How to block Peer to Peer Applications (P2P) using Symantec Endpoint Protection 12.1

book

Article ID: 152078

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This document how Symantec Endpoint Protection 12.1 (SEP) may be used to block Peer to Peer Applications (P2P).

Resolution

There are several methods which may be used to block P2P applications using SEP. These include:

  1. Configuring SEP's built-in IPS signatures which detect and block P2P traffic
  2. Configuring SEP's Application and Device Control feature to block launching of P2P executables
  3. Configuring SEP's Firewall to block the traffic of P2P executables

More information on these methods may be found below.

How to configure SEP's build-in IPS signatures to detect and block P2P traffic:

For Symantec Endpoint Protection 12.1 RU1 MP1 and earlier:

  1. Login to the Symantec Endpoint Protection Manager (SEPM)
  2. Click Policies
  3. Click Intrusion Prevention
  4. Right-click your IPS policy and click Edit
  5. Click Exceptions
  6. Click Add...
  7. Click Show category and select Peer to Peer
  8. Click Select All
  9. Click Next
  10. Set Action to Block
  11. Set Log to Log the traffic
  12. Click OK
  13. Click OK

 

For Symantec Endpoint Protection 12.1 RU2 and later:

  1. Login to the Symantec Endpoint Protection Manager (SEPM)
  2. Click Policies
  3. Click Intrusion Prevention
  4. Right-click your IPS policy and click Edit
  5. Click Exceptions underneath Windows Settings
  6. Click Add...
  7. Click Signature Name two times to sort the IPS signatures in ascending order
  8. Select all signatures which start with: Audit: P2P
  9. Click Next
  10. Set Action to Block
  11. Set Log to Log the traffic
  12. Click OK
  13. Click OK

 

How to use SEP's Application and Device Control feature to block P2P applications from running:

It is possible to use SEP's Application and Device Control feature to block P2P executables from launching. To do so, you will need to create an Application and Device Control rule which blocks attempts to run the P2P executables.

See the following knowledgebase document for more information: How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage

 

How to use SEP's Firewall to block network traffic of P2P applications:

  1. Login to the Symantec Endpoint Protection Manager (SEPM)
  2. Click Policies
  3. Click Firewall
  4. Right-click your firewall policy and click Edit
  5. Click Rules
  6. Click Add Rule...
  7. Name your rule
  8. Click Next
  9. Click Block connections
  10. Click Next
  11. Click Only the applications listed below
  12. Click Add...
  13. Enter the name of the P2P application's executable in the File Name field
  14. Click OK
  15. Repeat steps 12 through 14 for every other P2P application you want to block
  16. Click Next Next Next
  17. Click Yes
  18. Click Next
  19. Click OK

Powered by Wolken Software