There are several methods which may be used to block P2P applications using SEP. These include:
- Configuring SEP's built-in IPS signatures which detect and block P2P traffic
- Configuring SEP's Application and Device Control feature to block launching of P2P executables
- Configuring SEP's Firewall to block the traffic of P2P executables
More information on these methods may be found below.
How to configure SEP's build-in IPS signatures to detect and block P2P traffic:
For Symantec Endpoint Protection 12.1 RU1 MP1 and earlier:
- Login to the Symantec Endpoint Protection Manager (SEPM)
- Click Policies
- Click Intrusion Prevention
- Right-click your IPS policy and click Edit
- Click Exceptions
- Click Add...
- Click Show category and select Peer to Peer
- Click Select All
- Click Next
- Set Action to Block
- Set Log to Log the traffic
- Click OK
- Click OK
For Symantec Endpoint Protection 12.1 RU2 and later:
- Login to the Symantec Endpoint Protection Manager (SEPM)
- Click Policies
- Click Intrusion Prevention
- Right-click your IPS policy and click Edit
- Click Exceptions underneath Windows Settings
- Click Add...
- Click Signature Name two times to sort the IPS signatures in ascending order
- Select all signatures which start with: Audit: P2P
- Click Next
- Set Action to Block
- Set Log to Log the traffic
- Click OK
- Click OK
How to use SEP's Application and Device Control feature to block P2P applications from running:
It is possible to use SEP's Application and Device Control feature to block P2P executables from launching. To do so, you will need to create an Application and Device Control rule which blocks attempts to run the P2P executables.
See the following knowledgebase document for more information: How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage
How to use SEP's Firewall to block network traffic of P2P applications:
- Login to the Symantec Endpoint Protection Manager (SEPM)
- Click Policies
- Click Firewall
- Right-click your firewall policy and click Edit
- Click Rules
- Click Add Rule...
- Name your rule
- Click Next
- Click Block connections
- Click Next
- Click Only the applications listed below
- Click Add...
- Enter the name of the P2P application's executable in the File Name field
- Click OK
- Repeat steps 12 through 14 for every other P2P application you want to block
- Click Next > Next > Next
- Click Yes
- Click Next
- Click OK