How to disable all outbound network connections from the Endpoint Protection Manager

book

Article ID: 178664

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 

Resolution

In some secure or isolated environments, it is desirable to disable all outbound connections from the Symantec Endpoint Protection Manager to the internet.

Here's a summary of the steps necessary to disable ALL such connections:
  • Disable ThreatCon lookup for the Symantec Endpoint Protection Manager homepage (set scm.server.securitydatatask.disabled=true in conf.properties)
     
  • Disable the SEPM RMM WebService: Navigate to the SEPM\Tools folder, run "ConfigSEPM.bat -RmmWS:OFF" and restart SEPM service. Afterwards, open SEPM\tomcat\conf\server.xml with text editor and note comment near bottom that "Web services for remote management are disabled... to enable... run ConfigSEPM.bat -RmmWS:ON"
     
  • Open SEPM\Php\Include\Dashboard\getVirusDefs.php in a text editor and search for function getVirusDefs() and edit it as in following snippet (change in red)
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    function getVirusDefs() {
        $url = "http://securityresponse.symantec.com/avcenter/venc/auto/defstats.xml";
        # $url = "http://securityresponse.symantec.com/avcenter/download.html";
        $valIE="";
        //do not send the HTTP request, return immediately
        return $valIE;

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     
  • Disable Data Collection setting in SEPM:
    Admin->Servers->Local Site->Edit Site Properties->Data Collection->Uncheck the box
     
  • Configure SEPM LiveUpdate to use internal LUA (LiveUpdate Administrator) server.

Additional Information

REFERENCE ID : : 3802472