Endpoint Protection

I am using Symantec Endpoint Protection Manager 11 MR4.
Is there a way to create custom intrusion prevention signature to prevent machines from sending ICMP broadcast traffic ?

Thanks & Regards,
Ash

Hi,

the answer to your  question is that you cannot create custom IPS.
Did you try to create a proper firewall rule in our firewall?

Regards,

Here you go -

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007101708052548

I have to admit that I did not know this feature... thanks Cycletech,

Regards,

 When you write the content for each IPS signature, you must use the following syntax:

rule protocol-type, [protocol-options,] [ip-protocol options,] msg, content...

ICMP protocol arguments

Refer to RFCs 792 and 1256 for detailed descriptions of valid ICMP protocol type and code combinations.

Table: ICMP protocol arguments

Attribute
Description
Syntax
type
ICMP protocol type
type operator value
where value is an unsigned 8-bit number from 0 to 255.
For example:type=0
code
ICMP protocol type
code operator value
where value is an unsigned 8-bit number from 0 to 255.
For example:
code<=10

This can be done via Firewall aswell.
When you create a firewall rule for Netowrk Service rule ..next..next..finish..
double click Service -ADD...select ICMP and you get all the 40 ICMP type to block or allow. 

Thanks mates... I tried with Firewall polices... It did work... Let me try Vikram's suggestion & update you all...


Ash King