You want to create a Host Group that contains a large number of hosts, for example a website blacklist to be used with the Network Threat Protection (NTP) component of Symantec Endpoint Protection (SEP).
It is desired to block a large number of IP addresses or domains at the SEP client rather than the corporate firewall.
Note that manually blocking malicious domains is recommended during a threat outbreak: preventing traffic to known command and control or download locations can limit the threat's spread. Attempting to block all known malicious domains using the SEP firewall will not be an effective defense as the IP addresses and domains in use change very frequently. Preventing a wide array of malicious traffic is better accomplished by ensuring that SEP's IPS component is installed, updated and functioning.
To add a large number of hosts to a Host Group, follow the steps below:
- 1. Log into the SEPM management console.
2. Click Policies and expand Policy Components
3. Create a Host Group with several Hosts. (make the host names unique, example: 18.104.22.168 or www.abc.com)
4. Assign the Host Group to a firewall policy.
5. Export the firewall policy from the SEPM management console.
6. Rename the policy from xxxxx.dat to xxxxx.zip.
7. Extract the main.xml file from zip file.
8. Open the main.xml file:
9. Find the FwHostContainter and copy the whole section.
10. Create a new Excel document.
11. Add the list of hosts into column B of the Excel document.
- <DnsDomain _d="false" _i="166B293DC0A8EA84015D42730097B6D1" _t="1228026159735" _v="3">)
14. Fill in column A and column C.
15. Select all the rows in column A, B and C and copy them into the clipboard.
16. Paste into notepad.
17. Remove all the tabs using the Edit -> Replace function. Copy the tab character into the clipboard and paste it into the Replace window and click Replace All.
18. Once all the tabs characters are replaced select all the text and copy into the clipboard.
19. Open the main.xml file with notepad.
20. Find the FwNetworkHostGroup and paste in all the hosts:
21. Once the hosts are added to the main.xml file save the file and exit notepad.
22. Zip the main.xml file.
23. Rename the zip file to a dat file.
24. Import the dat file into the SEPM management console. When prompted that the Host Group already exists choose the “Overwrite existing policy” option.