background image

5

Click Start.

6

When the confirmation dialog box appears, click Yes to cancel all in-progress
and queued scans for the selected computers.

7

When a confirmation that the command was queued successfully appears,
click OK.

Monitoring protection with reports and logs

Running commands on the client computer from the logs

282

Summary of Contents for 20032623 - Endpoint Protection Small Business Edition

Page 1: ...Symantec Endpoint Protection Small Business Edition Implementation Guide...

Page 2: ...scribed in this document is distributed under licenses restricting its use copying distribution and decompilation reverse engineering No part of this document may be reproduced in any form by any mean...

Page 3: ...Symantec Corporation 350 Ellis Street Mountain View CA 94043 http www symantec com...

Page 4: ...minute information Upgrade assurance that delivers software upgrades Global support purchased on a regional business hours or 24 hours a day 7 days a week basis Premium service offerings that include...

Page 5: ...ss support Customer service Customer service information is available at the following URL www symantec com business support Customer Service is available to assist with non technical questions such a...

Page 6: ...xisting support agreement please contact the support agreement administration team for your region as follows customercare_apac symantec com Asia Pacific and Japan semea symantec com Europe Middle Eas...

Page 7: ...ing protection on client computers 29 Maintaining the security of your environment 30 Troubleshooting Symantec Endpoint Protection Small Business Edition 31 Section 1 Installing Symantec Endpoint Prot...

Page 8: ...ymantec Endpoint Protection Small Business Edition license 63 About the Symantec Licensing Portal 63 Maintaining your product licenses 64 Checking license status 64 Downloading a license file 65 Licen...

Page 9: ...e in Symantec AntiVirus before migration 92 Disabling scheduled scans in Symantec System Center when you migrate client computers 93 Turning off the roaming service 93 Uninstalling and deleting report...

Page 10: ...ssigning a policy to a group 123 Viewing assigned policies 124 Testing a security policy 124 Replacing a policy 125 Exporting and importing policies 125 Deleting a policy permanently 126 How the clien...

Page 11: ...tection features work together 170 Enabling or disabling client submissions to Symantec Security Response 172 Managing the Quarantine 174 Using the Risk log to delete quarantined files on your client...

Page 12: ...207 Creating a firewall policy 209 Enabling and disabling a firewall policy 210 Adjusting the firewall security level 211 About firewall rules 212 About the firewall rule firewall setting and intrusi...

Page 13: ...from scans 247 Creating a Tamper Protection exception 248 Restricting the types of exceptions that users can configure on client computers 249 Creating exceptions from log events in Symantec Endpoint...

Page 14: ...custom logs by using filters 279 Running commands on the client computer from the logs 280 Chapter 20 Managing notifications 283 Managing notifications 283 How notifications work 284 About the precon...

Page 15: ...ndpoint Protection Manager 313 Chapter 24 Troubleshooting installation and communication problems 315 Downloading the Symantec Endpoint Protection Support Tool to troubleshoot computer issues 315 Iden...

Page 16: ...t recovering a corrupted client System Log on 64 bit computers 329 Appendix A Migration and client deployment reference 331 Where to go for information on upgrading and migrating 331 Supported server...

Page 17: ...dition is a client server solution that protects laptops desktops Mac computers and servers in your network against malware Symantec Endpoint Protection combines virus protection with advanced threat...

Page 18: ...management overhead time and cost by offering a single management console and the single client See About the types of threat protection that Symantec Endpoint Protection Small Business Edition provid...

Page 19: ...ion uses reputation data to make decisions about files on page 169 Insight lets scans skip Symantec and community trusted files which improves scan performance See Modifying global scan settings for W...

Page 20: ...ill Infected Status for a client computer once the computer is no longer infected Faster and more flexible management To increase the speed between the management server and the management console dat...

Page 21: ...3 6 4 0 See System requirements on page 41 Support for additional operating systems About the types of threat protection that Symantec Endpoint Protection Small Business Edition provides Symantec Endp...

Page 22: ...firewall engine shields computers from malicious threats before they appear The IPS scans network traffic and files for indications of intrusions or attempted intrusions Browser Intrusion Prevention s...

Page 23: ...loit these vulnerabilities can evade signature based detection such as spyware definitions Zero day attacks may be used in targeted attacks and in the propagation of malicious code SONAR provides real...

