ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Can Symantec Endpoint Protection detect malicious outbound traffic with Network Intrusion Prevention component?
Article ID: 170074
Updated On:
Products
Endpoint Protection
Issue/Introduction
You would like to know if SEP (Symantec Endpoint Protection) client can detect and block both inbound and outbound traffic matching IPS signatures.
Resolution
SEP Network Intrusion Prevention monitors both inbound and outbound traffic.
Monitoring outbound traffic is important since Network Intrusion Prevention can also trigger the Virus and Antispyware Protection to quarantine or delete a process running locally if it initiates malicious traffic matching an IPS signature.
This can be useful also in discovering when a system is infected, not only in case of worms but also for systems sending botnet traffic, downloading other malwares, etc...
Feedback
Yes
No
Powered by
