Endpoint Protection

Hi. Recently i've discovered in Windows system's journals that some hackers is trying to pick up login/password to Internet server of our company. This event caused that I decided to change our antivirus with another one. I tried to use Symantec Endpoint Protection ->I installed it on my server's clone, updated, and tested: made about 100 attempts (in 20 seconds) of logon on FTP with wrong logins/password. And Symanted didn't detect my actions as attack! Some questions: 1) Symantec Endpoint Protection doesn't protect from this method of attacks? 2) May be I need try another product for my server (roles: mail server, proxy server, VPN server, gateway, FTP server, DNS server). PS: sorry for my grammatic errors.

SYmantec has DOS detection methodology, but it needs to meet the signature. The things which mioght have tested may not fall into threshold set by Symantec. Ensure these DOS settings are enabled.

need to create custom IPS help topic about IPS should help you out.
for IPS to work you need to have all the components of SEP installed ( AV/AS, PTP, NTP )  
https://www-secure.symantec.com/connect/forums/symantec-endpoint-ips-problems-ftp-server-attacked-test-server-doenst-prevent-udp-flood-attac

Can you attach print screen of this option? I can't find such option in the program's interface.

Hi. In what forum should I create topic about IPS?

You can create it in this forum 

OK, I need to IPS that blocks the IP of the computer that tries to access FTP more than 10 times with an incorrect username or password within 1 minute.

Is there any ways to help me with my problem?

This doc can help you in creating the signature

Creating custom IPS signatures

 

Thanks, of course, but the information is too poor and insufficient to create a signature (you even read it yourself)? :->