Endpoint Protection

I am implementing the blocking of site using custom ips but the link below is not working for me.

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/9c561a4628b3c9a44925747f007b19cd?OpenDocument

I read through the forum and have done the following suggestions already:

How to block/allow website access using the Symantec Endpoint Protection Manager custom Intrusion Prevention Signature policy

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/9c561a4628b3c9a44925747f007b19cd?OpenDocument

About custom IPS signatures

http://seer.entsupport.symantec.com/docs/331103.htm

You can export your policy and upload to see if there is something we can see that is a problem

Here you go, please see screenshot. I have also attached a zip file which is the exported policy I am testing.

Let me know if there is anything else I need to provide.

I finally got this working with this syntax:

rule tcp, dest=(8080), msg="GOOGLE BLOCKED", content=www.google.com.ph 

dest=(80) does not block the site for me.  Can someone explain why alt-http port works not http?

Why dest=(443) does not work as well when accesing facebook?

I have tested this policy on my machine and it works just fine and blocks all that is entered. Sounds like there might be database corruption. I would make a new group and assign the policy to the group then move the client to that new group. Also make sure you are not doing this while connected to the server in a RDP session unless you are using the mstsc -v:servername /admin and verify your user has ID 0 in the task manager users tab.

Thanks iofractal. Im good on this. Its the rdp console made it work now. =)

We can close this thread.

Good I am glad I could assist you! 


Remember to mark the solution!! 

Thanks!