Hello,
I just finished up a support case with Symantec and they told me this cannot be done. But i'm still going to ask in case anybody has any experience on doing this and found a workaround
Basically what we want to do is to use custom intrusion prevention signatures to monitor all traffic going to port 80 and 443 that is not produced by browsers. For doing this we thought that on the signature creation we could filter by process as the process name and full path is shown when the alert is created. Ie, don't alert us if the connection is generated by iexplorer.exe or chrome.exe or firefox.exe. Unfortunately, this I have been told that cannot be done.
So I'm wondering if anyone has tried out something similar on the past and what has been it's results.
Safe to say our organization is big enough and just activating the signature to check port 80 and port 443 would probably kill SEP DB in minutes.
Thoughts?
Kind regards,