How to prevent some local application on the client from connecting to a localhost service using the loopback (localhost / 127.0.0.1) address.

While the Symantec Endpoint Protection Firewall is technically capable of monitoring the loopback traffic, this traffic is allowed automatically and it is not currently possible to override this behavior.  This is by design, to avoid unforeseen side effects when creating firewall rules.

 This applies all versions of Symantec Endpoint Protection 14.x.

Workaround:

• The Application Control rules can be used to limit what the application can do.
  • Application Control: Application Control Rule Sets
    
    
• The Custom Intrusion Prevention Signatures will allow you write your own network intrusion prevention signatures to identify a specific intrusion or block loopback (Localhost) traffic
  
  • Custom Intrusion Prevention Signatures: Signatures
  • Adding signatures to a custom IPS library
  • Syntax for custom intrusion prevention signatures