Endpoint Protection

 View Only

  • 1.  "Silent" Network Application Monitoring and Mixed Control Mode

    Posted Feb 19, 2018 11:27 AM

    Hello SEP wizards!

    So for years we have been running our SEP 12.1.x consoles with the Client User Interface Control Settings in "Mixed Control" mode. For the same amount of time, we have had "Network Application Monitoring" set to "Enabled" with "Allow and Log".

    During those SEP 12.1.x years, with many Windows IPU's, I have NEVER received a notification from the SEP client that an application had changed...exactly as expected. So now we are moving toward SEP 14, and low and behold, with the above settings set exactly same way, I get popup after popup when doing a Windows IPU (In Place Upgrade) that an application has changed, and do I want to allow it. In this instance I went from Win 10 1703 to 1709.

    So, is there a check box somewhere that I'm missing?? I checked the notifications on the Firewall Rules, their unchecked. Anywhere else I should look?

    I realize that all the documentation suggests that for "Allow and Log" to function, the SEPM must be running in "Server Control" mode, but we cannot do that, and it has been working as expected with SEP 12.1.x for a very long time.

    What am I missing??

    Thanks for your suggestions,
    -Mike



  • 2.  RE: "Silent" Network Application Monitoring and Mixed Control Mode
    Best Answer

    Posted Feb 19, 2018 11:31 AM

    I believe this was a defect which was resolved in RU1. There was a similar thread awhile back on it:

    https://www.symantec.com/connect/forums/application-has-changed-last-time-you-used-it

    Not sure it was resolved for this particular customer though.



  • 3.  RE: "Silent" Network Application Monitoring and Mixed Control Mode

    Posted Feb 19, 2018 12:31 PM

    Thanks for the info Brian...

    Currently we're running RU1 MP1, that said, there is a link off the article above:  https://support.symantec.com/en_US/article.TECH240699.html

    Which states: This issue is resolved in Symantec Endpoint Protection (SEP) 14 RU1 and only works for fresh installationFix for the upgrading environment will be targeted in the next version SEP 14 RU2.

    If I'm reading this right, the issue is only fixed on machines that receive a fresh install of RU1 or greater, and that the fix for an upgraded machine will be included in RU2?

    Brian, just for  clarification, do believe that given my situation (Managed client, running in Mixed Control mode, with Network Application Monitoring enabled and set to "Allow and Log"), assuming there is not a defect in the SEP client, I should NOT be seeing popups when IE, Outlook, Firefox, etc...change?

    Thanks,
    -Mike

     



  • 4.  RE: "Silent" Network Application Monitoring and Mixed Control Mode

    Posted Feb 19, 2018 12:54 PM

    Regardless of what mode it's in, the only way end users would/should see popups was if it was set to 'Ask' 



  • 5.  RE: "Silent" Network Application Monitoring and Mixed Control Mode

    Posted Feb 19, 2018 02:45 PM

    Awesome, exactly what I was hoping to hear. Thank amigo!