Super-Networking Blog

I am still running Endpoint Protection on my laptop, only one issue so far. Endpoint Protection 11 breaks WPA and WPA2 authentication for your wireless network. From reading in some Symantec forums it is a known issue with this software. The easiest way around it is to disable Network Threat Protection while you are authenticating then enable it was the connection is established.

I looked for more of a permanent solution but even when I disabled the HIPS rules and allowed all traffic to pass on my wireless card it still failed. I guess this is the case when the client is unmanaged, if you have a managed client which I don’t you can work around it by allowing EAPOL. I can’t test this because I don’t have the server and so it isn’t managed. Hopefully they come out with a workaround.

I installed a trial of Symantec’s Endpoint Protection which is the new version of Symantec’s Enterprise Antivirus. I have used Symantec in business all the way back to version 7 and have always liked it. Version 10 switched its servers to client communication from UDP to TCP which improved network stability. They also changed new virus definitions to be deltas instead of full definitions.

Well Symantec has taken it to the next level now with Endpoint Protection. Now the firewall package is built into all of their clients instead of just their SCS clients. They have also added a HIPS or Host Intrusion Protection Software into this client. This is the next step that a lot of companies have been trying to pull off but haven’t done well yet. IPS watches for known and unknown attacks by watching for activity that could be trying to do malicious things.

Firewalls are great because it blocks connections that aren’t specifically allowed but that still allows all traffic on open ports, the IPS piece will analyze the traffic and watch for malicious activity. So far I have been very impressed how well it is designed, I have not had to make any changes to allow things to work on my machine. I am on a domain and typically you have to allow a ton of stuff just for your machine to function and I did not. Only change I made was to turn off the alerts when the firewall blocked something.

One more note that a lot of standards including PCI require you to run HIDS/HIPS on your machines.