Endpoint Protection

 View Only
  • 1.  Is it possible to use Environment wildcards and Wildpaths in Network Threat Protection Rules

    Posted Mar 08, 2010 08:53 PM
    Hi,

    Does anyone know whether it is possible to use Environment variables like wildcards and wildpaths when we define the Application path in Network threat protection?

    Currently the Application Path is defined as a full path
    i.e C:\Program Files\,,, or C:\Windows\...

    Does anyone know whether it is possible to use wildpaths or environment variables like in Windows?
    %Program Files% or %Windows%

    if it is possible, would I also get an syntax example as well?

    The Firewall rules works fine, however we have to almost define 2 paths for Program Files as some of our users installs them on the D Drive instead on the default C Drive.

    Thanks


  • 2.  RE: Is it possible to use Environment wildcards and Wildpaths in Network Threat Protection Rules

    Posted Mar 08, 2010 10:04 PM
    Hi,

    I think " * " as a wildcard can be used while defining an application in the firewall rule.

    You can refer to the KB document below and let us know if that works for you:

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/95989ca0d5b212c2882574d600808abb?OpenDocument

    Aniket


  • 3.  RE: Is it possible to use Environment wildcards and Wildpaths in Network Threat Protection Rules

    Posted Mar 09, 2010 12:51 AM
    Hi,

    Thanks for the reply..
    I've tried your suggestion, however i think it only works if you want to define any to any rule.

    basically the exclusion rule that I want to create has the path like below

    C:\Program Files\Fuji Xerox\Network Scan\FxUtl12.exe

    I've tried putting a * instead of C:\Program Files but i don't think that is the way its mean to be used.

    normally on Windows XP Firewall we can define it as

    %Program Files%\Fuji Xerox\Network Scan\FxUtl12.exe

    so it doesn't matter whether it is installed in C or D aslong as it is installed in the program files folder it should work.

    Any other suggestions would be appriciated.

    Thanks


  • 4.  RE: Is it possible to use Environment wildcards and Wildpaths in Network Threat Protection Rules

    Posted Mar 09, 2010 01:01 AM
    I don't think other than * any wild card is allowed in firewall. In your case you care take the finger print of FxUtl12.exe and add it in rule.. 


  • 5.  RE: Is it possible to use Environment wildcards and Wildpaths in Network Threat Protection Rules

    Posted Mar 09, 2010 01:09 AM
    Hi,

    If the name of the executable for that application remains the same, but the installation drive may change, then you can use *Fxutil12*.exe as the name of the application.

    To improvise on accuracy of this rule, you can add the file fingerprint of the application in the rule.

    So the name of the application as well as the file fingerprint will be checked by the firewall.

    Please follow the instructions below to get the file fingerprint of the application.


    1.     Click on Start --> Run.

    2.     Type cmd.

    3.     Type cd "c:\Program Files\Symantec\Symantec endpoint protection"

    Note: - The path mentioned above might change if the client is upgraded from previous version, hence select path accordingly.

    4.     Type ChecKsum.exe  <output file> "C:\Program Files\Internet Explore\iexplorer.exe"

    5.       The output file will contain the File Fingerprint for iexplorer.exe.



    Aniket


  • 6.  RE: Is it possible to use Environment wildcards and Wildpaths in Network Threat Protection Rules

    Posted Mar 09, 2010 09:50 PM

    HI Jerri

     in the "Add Application panel " right have a help, click it, "you can use wildcards for example * or ? " has been display in this help page.
    but, it support environment variables not to say .



  • 7.  RE: Is it possible to use Environment wildcards and Wildpaths in Network Threat Protection Rules

    Posted Mar 10, 2010 01:23 AM
    Hi All,

    Thanks for the posts,
    I will try this out and let everyone know how I go..


  • 8.  RE: Is it possible to use Environment wildcards and Wildpaths in Network Threat Protection Rules
    Best Answer

    Posted Mar 15, 2010 08:38 PM

    Thanks again everyone for helping.

    I discovered that you can just define the application's executables without any path and that by itself works as a wildpath.

    Thanks also for the fingerprint solution that works very well.

    Cheers