Posted on by admin

Step 5

Step 5: Specify Network Application Policy

Specify the service by selecting the check box next to the scan to perform:

  1. Application protocol detection—select this option to regulate activity on certain TCP and UDP ports. Select ICMP to regulate ICMP activity.

  1. Select Application Protocol Detection.

  2. Under TCP port, type the TCP ports or port ranges to scan.

  3. Under UDP port, type the UDP ports or port ranges to scan.

  4. Select ICMP to regulate ICMP activity.

  5. Note: To use ICMP, ensure you select All ports in the TCP/UDP Protocol Ports settings in Step 2: Specify Authentication and Network Zones.

  1. Specify an Endpoint Action by selecting one of the following:

    • Monitor endpoints—flag the endpoint as “noncompliant”, but allow endpoint traffic to pass.

    • Reject packets—return a reset packet (RST) to inform the source endpoint that the connection has been broken.

    • Drop packets—close the connection to prevent the packets from passing.

  1. Instant messaging detection—use this feature to regulate instant messenger activity.

  1. Select Instant messaging detection.

  2. Select the instant messaging software to regulate:

    • MSN—select to check MSN or Windows Live Messenger traffic. You can regulate only file transfer activity or all activities.

    • Yahoo—select to check Yahoo! Messenger traffic. You can regulate only file transfer activity or all activities.

    • ICQ/AIM—select to check ICQ or AOL Instant Messenger (AIM) traffic. You can regulate only file transfer activity or all activities.

    • IRC—select to regulate all Internet Relay Chat (IRC) activity

  1. Specify an Endpoint Action by selecting one of the following:

    • Monitor endpoints—flag the endpoint as “noncompliant”, but allow endpoint traffic to pass.

    • Reject packets—return a reset packet (RST) to inform the source endpoint that the connection has been broken.

    • Drop packets—close the connection to prevent the packets from passing.

  1. File transfer detection—use this feature to regulate file transfer activity.

  • Warning: Avoid overly broad wildcard entries such as *.* or *.htm for the files to assess. These entries can completely block access to the Internet.

  1. Select File transfer detection.

  2. Select the types of file transfer activities to assess:

    • Windows file transfer—select this option to assess CIFS and Samba protocol file transfers. Most of these file transfers occur when files are copied to and from shared folders.

    • HTTP file transfer—select this option to assess HTTP file transfers.

    • FTP file transfer—select this option to assess FTP file transfers.

  1. Type the files to check under Files to assess and the files to allow under Exception.

  2. Specify an Endpoint Action by selecting one of the following:

    • Monitor endpoints—flag the endpoint as “noncompliant”, but allow endpoint traffic to pass.

    • Reject packets—return a reset packet (RST) to inform the source endpoint that the connection has been broken.

  1. Select Allow Control Manager to modify Network Application Policy settings when an outbreak occurs if you use a Control Manager server to manage Trend Micro products. The device temporarily enforces the Outbreak Prevention Policy during an outbreak and reverts to this policy afterwards.

  2. Select Send policy violation data to syslog to record events to logs.

  3. Click Next.

See also:

About Policies

About Policy Enforcement

Adding a Policy

Copyright © 2015 Trend Micro Incorporated. All rights reserved

Leave a Reply

Your email address will not be published. Required fields are marked *