How to disable all outbound network connections from the Endpoint Protection Manager
Article ID: 178664
Updated On:
Products
Endpoint Protection
Issue/Introduction
Resolution
In some secure or isolated environments, it is desirable to disable all outbound connections from the Symantec Endpoint Protection Manager to the internet.
Here's a summary of the steps necessary to disable ALL such connections:
Here's a summary of the steps necessary to disable ALL such connections:
- Disable ThreatCon lookup for the Symantec Endpoint Protection Manager homepage (set scm.server.securitydatatask.disabled=true in conf.properties)
- Disable the SEPM RMM WebService: Navigate to the SEPM\Tools folder, run "ConfigSEPM.bat -RmmWS:OFF" and restart SEPM service. Afterwards, open SEPM\tomcat\conf\server.xml with text editor and note comment near bottom that "Web services for remote management are disabled... to enable... run ConfigSEPM.bat -RmmWS:ON"
- Open SEPM\Php\Include\Dashboard\getVirusDefs.php in a text editor and search for function getVirusDefs() and edit it as in following snippet (change in red)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
function getVirusDefs() {
$url = "http://securityresponse.symantec.com/avcenter/venc/auto/defstats.xml";
# $url = "http://securityresponse.symantec.com/avcenter/download.html";
$valIE="";
//do not send the HTTP request, return immediately
return $valIE;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Disable Data Collection setting in SEPM:
Admin->Servers->Local Site->Edit Site Properties->Data Collection->Uncheck the box
- Configure SEPM LiveUpdate to use internal LUA (LiveUpdate Administrator) server.
Additional Information
REFERENCE ID : : 3802472
Feedback
Yes
No
Powered by
