Endpoint Protection

 View Only

  • 1.  How to upgrade custom .NET app without triggering Network Threat Protection

    Posted Jul 01, 2010 09:53 AM
    Hi, we're a charity using Symantec Endpoint Protection 11.06 clients on our PCs.

    We have a custom-developed .NET application which has an auto-upgrade function which allows it to overwrite itself with a new .EXE file when we want to roll out a new version.

    However we have discovered that overwriting the .EXE file leads to Symantec Network Protection identifying the EXE as a possible threat when it tries to access the network. The users then see a dialog like this:



    What can we do to avoid this? Or, in other words, what is it that triggers this warning exactly?

    Would using Signed .NET Assemblies help? Is it something to do with how the EXE is overwritten?

    Thanks in advance for any advice.


  • 2.  RE: How to upgrade custom .NET app without triggering Network Threat Protection

    Posted Jul 01, 2010 10:01 AM
    Enable Network Application Monitoring to allow changes in the application Checksum. To do this please follow these steps.

    To enable Network Application Monitoring:
    Login to the manager and go to Clients
    Choose the group and Select the Policies tab
    Under Policies Click Network Application Monitoring
    Check the box that says, "Enable Network Application Monitoring."
    From here, you can set the default policy when Endpoint Protection detects changes in an executable. Choose between Ask, Block the Traffic, or Allow and Log.

    How to set up learned applications in the Symantec Endpoint Protection Manager


  • 3.  RE: How to upgrade custom .NET app without triggering Network Threat Protection

    Posted Jul 01, 2010 10:05 AM
    Follow this discussion , make your client to be in mixed mode..then it wont ask you to allow or blog

    https://www-secure.symantec.com/connect/forums/network-application-monitoring-and-allow-and-log-all


  • 4.  RE: How to upgrade custom .NET app without triggering Network Threat Protection

    Posted Jul 01, 2010 10:05 AM
    This notification is generated by Network Application Monitoring. You can add programs to the Unmonitored Application List in order to prevent SEP from generating these notices for certain applications.

    1.   Login to Symantec Endpoint Protection Manager
    2.   Go to the Clients Tab
    3.   Choose the Group that the affected client(s) is a member of
    4.   Choose the Policies tab
    5.   Click Network Application Monitoring
    6.   Click Add
    7.   Specify any combination of criteria for the application’s executable


  • 5.  RE: How to upgrade custom .NET app without triggering Network Threat Protection

    Posted Jul 01, 2010 10:24 AM
    Thanks for the suggestions, but our version of Symantec is unmanaged, so I don't think there is a way for me to centrally change the settings.

    Is there something that could be done on the local PC to stop the warnings?

    Or better still, why do some sorts of upgrade trigger those warnings, and some not? Perhaps I can change the way the upgrade happens.


  • 6.  RE: How to upgrade custom .NET app without triggering Network Threat Protection

    Posted Jul 01, 2010 10:30 AM
    open sep\
    select network threat protec tion
    change settings
    select uncheck notification


  • 7.  RE: How to upgrade custom .NET app without triggering Network Threat Protection

    Posted Jul 01, 2010 10:39 AM
    In the client GUI Status-->Network Threat Protection-->options--->view application settings.Here you try to configure that application to allow......