Endpoint Protection

 View Only

  • 1.  Symantec Endpoint IP Exclusion

    Posted Sep 22, 2010 01:13 PM

    We use Symantec Endpoint Protection v11.

    We are attempting to perform employee Phishing testing via Core Impact as follows:
    1. Test Phishing emails are initiated from Core Impact, to select employees.
    2. Once an employee clicks an embedded hyperlink (which resolves to "http://<Core Impact Device's IP Address/..."), they are redirected back through the Core Impact device (all behind the firewall) to a designated URL (e.g. www.Google.com or an Intranet page).  
    3. Core impact notes which employee(s) click the link.
    The issue I'm seeing is that, in doing its job, Symantec is blocking step #2 at the clients.
    We've found that, by temporarily disabling "Network Threat Protection" on a client workstation, everything works correctly
    How can I create an exclusion (or whitelist) to state that access to "http://<Core Impact Device's IP Address/...") is allowed?
     
    Thank you


  • 2.  RE: Symantec Endpoint IP Exclusion
    Best Answer

    Posted Sep 22, 2010 01:49 PM

    In SEP Manager console --Policies--Firewall--Edit Firewall Policy--Rules

    Add Rule--Allow you IP address.

    Once Rule is created move that rule to the top..

    This might also be due to Intrusion Prevention

    Exclude your Core Impacts server

    SEP Manager console --Policies-Intrusion Prevention--Settings..



  • 3.  RE: Symantec Endpoint IP Exclusion

    Posted Sep 22, 2010 02:49 PM

    Thank you very much for the quick response.

    I was just informed that we are not currently utilizing the Firewall feature within SEP, so I'm not sure that the issue is reated to that setting.



  • 4.  RE: Symantec Endpoint IP Exclusion

    Posted Sep 22, 2010 02:58 PM

    Network Threat Protection component is combo of Firewall+ IPS