Introducing Symantec™ Critical System Protection

How Symantec Critical System Protection works

13

How Symantec Critical System Protection works

Symantec Critical System Protection controls and monitors what programs and users can do to computers. Agent software at the endpoints controls and monitors behavior based on policy. There are two types of policies: prevention and detection. An agent enforces one prevention policy at a time. An agent can enforce one or more detection policies simultaneously.

For example, prevention policies can contain a list of files and registry keys that no program or user can access. Prevention policies can contain a list of UDP and TCP ports that permit and deny traffic. Prevention policies can deny access to startup folders. Prevention policies also define the actions to take when unacceptable behavior occurs.

Detection policies can contain a list of files and registry keys that when deleted, generate an event in the management console. Detection policies can also be configured to generate events when known, vulnerable CGI scripts are run on Microsoft Internet Information Server (IIS), when USB devices are inserted and removed from computers, and when network shares are created and deleted.

Communication between the management server and the management console is secured with Secure Sockets Layer X.509 certificate-based channel encryption.

About the policy library

Symantec Critical System Protection provides a policy library that contains pre- configured prevention and detection policies, which you can use and customize to protect your network. A prevention policy is a collection of rules that governs how processes and users access resources. A detection policy is a collection of rules that are configured to detect specific events and take actions.

Page 13
Image 13
Symantec manual How Symantec Critical System Protection works, About the policy library