Endpoint Protection

Hi Team,

Can we implement something for SEP to not block traffic from a detected “offender” and instead just logging this?

Is it something we need to do on central server?

Regards

Dev

Have one more doubt alonwith above one , 

Is there a way to whitelist IP addresses with SEP and could we say that traffic from source X is not screened?

Hi Devbrat,

Thansk for the post.  An admin on the SEPM has great power, in the IPS and Exceptions/Exclusions policies, to accomplish what you are looking for.

Symantec Endpoint Protection Manager - Intrusion Prevention - Policies explained
https://support.symantec.com/us/en/article.tech104434.html

How to exclude specific Web domains from the Download Insight verification in SEP 12.1
https://support.symantec.com/us/en/article.TECH162264.html 

I strongly recommend that exclusions are used only by the client groups that absolutely need them.  Do not open a security hole for the whole organization!

Hi ,

As the post below does not explicitely says how not to stop the attack after getting detected by SEP , In my case I just want to get the logs in not to stop them by IPS module, Is it possible to do on client end?

https://support.symantec.com/us/en/article.tech104434.html



As a second link https://support.symantec.com/us/en/article.TECH162264.html I would need to screen out the IP what I understood from post that IU need to create exception policy in SEP and then attached to target machine?

I am more intrested to unblock specific IPs to get identified by IPS functionality and should be only logged functionality as threat detected, would this be possible?

Regards

Dev

I got my answer in this post https://www.symantec.com/connect/forums/how-whitelist-ip thanks.