search cancel

Block unwanted network content with Endpoint Protection Mobile

book

Article ID: 174658

calendar_today

Updated On:

Products

Endpoint Protection Mobile

Issue/Introduction

Need to blocked unwanted content with Endpoint Protection Mobile (SEP Mobile)

Need to filter URLs

Cause

SEP Mobile is natively capable of filtering unwanted network content, but using the integration with WSS allows for deeper inspection of traffic, more granular policy, and extends organizational policy from traditional endpoints like desktops and laptops to modern endpoints like phones and tablets.

Note: Enabling these features may cause the iOS Battery usage to display incorrectly, see High battery usage displayed for Endpoint Protection Mobile for iOS

Environment

iOS

Resolution

To define unwanted network content

In the SEP Mobile Management Console
Go to Settings>Security>Network>Unwanted Network Content and check the box for Mark network content as unwanted if one of the following conditions is met:

There are 2 types of filters available, content and domain/subdomain.

When this setting is enabled SEP mobile will classify the following categories as unwanted by default:

  • Botnet C&C servers
  • Malicious Sites
  • Phishing
  • Third-party iOS app stores

Additional preconfigured categories can also be classified as unwanted content.

Domains and subdomains can also be configured as unwanted content. When a domain is specified each of its subdomains is also included.

To block unwanted network content

In the SEP Mobile Management Console
Go to Settings>Security>Protection Actions>Automatic Protection Against Network Content Threats and enable Block access to defined network content

 

Additional Information

NOTE: Activating "Block access to defined unwanted network content" will disable other iOS and iPadOS VPN-based protections:
  • Block access to defined Sensitive Corporate Resources
  • Block communication from the device to known malicious C&C servers
  • Block access to defined Sensitive Corporate Resources when Symantec Endpoint Protection’s secure connection cannot be used
  • Tunnel all network traffic through Symantec security gateway
  • Automatically disconnect malicious VPNs

NOTE: Enabling this feature installs and activates an always on VPN profile on iOS and iPadOS devices. This can increase battery usage.