spacer
Support - Platinum Support
tab end BCS Web Site divider MySupport divider Log Out navbar end
navbar end home symantec alerting service security center knowledge base navbar end
spacer
BCS Knowledge Base

spacer
spacer

Rate This Document
1x3 spacer
1x1 spacer

print this documentDocument ID:2008070803545448
Last Modified:02/17/2010

How to block/allow website access using the Symantec Endpoint Protection Manager custom Intrusion Prevention Signature policy

Situation:How to block certain websites for access by clients in an organization, so we need to create a custom IPS policy to block access to websites

Solution:NOTE: This rule is created to block Google,this rule can be used to block any website that is needed by making changes accordingly.
NOTE: The following steps require that you have Network Threat Protection and Intrusion Prevention installed on the client.

In the SEPM console, in the system navigation bar, click Policies.
In the View Policies navigation bar, select Intrusion Prevention.
In the Tasks list, click Add a Custom Intrusion Prevention Signatures.
In the Custom Intrusion Prevention Signatures window, set the Name of the policy to Block Google (just an example, you can choose the website that you need to block).



Under the Signature tab, in the Signature Groups section, click Add.
In the Intrusion Prevention Signature Group dialog, add the Group Name and Description as shown below, and then click OK.
Group Name: Block Google
Highlight the newly created Signature Group (Block Google), then in Signature for this Group section, click Add.
In the Add Signature window, fill in the following information shown below:




In the Content section add the following text:

rule tcp, dest=(80), msg="GOOGLE BLOCKED", content="www.google.com"




Under the Action section do the following:



Click OK to close the Add Signature window.
Click OK to close the Custom Intrusion Prevention Signatures window.
When prompted to assign the policy, click Yes.
In the Assign Intrusion Prevention Policy window, click the Global group, and then click Assign.



Click Yes to confirm policy changes.
Click OK to close the Intrusion Prevention Policies Changes dialog.
BLOCK GOOGLE policy now appears in the console under Intrusion Prevention Policies.

Note: If a site is being blocked and you want to allow it you can use the same steps but under action select allow.

print this documentDocument ID:2008070803545448
Last Modified:02/17/2010


rate this document
Does this document answer your question?
Yes
No
Maybe, need to test
None of the above
Is this document well written and easy to use?
Submit specific suggestions to improve the quality of this document.


Product(s): Endpoint Protection 11
Operating Systems(s): Windows 2000 Professional, Windows 2000 Server/Advanced Server, Windows XP Professional Edition, Windows Server 2003 Web/Standard/Enterprise/Datacenter Edition, Windows Vista, Windows XP Professional x64 Edition, Windows Server 2003 x64 Edition, Windows Vista x64 Edition
Date Created: 07/07/2008

  © 1995-2014 Symantec Corporation. All rights reserved. feedback | legal notices | privacy policy