How to configure the SEP Firewall to block an application

book

Article ID: 180289

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 

Resolution

It's high recommended before you apply this solution on PRODUCTION network, make some tests in the LAB network.

  • Navigate to the Clients tab in the Symantec Endpoint Protection Manager (SEPM) console.
  • Select the correct Client Group and the Policies tab.
  • On Communications Settings, check Learn applications that run on the clients computers.
  • Click Network Application Monitoring and tick the box to enable.
  • Select Ask, Block, or Allow for the "When an application change is detected" setting.
  • Click OK.
  • On Network Application Monitoring, click on Add from... to search for learned applications.
  • Define the Group and Search Criteria in the Search Applications screen.
  • Check if the application that you wish is listed on Query Results. If not, restart the client computer and try again.
  • If the applications is showing on the results, go to Firewall Policy.
  • On Rules, click on Add Rule....
  • Click Next on Welcome screen.
  • Select Application on Rule Type screen.
  • On Specific Application Information, select Get applications from the learned applications list and then click Next.
  • The filter is optional. If you do not want configure a filter, click  Next.
  • On Select Learned Applications, you must to select the application that you want to block.
  • When you click on Finish, you can see the new firewall rule in the list.
  • To block the application in the new rule, right click on Action column and then select Block.

TIP: To verify if the firewall rule is working correctly, right click on Logging column and enable the log. The records will appear in the client logs.

Related Articles:
File fingerprints and other extra application information does not work in the Symantec Endpoint Protection firewall rules.
http://www.symantec.com/business/support/index?page=content&id=TECH150623