During outbreaks, block vulnerable ports that viruses/malware might use to gain access to Security Agent endpoints.
Configure Outbreak Prevention settings carefully. Blocking ports that are in use makes network services that depend on them unavailable. For example, if you block the trusted port, Apex One cannot communicate with the agent for the duration of the outbreak.
- Go to Agents > Outbreak Prevention.
- In the agent tree, click the root domain icon () to include all agents or select specific domains or agents.
- Click Start Outbreak Prevention.
- Click Block Ports.
- Select whether to Block trusted port.
- Select the ports to block under the Blocked
Ports column.
- If there are no ports in the table, click Add.
In the screen that opens, select the ports to block and click Save.
All ports (including ICMP): Blocks all ports except the trusted port. If you also want to block the trusted port, select the Block trusted port check box in the previous screen.
-
Specified ports
-
Commonly used ports: Select at least one port number for Apex One to save the port blocking settings.
-
Ports commonly used by Trojan programs: Blocks ports commonly used by Trojan horse programs.
-
Any port between 1 and 65535, or a port range: Optionally specify the direction of the traffic to block and some comments, such as the reason for blocking the ports you specified.
-
Ping protocol (Reject ICMP): Click if you only want to block ICMP packets, such as ping requests.
-
- To edit settings for the blocked port(s), click the port number.
- In the screen that opens, modify the settings and click Save.
- To remove a port from the list, select the check box next to the port number and click Delete.
- If there are no ports in the table, click Add.
In the screen that opens, select the ports to block and click Save.
-
Click Save.
The Outbreak Prevention Settings screen displays again.
-
Click Start Outbreak
Prevention.
The outbreak prevention measures you selected display in a new window.