Page 24: ...ction policy SONAR Adware Back doors Mutating threats Spyware Trojans Worms Viruses Insider threats Keyloggers Retro viruses Spyware Targeted attacks Trojans Worms Zero day threats DNS and host file c...

Page 25: ...hat your network is protected immediately after you install You can modify these settings to suit your network environment See Managing protection on client computers on page 29 Managing Symantec Endp...

Page 26: ...up or a group of Mac computers in another group See How you can structure groups on page 103 See Adding a group on page 104 See Guidelines for managing portable computers on page 105 Create groups Cha...

Page 27: ...ht not update for one to two heartbeats See Using the policy serial number to check client server communication on page 127 2 Change to the Protectiontechnology view and ensure that the following prot...

Page 28: ...that the client does not scan certain folders and files For example the client scans the mail server every time a scheduled scan runs You can also exclude files by extension for Auto Protect scans See...

Page 29: ...ge 107 Organizing and managing groups Symantec Endpoint Protection Manager includes default policies for each type of protection The policies balance the need for protection with performance Out of th...

Page 30: ...to look for unprotected computers See Preparing for client installation on page 71 See Deploying clients using a Web link and email on page 76 Managing client deployment You use reports and logs to vi...

Page 31: ...y server and LiveUpdate servers See Establishing communication between the management server and email servers on page 289 See Configuring Symantec Endpoint Protection Manager to connect to a proxy se...

Page 32: ...se channels include server to client server to database and server and client to the content delivery component such as LiveUpdate See Troubleshooting communication problems between the management ser...

Page 33: ...nstalling Symantec Endpoint Protection Manager Chapter 4 Managing product licenses Chapter 5 Preparing for client installation Chapter 6 Installing the Symantec Endpoint Protection Small Business Edit...

Page 34: ...34...

Page 35: ...tand the sizing requirements for your network In addition to identifying the endpoints requiring protection scheduling updates and other variables should be evaluated to ensure good network and databa...

Page 36: ...puters Open ports and allow protocols Step 4 Identify the user names passwords email addresses and other installation settings Have the information on hand during the installation Identify installatio...

Page 37: ...for managing portable computers on page 105 Prepare computers for client installation Step 8 Install the Symantec Endpoint Protection Small Business Edition client on your endpoint computers Symantec...

Page 38: ...r The database stores security policies and events The database is installed on the computer that hosts Symantec Endpoint Protection Manager Database The Symantec Endpoint Protection Small Business Ed...

Page 39: ...ed Computers running the Symantec Endpoint Protection client See About the types of threat protection that Symantec Endpoint Protection Small Business Edition provides on page 21 Product license requi...

Page 40: ...on license See Activating your product license on page 59 Serial number Deployed refers to the endpoint computers that are under the protection of the Symantec Endpoint Protection Small Business Editi...

Page 41: ...Additional details are provided in the following tables Table 2 4 displays the minimum requirements for the Symantec Endpoint Protection Manager Table 2 5 displays the minimum requirements for the Sy...

Page 42: ...nt Protection Manager regardless of the client operating system Table 2 5 Symantec Endpoint Protection Small Business Edition Windows and Mac client system requirements Requirements Component 32 bit p...

Page 43: ...atibility with other products Some products may cause conflicts with Symantec Endpoint Protection Small Business Edition when they are installed on the same server You need to configure the Symantec E...

Page 44: ...ee the Symantec Support knowledge base article Addressing Symantec Endpoint Protection compatibility issues See System requirements on page 41 Planning the installation About Symantec Endpoint Protect...

Page 45: ...Manager Logging on to the Symantec Endpoint Protection Manager console What you can do from the console Installing the management server and the console You perform several tasks to install the serve...

Page 46: ...The installation process begins with the installation of the Symantec Endpoint Protection Manager and console This part of the installation completes automatically 7 In the installation summary panel...

Page 47: ...important notifications and reports The email server name and port number You can optionally add partner information if you have a Symantec Sales Partner who manages your Symantec licenses See Plannin...

Page 48: ...have instructions to manually uninstall Symantec Endpoint Protection Manager and clients Table 3 1 List of manual uninstallation knowledge base articles Article Version How to manually uninstall Syma...

Page 49: ...view content from the server you log on to When you log on remotely you can perform the same tasks as administrators who log on locally What you can view and do from the console depends on the type o...

