint Protection

Hi,

I need to block p2p apps from running in my organization.

http://www.symantec.com/business/support/index?page=content&id=TECH122597

This KB article shows that SEP's built in IPS signatures can be used to block p2p traffic.

My question is, will using this block most p2p software?

I do not want to use the 'Application & Device Control' feature or SEP firewall configuration as they require manually updateing the p2p application executables list or their hash list.

Thanks,

Shuhood

See this

What do P2P Applications do and How to block Peer to Peer Applications (P2P) using Symantec Endpoint Protection?

https://www-secure.symantec.com/connect/articles/what-do-p2p-applications-do-and-how-block-peer-peer-applications-p2p-using-symantec-endpoin

Thanks James for the additional info, but I couldn't find an answer to the question.

Does using built-in IPS signatures block most p2p?

These are the signature for which P2P apps it can detect:

By default they are not blocked and in some cases not even logged. You can add exxceptions as needed though to block and/or log.

But alot of P2P apps are still missing from this list.

Thanks Brian.

So it means, If I block p2p apps using built-in IPS p2p signatures, clients will still be able to run softwares like Utorrent which are not present in the list? (ofcourse considering I do not add other clients manually).

Don't get confused. IPS won't stop applications from executing. IPS only looks at network traffic and blocks accordingly. It doesn't stop s apps from running though.