Endpoint Protection

Is it possible to block all messengers as like yahoo messenger, windows messenger, nimbuzz messenger for individual IP or users by SEPM.
my SEPM verson= 11.0.1000.1375

hi, check this article and let know if it helps http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009112007304548 however the SEPM version you using is toooooooo old. Use the latest version.

Hello Qamrul,
You can block MSN via firewall rules or application and device policy rules,
for example you can block MSN domain from Firewall rules or you can block MSN.exe from application and device rules.
But please don't forget if user change exe names can continue to use. Therefore you can use hash rule (but all exe files have change hash :) )

Best Regards.
Fatih

Yes. But it seems to be a hard task! Create a custom signature of the applications using the attached PDF file

>>You can block MSN via firewall rules

This would be the most more convincing way.

I second what Pete said. Use Application and Device Control policy and get rid of that old build. The latest is 11.0.6005.562 (RU6). There have been thousands of fixes since the MR1 release came out.

Best,
Thomas

Symantec provides a pretty simple way.......... simply change what they have to "block".
Go to your policies, intrustion prevention policy, edit, then "add exceptions" and select anything IM related, add it and change to blocked.  It would seem to me that this should work and save a lot of work since they have these things pre-defined, but not blocked by default.

Good information from Shadows Papa :)

Thanks

Best Regards.
Fatih

Shadow PAPA
When I select the IPS exception, it says it is empty.
What is wrong?

highlight your intrusion prevention policy, choose edit.
Then click the exceptions button - lower button on left side.
It will be empty most likely. Now choose the Add..... button at the bottom.

It will bring up all the Symantec supplied intrusion prevention signatures and their status - blocked or not blocked. You select from that list, choose to block since the IM by default is not blocked, log if you wish, and OK.
Then those will move into the exceptions list like you see in my example.
Symantec provides the signatures, but doesn't block. To block IM, you have to make it an "exception" so need to add from their list into your exception list which starts empty.
It's sort of the opposite of the AV exceptions. Usually AV blocks something, but maybe you know it's good so you want to let it through. So you create an exception. In this case, IM is let through, you want to block it, so you need to add it to your exception list. Other things, like some of the nasty HTML based stuff is already blocked. Some things like VNC is in the list but not blocked. We do not want VNC in here, so I move it to my exception list and mark it as "block".
You can sort - when you go to your empty exception list and click the Add.... button and the list of possibilities pops up, you can sort by "blocked/not blocked" and that way get the unblocked stuff all in one place and choose from that list, then choose blocked for it.
Go ahead and experiment - you can always choose cancel, or remove from the exceptions if you change your mind.

My server was not troughly updated. I found that.
Thank you PAPA!

Side note, I hope the poster will update his software to something higher than 11.0.5000.  11.0.1000 is pretty darn old and plagued with bugs.