Can Symantec Endpoint Protection detect malicious outbound traffic with Network Intrusion Prevention component?
Updated On:31-08-2017 06:55
You would like to know if SEP (Symantec Endpoint Protection) client can detect and block both inbound and outbound traffic matching IPS signatures.
SEP Network Intrusion Prevention monitors both inbound and outbound traffic.
Monitoring outbound traffic is important since Network Intrusion Prevention can also trigger the Virus and Antispyware Protection to quarantine or delete a process running locally if it initiates malicious traffic matching an IPS signature.
This can be useful also in discovering when a system is infected, not only in case of worms but also for systems sending botnet traffic, downloading other malwares, etc...