Unable to locate the 'active response' feature in Intrusion Prevention Policy in Symantec Endpoint Protection 12.1

book

Article ID: 156267

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When 'risk tracer' is enabled in the Antivirus/Antispyware Policy, you will get a warning "The Firewall Policy and the 'active response' feature in Intrusion Prevention Policy must be enabled for this feature to work."

 'Active response' is also known as 'Automatically block an attacker's IP address'.

When viewing the Intrusion Prevention Policy, you do not see any feature referencing 'active response' or 'Automatically block an attacker's IP address'.

Cause

This feature was moved in version 12.1 into the "Protection and Stealth" component of Firewall Policy.

 

Resolution

Edit the Firewall Policy, Protection and Stealth, and ensure that 'Automatically block an attacker's IP address' option is checked for 'active response' to become available.