Can Symantec Endpoint Protection detect malicious outbound traffic with Network Intrusion Prevention component?

book

Article ID: 170074

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You would like to know if SEP (Symantec Endpoint Protection) client can detect and block both inbound and outbound traffic matching IPS signatures.

Resolution

SEP Network Intrusion Prevention monitors both inbound and outbound traffic.

 

Monitoring outbound traffic is important since Network Intrusion Prevention can also trigger the Virus and Antispyware Protection to quarantine or delete a process running locally if it initiates malicious traffic matching an IPS signature.

This can be useful also in discovering when a system is infected, not only in case of worms but also for systems sending botnet traffic, downloading other malwares, etc...