Question -
I want to look for specific files that initiate outbound communication through our SEP clients firewall. I have a list of hash values that I have manually entered into a Firewall rule under the Application column and have set under logging, to send an email when it is detected. I have also configured a client alert notification under logging.
I do not have Network Application Monitoring set to ON for any of my client groups, nor do I have the "Learn applications that run on the client computers" enabled under any of my client groups communication settings.
My question is - Will the SEP firewall still be able to alert on those hash values without enabling these settings? If the answer is yes, then I am led to believe that the SEP firewall must hash any application that attempts outbound communication "on the fly" as its said. Is this correct? My suspicion is that it will NOT work by nature of the options toggable under - Network Application Monitoring.
I don't believe this is spelled out anywhere in documentation.
Thanks!