Endpoint Protection

Hi,

I was just trying to figure out if we have an option or does Symantec maintains some kind of Freeware and Open Source Software list that are vulnerable and are blocked using some real time list available in AV?

I would want users  not to install such softwares and block them using AV policies.

Thanks.

You can use an application control policy to prevent this. See this article:

How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage

Why don't you try and use DCS-Server Advanced its a very impresive product and you can acheive your requirement. 

About blocking vulnerabilities: SEP's IPS component should block the attacks that are attempted to exploit the vulnerabilities that might exist on a client machine. this includes any application that is running on the client machine.

About blocking the installation of software: This can be acheived using Application Control. However, such a rule will involve various types of inputs and has to be tested before being implimented in a large network.

Hi Neojag,

There are thousands (6000+) of vulnerabilities discovered every year in mainstream software.  Keeping a list of them all and which versions of which are vulnerable is a task large enough to require its own product or set of tools.  There are several highly-respected vulnerability scanners that network admins can use to see if there are any "open doors" in their environment thanks to old unpatched versions.  I won't recommend or endorse one over another as each has its own merits.  Definitely something to explore!  Do some research, play around with them and decide which is best for you.  &: )

From a SEP perspective: keep your AV defs up to date, ensure that IPS is in use on all endpoints, patch Java, Flash and other third-party browser components, and keep an eye on the security news to know what threats are exploiting which vulns.

Adobe patches Flash Player vulnerability used in Pawn Storm APT campaign
https://www-secure.symantec.com/connect/blogs/adobe-patches-flash-player-vulnerability-used-pawn-storm-apt-campaign

Please do keep this thread up-to-date with any additional questions or mark it solved if you have received your answer.

With thanks and best regards,

Mick

Thanks everyone.

I understand the vulnerability part but the concern I made here was the Freeware and Open Source Softwares, the operations team would have all the world's justification to use.

Since, some of them could lead to productivity enhancement, we may allow them to use post a rigourous scan. However, I am not sure but a friend of mine told me McAfee has this option in AV server to use a default policy which has some notorious softwares listed (and this list is updated every now and then) "unwanted program policy". I was wondering if we have something similar in Symantec.

SEP has a commercial application list of allowed/not allowed remote capapbility tools.

But for anything els eyou would need to use an application control policy to block unauthorized software.

Hi,

SEP also allows you to let the application run by following ways.

1. To allow such softwraes get the list of used ports, connection type (tcp/udp), direction etc. & tweak the firewall policy as per the requirements.
2. Create IPS exclusions.
3. Submit it to Symantec to get it white-listed. https://support.symantec.com/en_US/article.TECH132220.html