Endpoint Protection

hello all

i have one pc, that have problems with the firewall rules durning the usage of the webcam with the cisoc ip phone.
namely, some time ago at the begining of the deployment of SEP11, we had a problem with the  network threat protection because it was always blocking the cisco unified video advantage that is used for transiving the video signal from the web cam. the problem was solved via adding an FW rule that allows the webcam traffic. This rule seams to work for everybody exept for one user. the  network threat protection log for the says that the aplication is blocked based on the: block_all rule. The rule is not defined on the manager, nor is defined localy on the pc (the user have privelegies to do this, for testing purposes).

can enyone help

First check if this particular computer  is commuincating with the SEPM or not ?

If it is commuincating  then create a Test Group , Apply the firewall rule to this Test group and move the client to the Test Group

Update the policy and check

Hi,

Block All rule should be at the bottom of the firewall rule base in the NTP policy in SEPM.

It will be applied if the client is unable to fulfill conditions you have set for the other computers to work.

I think there could be something wrong at the client machine or the application setup. Just to prove that theory, you can make sure that the affected machine is identical to the ones that are working fine.

Also, confirm that the correct policy is applied to that machine.

Best,
Aniket

hi,

the problem magically was solved. All i did was moving the user to another group of users, updating the policy, and then returning the user in its originally group. After updating the policy the FW rules started to work as they should

regadrds