Endpoint Protection

 View Only

  • 1.  How to prevent users from changing proxy settings SEP12.1

    Posted Jun 08, 2016 08:58 AM

    Hello Everyone,

    I need a help, some customers are changing the proxy at the local station, and released using the internet.

     

    Is possible to prevent users from changing proxy settings on internet explorer, google chrome and firefox through SEP 12.1 ?

     

    Thank.



  • 2.  RE: How to prevent users from changing proxy settings SEP12.1

    Posted Jun 08, 2016 09:32 AM

    A GPO is the best way to handle this.

    You can prevent users from messing with the settings from within SEP only. Go to the Clients page and select whatever group you need. Select the Policies tab and under Settings select External Communications Settings.

    On the Proxy Server (Windows) tab close the lock icon.

    How to Update the Proxy settings in the Symantec Endpoint Protection Manager (SEPM) 12.1



  • 3.  RE: How to prevent users from changing proxy settings SEP12.1

    Trusted Advisor
    Posted Jun 09, 2016 05:13 AM

    "Is possible to prevent users from changing proxy settings on internet explorer, google chrome and firefox through SEP 12.1 ?"

     

    This is best controlled using Group Policy (GPO) - assuming you have a network with AD as you have not told us your network setup. I don't think SEP would be able to prevent users from changing the proxy server for these web browsers.



  • 4.  RE: How to prevent users from changing proxy settings SEP12.1
    Best Answer

    Posted Jun 09, 2016 08:28 AM

    Thumb's Up to the above suggestion by Tony.  If you really want to use SEP to do this though, then you can use Application and Device Control rules to block access to modify or change the proxy registry keys.  The below articles should help:

    http://www.symantec.com/docs/HOWTO100332

    https://support.microsoft.com/en-us/kb/819961

    While these are well and good, I'd highly recommend you review your FW configuration instead, as it sounds like it may not be configured as securely as it could be.  As you have a proxy server through which all users should access the internet, then all user machine IP addresses would ideally be blocked at the Gateway from accessing the internet, with access only being possible via the Proxy.  Obviously, some exceptions will crop up, but Security Best Practices are to only allow what is required for BAU, and nothing else (this would also negate the requirement for a GPO or SEP policy as the machines won't get internet access at all, unless using the proxy).



  • 5.  RE: How to prevent users from changing proxy settings SEP12.1
    Best Answer

    Posted Jun 09, 2016 09:09 AM

    Thank you for the help everyone.

    This environment is delicate and does not have AD.
    I used a rule APP and DEV Control to blocking registry change on proxy.
    So every time it is necessary to change the proxy, the administrator must stop the antivirus SEP.

     

    Registry

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable