Endpoint Protection

Hello everybody.
My manager wanted close all p2p programs like emule,limeware,bearshre etc.
How can i do it with sep? am i use firewall rule or application and device control? any idea?
Thank you Best Regards.

hi,

i believe you can do it with application control. I have not verified, but worth trying by bloicking the application name added like emule, limewire etc.

cheers
Pete

Block all known P2P softwares by using Application control and you can also block all (famous) these softwares by using Firewall

eg : Limewire --Block access to Limewire.exe
 Vuze --BLock access to Azureus.exe
Bearshare --Bearshare.exe
Emule --emule.exe

yes, it is possible through help of SEP, use fiwewall policy

Thank you for answer. But I need more help please because i didn't block application before :(
and how can i find exe's finger point? and for example I block limeware.exe with finger point.  If user download new version finger point change?
Thank you for answer.
Best Regards.

Just go ahead with file name as even if the user downloads a new version the file name will be the same.
Only if he renames the filename this policy will fail but P2P software is a program and if you rename the main process the program will not work. 

Thank you Vikram.
I will do like this is it true?
SEPM>Policies>Firewall>firewall Policy (edit)> add rule>application Rule> Define an application >
file name C:\program files\limewire\limewire.exe
File description: Limewire
size : empty
last modified :empty
file fingerprint:empty
>next
and select action is block. and move first rule.
is it true?
Thank you again.

Yes
And once this rule is created then
1.Rename this Rule
2.Enabled the Logging
3.Action --Select to Block

I tried this with Vuze ( Azureus ) and it worked.

Vikram Thank you.
I will open loging. but I dont know how can i read logs ?? and i write c:\program files\ .... if user install the program d:\ or e drive? or install it own desktop? what will sep do?
have a nice day.
this problem have solition now thank you again.
but what about downadup?
Best regards

No need to give the location the firewall does work only with file name.
The logs will be the normal traffic logs that can be viewed from Monitor -Logs -Netowrk Threat Protection -Traffic Logs. 

ok Vikram Thank you for help. This is very usefuly for me.
Thank you again.

In our testing we found that Intrusion Protection does it via an "Exception", meaning Don't "Allow" but "Block".  P2P is allowed by default.


Caveat: we found these policies to not be totally reliable in stopping the sharing.  It still logged the traffic, but did not successfully block it.

Good to know ..atleast if we get to know that users are  using P2P softwares on Production Environment ..then we can take some strict action or we can also create rules to blcok it for future. 

I've actually blocked traffic using the built-in IPS exception rules and blocked it via firewall policies. We run a campus and it is succesfully blocking all P2P traffic.

Thats great !! You can also consider blocking *.torrents files using application and device control..as all P2P apps use torrent files for download..