Endpoint Protection

 View Only
  • 1.  Network Threat Protection - Exclude by IP on unmanaged client

    Posted Jul 24, 2010 04:55 PM
    Hello,

    I have computer running an unmanaged SEP v11.0.3001.2224 client. I need to exclude a few IP addresses from scanning with Network Threat Protection. How can I do this?

    Thank you,

    Mike


  • 2.  RE: Network Threat Protection - Exclude by IP on unmanaged client
    Best Answer

    Posted Jul 24, 2010 11:48 PM
    Open the client user Interface.

    Then click on Network Threar Protaection OPTION--->Configure firewall rule---> Add--->Under the general tab selct  Allow this rule-->Under host select the IP address



  • 3.  RE: Network Threat Protection - Exclude by IP on unmanaged client

    Broadcom Employee
    Posted Jul 25, 2010 08:43 AM
    so good your screenshot arranged.


  • 4.  RE: Network Threat Protection - Exclude by IP on unmanaged client

    Posted Jul 25, 2010 05:53 PM
    I tried that and it still isn't working. I need to allow certain IP addresses for website security scanning purposes with all filtering disabled.

    For example I allowed my client IP address on the server and then input the following into the browser on the client:

    http://www.domain.com//%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd 


    On the server I get the following pop-up message and the client can't connect to the server for a while:

    [SID: 23104] HTTP Apache Tomcat UTF-8 Dir Traversal detected.


    I need to allow all traffic for the security scans to complete sucessfully.

    Thank You,

    Mike


  • 5.  RE: Network Threat Protection - Exclude by IP on unmanaged client

    Posted Jul 25, 2010 10:40 PM
    open sepm
    click on policies
    click on intrusion prevention policy
    click edit
    look for sid 23104 make the action to log or ignore on the policy


  • 6.  RE: Network Threat Protection - Exclude by IP on unmanaged client

    Posted Jul 26, 2010 01:30 AM
    Keep this rule as the first rule and try(You may use move up button for this...)


  • 7.  RE: Network Threat Protection - Exclude by IP on unmanaged client

    Posted Jul 26, 2010 01:36 AM
    v11.0.3001.2224 is an old version with lot of bugs.It is always recommendable to upgrade to RU6a(11.0.6)....
    This you can download from https://fileconnect.symantec.com....


  • 8.  RE: Network Threat Protection - Exclude by IP on unmanaged client

    Posted Jul 26, 2010 06:28 AM
    I upgraded to version 12.0.1001.95, created a rule to allow traffic from the client IP and moved the rule to the top. When I run the command it no longer gives me the SID 23104 popup, but the traffic is still blocked (long timeout). When I turn off Network Threat Protection I get a 404 error, which is expected. Any other ideas? This is on an unmanaged client.


  • 9.  RE: Network Threat Protection - Exclude by IP on unmanaged client

    Posted Jul 26, 2010 06:32 AM
    Which is your exact product SEP 11 or SBE 12? 


  • 10.  RE: Network Threat Protection - Exclude by IP on unmanaged client

    Posted Jul 26, 2010 06:51 AM
    Symantec EndPoint Protection Small Business Edition v12.0.1001.95