Endpoint Protection

 View Only

  • 1.  Deny applications to auto update using SEPM

    Posted Oct 18, 2010 10:49 PM

    Dear All,

     

    Is there any way to deny specified windows applications to connect to the internet for Auto update?

     

    Regards,

    Sasi



  • 2.  RE: Deny applications to auto update using SEPM

    Posted Oct 18, 2010 11:02 PM

    You can create an Application rule in the Firewall to block an application  from running , but we cannot  deny specified windows applications to connect to the internet for Auto update

    A work around for this would be blocking the website to which they would connect , to get the update. So since they will not have acess to the website they cannot get auto updates



  • 3.  RE: Deny applications to auto update using SEPM



  • 4.  RE: Deny applications to auto update using SEPM

    Posted Oct 19, 2010 12:18 AM

    Dear Prachand,

    Thanks for your quick reply, I have a question from the SEPM firewall Rules block http,https services for Allow all applications will help?

     

    Regards,

    Thiagarajan.T



  • 5.  RE: Deny applications to auto update using SEPM

    Posted Oct 19, 2010 12:22 AM

    You can block all http and https using the SEPM,but if you do that no websites(Both internal and external) you will not be able to access.



  • 6.  RE: Deny applications to auto update using SEPM

    Posted Oct 19, 2010 12:23 AM

    But in that case even SEP will not download its update and you will not be able to open any other website

    So the best option would be only to block the specfic website rather than all..



  • 7.  RE: Deny applications to auto update using SEPM

    Broadcom Employee
    Posted Oct 19, 2010 12:23 AM

    ok, you can block the traffic based on protocol, so it is possible.



  • 8.  RE: Deny applications to auto update using SEPM

    Posted Oct 19, 2010 12:26 AM

    that will block  your internet..

    in sepm intrustion prevention policy ; there is an option to hide windows OS

    check that option; though OS will connect to internet it wont download anything...



  • 9.  RE: Deny applications to auto update using SEPM

    Broadcom Employee
    Posted Oct 19, 2010 12:28 AM

    check this article , could be useful for you

    https://www-secure.symantec.com/connect/articles/how-block-internet-address-sep-manager-firewall-rule



  • 10.  RE: Deny applications to auto update using SEPM

    Posted Oct 19, 2010 12:06 PM

    Sasi,

      Most applications like Adobe products for example, will detail how to configure their apps to not autoupdate via an MSI file upon installation.  Same goes for Java, and a few others that are common apps.  A quick search on their support site or 3rd party sites detail this quite well.

     

    Outside of that, firewall rule, blocking that particular EXE file from accessing the Internet would work.

    Perhaps even using NAC (an add on to SEP) could do this as well.