Blocking pages are used only when you operate in Inline Block mode and scanning is turned on. When Symantec Endpoint Detection and Response blocks access to a website or prevents the download of a potentially malicious file, a blocking page appears. The blocking page informs the user that the page is blocked and who to notify for more information.
Blocking pages have the following messages, which cannot be modified:
For a site that the Symantec blacklist blocks: The site you are attempting to visit has been blocked. Click here for more information.
For a site that the Symantec EDR Blacklist policy blocks: The site you are attempting to visit has been blocked by your administrator. Click here for more information.
For a blocked file that the Symantec EDR Blacklist policy blocks: The file you are attempting to access has been blocked. Click here for more information.
If you do not customize the blocking page, the user sees the Symantec logo at the top of the page. Also, each message has a URL link in the text "Click Here". The URL points to:
To customize the blocking page, you can replace the Symantec logo with a custom image. You can also replace the URL with a different one. The user can click to get more information (such as a statement of your company policies). Both the image and the URL are required to customize the blocking page.
Once customized settings are saved, they are no longer viewable in the Blocking Page Settings dialog. Revisiting that dialog does not show your current customization options. You can click the View Blocking Page option to see a sample of the currently defined blocking page. Note that (scanning must be enabled and your device must be in an Inline mode. If you want to change the customizations, you must upload a new image and specify a new URL for more information.
If you operate in Inline Monitor mode or Inline Block mode, you must configure your gateway to be on the LAN side of Symantec EDR. This configuration is required so that blocking pages appear on your endpoints.
In the EDR cloud console, click Settings. Under Environment, select an appliance and then click Global.
In the EDR appliance console, click Settings > Global.
In the Blocking Page section, click Edit Blocking Page.
To replace the Symantec logo with a custom image, click Browse. Locate the image, and then click Open.
The file size of the image must be less than 900 KB. The recommended image size is 300 pixels wide by 79 pixels high. Only .jpg format images are supported.
To replace www.symantec.com with a custom URL, in the More Info URL field, type the URL.
Symantec recommends that you type the URL of a local resource that explains your organization's Internet policies. Symantec EDR performs some validation, but you must independently verify that the page does not link to a malicious site.
To test the appearance of custom blocking pages
The appliance must operate in Inline Block or Inline Monitor mode and scanning must be turned on to test blocking pages.
Open a browser on a protected endpoint.
Type the following web addresses to test different messages:
For a site that the Symantec blacklist blocks:
http://<IP address of inline LAN/WAN pair>:8080/BlockSite.html
For a site that is in the Symantec EDR Blacklist:
http://<IP address of inline LAN/WAN pair>:8080/BlockSiteAdmin.html
For a blocked file that is in the Symantec EDR Blacklist:
http://<IP address of inline LAN/WAN pair>:8080/BlockFile.html