How symantec critical system protection works, About the policy library – Symantec Critical System User Manual

13

Introducing Symantec™ Critical System Protection

How Symantec Critical System Protection works

How Symantec Critical System Protection works

Symantec Critical System Protection controls and monitors what programs and
users can do to computers. Agent software at the endpoints controls and
monitors behavior based on policy. There are two types of policies: prevention
and detection. An agent enforces one prevention policy at a time. An agent can
enforce one or more detection policies simultaneously.

For example, prevention policies can contain a list of files and registry keys that
no program or user can access. Prevention policies can contain a list of UDP and
TCP ports that permit and deny traffic. Prevention policies can deny access to
startup folders. Prevention policies also define the actions to take when
unacceptable behavior occurs.

Detection policies can contain a list of files and registry keys that when deleted,
generate an event in the management console. Detection policies can also be
configured to generate events when known, vulnerable CGI scripts are run on
Microsoft Internet Information Server (IIS), when USB devices are inserted and
removed from computers, and when network shares are created and deleted.

Communication between the management server and the management console
is secured with Secure Sockets Layer X.509 certificate-based channel
encryption.

About the policy library

Symantec Critical System Protection provides a policy library that contains pre-
configured prevention and detection policies, which you can use and customize
to protect your network. A prevention policy is a collection of rules that governs
how processes and users access resources. A detection policy is a collection of
rules that are configured to detect specific events and take actions.