Endpoint Protection

Our environmnet has various Firewall Logs that are configured in our environment. How can i get the Firewall logs or any logs that shows about P2P software installed in our environment?

Should we configure some specify rules for it? Or will it automatically identify the logs and send it to us.

Nope. You need to configure specific logs to address P2P. You can create rules to block known P2P applications.

1. Login to the Symantec Endpoint Protection Manager (SEPM)
2. Click Policies
3. Click Firewall
4. Right-click your firewall policy and click Edit
5. Click Rules
6. Click Add Rule...
7. Name your rule
8. Click Next
9. Click Block connections
10. Click Next
11. Click Only the applications listed below
12. Click Add...
13. Enter the name of the P2P application's executable in the File Name field
14. Click OK
15. Repeat steps 12 through 14 for every other P2P application you want to block
16. Click Next > Next > Next
17. Click Yes
18. Click Next
19. Click OK

https://www.symantec.com/connect/articles/what-do-p2p-applications-do-and-how-block-peer-peer-applications-p2p-using-symantec-endpoin

you can try this article for p2p block

https://www.symantec.com/connect/articles/what-do-p2p-applications-do-and-how-block-peer-peer-applications-p2p-using-symantec-endpoin

Ok. I understand. But if we need to see all the logs from Firewall Rules. Where can we see it??

Also,If I run the command to "Collect FileFingerPrint

where can i see the reports /logs related?

Firewall Logs are found in the Traffic log in the SEPM

Monitors page

set Log type to Network Threat Protection

set Log content to Traffic

Please some one give me info, from where to check for logs related to Collect File Finger print??

I have yet another set of Intrusion Protection shown as attached. What should I do in such cases?? How can I protect the environment or how can i restrict the user?

GET /servlet/org.apache.catalina.servlets.WebdavStatus/<script>alert(40)</script> HTTP/1.1
Accept-Language: en-US
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Host: www.baharna.org
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)
X-Forwarded-For: 193.188.58.121
Cache-Control: max-stale=0
Connection: Keep-Alive
X-BlueCoat-Via: 7bf8dcae35ab1a8b
X-Forwarded-For: 193.188.58.121

 

Please I need expertise help to solve these kind of issues. I am just learning about firewall in SEPM.

This is for System Lockdown. The collected fingerprint list appears on the Policies tab under Policy Components > File Fingerprint Lists. Do you use System Lockdown?

Waiting for reply . Please need expertise review

The IPS is doing its job by blocking the attack from the remote source.

Aside from this, you could block the remote source at your gateway firewall.