Endpoint Protection

 View Only

  • 1.  Sep Hardening Policy / Protect Symantec Files and Registry

    Posted Jul 18, 2011 05:01 AM

    Hi,

    we are using the SEP Hardening Policy for Application control.

    Our logs are full of following entrys, can i ignore these or do i need to whitelist this access?

    [AC1-2.1]Client services_Write Registry

     

    [AC1-2.1] Client services_Write Registry



    [AC1-2.1] Client services_Write Registry

     

    C:/Windows/system32/svchost.exe



    C:/Windows/system32/svchost.exe
     


    C:/Windows/system32/svchost.exe

     

    /REGISTRY/MACHINE/SYSTEM/CurrentControlSet/services/Teefer2/Parameters/Adapters/NdisWanIpv6

    REGISTRY/MACHINE/SYSTEM/CurrentControlSet/services/Teefer2/Parameters/Adapters/NdisWanBh

    /REGISTRY/MACHINE/SYSTEM/CurrentControlSet/services/Teefer2/Parameters/Adapters/NdisWanIp

    regards,

    stephan



  • 2.  RE: Sep Hardening Policy / Protect Symantec Files and Registry

    Posted Jul 18, 2011 05:51 AM

    Looks like this is working fine.



  • 3.  RE: Sep Hardening Policy / Protect Symantec Files and Registry

    Broadcom Employee
    Posted Jul 18, 2011 06:05 AM

    Hi,

    Svchost.exe process is used by SEP.

    Optional secured HTTPS communication between a SEPM manager and SEP clients and Enforcers.

    http://www.symantec.com/business/support/index?page=content&id=TECH163787



  • 4.  RE: Sep Hardening Policy / Protect Symantec Files and Registry

    Posted Jul 18, 2011 07:36 AM

    thanks for replys,

    so i have to whitelist the write access of svchost.exe to those registry keys?



  • 5.  RE: Sep Hardening Policy / Protect Symantec Files and Registry

    Broadcom Employee
    Posted Jul 18, 2011 08:01 AM

    Yes I think you can do that.