Endpoint Protection

Hi,

I Want to know abt Intrusion prevention ?

It monitors network traffic and blocks it if it matches a malicious IPS signature.

How intrusion prevention works

Managing intrusion prevention on your client computers

Best practices regarding Intrusion Prevention System technology

hi,

Check same thread are asking mr. Amit K Patel

https://www-secure.symantec.com/connect/forums/intrusion-prevention-1

Hello,

The intrusion prevention system (IPS) is the Symantec Endpoint Protection client's second layer of defense after the firewall. The intrusion prevention system is a network-based system. If a known attack is detected, one or more intrusion prevention technologies can automatically block it.

For example, it can prevent clients from writing files to a USB flash drive. Intrusion prevention also work as IDS. Policies are enforced by TruScan. The IPS functionality acts as a first line of defence against network based attacks.

Intrusion Prevention System technology significantly increases the level of protection that Symantec Endpoint Security gives to your network. You should always have IPS enabled on your network

Intrusion Prevention System technology is strong, effective technology that prevents malicious files from getting to your hard drive in the first place

Unlike antivirus, which looks for known malicious files, IPS scans the network traffic stream in order to find threats using known exploits and attack vectors. IPS does not detect specific files, but rather specific methods that can be used to get malicious files onto your network. This allows IPS to protect against both known and unknown threats, even before antivirus signatures can be created for them.

In Symantec Endpoint Protection 12.1, the client firewall function is separate and does not need to be installed or enabled for IPS to function.

Best practices regarding Intrusion Prevention System technology

http://www.symantec.com/docs/TECH95347

Symantec Endpoint Protection Manager - Intrusion Prevention - Policies explained

http://www.symantec.com/docs/TECH104434

Hope that helps!!

Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network secuity appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.

Intrusion prevention systems are considered extensions of  intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address. An IPS can also correct Cyclic Redundancy Check (CRC) errors, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options. 

Hello angelsmith,

It seems you have questions about every feature of Symantec Endpoint Protection  - 

Product Overview

Symantec Endpoint Protection combines technologies from previous Symantec products in a new interface. These technologies are:

• Antivirus and Antispyware
  Antivirus and Antispyware scan for both viruses and for security risks. Some examples of security risks are spyware, adware, and other files that can put a computer or a network at risk.
• Personal Firewall
  The Symantec Endpoint Protection firewall provides a barrier between the computer and the Internet. The firewall prevents unauthorized users from accessing the computers and the networks that connect to the Internet. It detects possible hacker attacks, protects personal information, and eliminates unwanted sources of network traffic.
• Intrusion Prevention
  The intrusion prevention system (IPS) is the Symantec Endpoint Protection client's second layer of defense after the firewall. The intrusion prevention system is a network-based system. If a known attack is detected, one or more intrusion prevention technologies can automatically block it.
• Proactive Threat Scanning
  Proactive threat scanning uses heuristics to detect unknown threats. Heuristic process scanning analyzes the behavior of an application or process to determine if it exhibits characteristics of threats, such as Trojan horses, worms, or keyloggers. This type of protection is sometimes referred to as zero-day protection.
• Device and Application Control
  Device-level control is implemented using rule sets that block or allow access from devices, such as USB, infrared, FireWire, SCSI, serial ports, and parallel ports. Application-level control is implemented using rule sets that block or allow the applications that try to access system resources.

I would suggest you to check these articles which would assist you with all the answers - 

What's new in Symantec Endpoint Protection 11.0

http://www.symantec.com/docs/TECH102401

What is new in Symantec Endpoint Protection 12.1?

http://www.symantec.com/docs/HOWTO81091

What's new with Latest Symantec Endpoint Protection SEP 12.1.RU3

https://www-secure.symantec.com/connect/blogs/whats-new-latest-symantec-endpoint-protection-sep-121ru3

Hope that helps!!

What's even more interesting is the solution that was marked. Very suspicious indeed...