Page 50: ...k Yes This message means that the remote console URL that you specified does not match the Symantec Endpoint Protection Manager certificate name This problem occurs if you log on and specify an IP add...

Page 51: ...phical user interface for administrators You use the console to manage policies and computers monitor endpoint protection status and create and manage administrator accounts The console divides the fu...

Page 52: ...tasks from the Reports page Run Quick Reports Run the Daily Summary Report Run the Weekly Summary Report See Running and customizing quick reports on page 270 Reports Display the security policies th...

Page 53: ...wing tasks from the Admin page Create edit and delete administrator accounts View and edit email and proxy server settings Import and purchase licenses Adjust the LiveUpdate schedule Download content...

Page 54: ...Installing Symantec Endpoint Protection Manager What you can do from the console 54...

Page 55: ...e Activation wizard Required licensing contact information About upgrading from trialware About product upgrades and licenses About renewing your Symantec Endpoint Protection Small Business Edition li...

Page 56: ...s important to understand the license requirements imposed by the system you want to protect A license lets you install the Symantec Endpoint Protection Small Business Edition client on a specified nu...

Page 57: ...preserves the license files in case the database or the computer s hard disk is damaged See Backing up your license files on page 66 Back up your license files Depending upon the license vendor you r...

Page 58: ...cense expires you must activate a paid license to retain full product functionality You do not have to uninstall the trial licensed version to convert your Symantec Endpoint Protection Small Business...

Page 59: ...ection Small Business Edition http customercare symantec com To get help with purchasing licenses or learn more about licenses See Licensing Symantec Endpoint Protection on page 56 Where to buy a Syma...

Page 60: ...ct licenses The License Activation wizard is a component of the Symantec Endpoint Protection Manager You start the wizard from either from the Symantec Endpoint Protection Small Business Edition Welco...

Page 61: ...cense file Symantec License files use the SLF extension If you received a SLF file from Symantec or a Symantec vendor use this option to activate your product license Note The SLF file is usually atta...

Page 62: ...ntec Endpoint Protection Small Business Edition a trialware license is provided and activated automatically To continue using Symantec Endpoint Protection Small Business Edition beyond the trial perio...

Page 63: ...e or contact your Symantec partner or preferred Symantec reseller Visit the Symantec Store at the following online location http store symantec com See Using the License Activation wizard on page 60 I...

Page 64: ...nse See About renewing your Symantec Endpoint Protection Small Business Edition license on page 63 Recovering a deleted license See Recovering a deleted license on page 67 You should also become famil...

Page 65: ...s a copy of the license file and the recovery file The default path to the license file is installation directory inetpub licensing See Licensing Symantec Endpoint Protection on page 56 See Preparing...

Page 66: ...cts and versions Clients licensed as Symantec Endpoint Protection Small Business Edition Small Business Edition remained licensed as Small Business Edition clients when the Symantec Endpoint Protectio...

Page 67: ...rting a license saves the license file in the Symantec Endpoint Protection Manager database See Licensing Symantec Endpoint Protection on page 56 You can import the following types of licenses License...

Page 68: ...that expires last For instance a three year license that is activated with only the first two files indicates a duration of only two years When the third file is activated at a later date the full dur...

Page 69: ...sers Application Data Symantec Symantec Endpoint Protection CurrentVersion inbox On the clients that use Vista or a newer version of Windows the inbox is located at Drive ProgramData Symantec Symantec...

Page 70: ...Managing product licenses Licensing an unmanaged client 70...

Page 71: ...rotection software In general you can use the Windows Add or Remove Programs tool to uninstall programs However some programs have special uninstallation routines See the documentation for the third p...

Page 72: ...le 5 2 Remote deployment actions Tasks Operating system Windows XP computers that are installed in workgroups do not accept remote deployment To permit remote deployment disable Simple File Sharing No...

Page 73: ...rform the following tasks Configure a server that runs Windows Server 2003 to allow remote control Connect to the server from a remote computer by using a remote console session or shadow the console...

Page 74: ...Preparing for client installation Preparing Windows operating systems for remote deployment 74...

Page 75: ...nstalling an unmanaged client Uninstalling the client About client deployment methods You deploy the Symantec Endpoint Protection Small Business Edition client by using the Client Deployment Wizard Yo...

Page 76: ...are See Deploying clients by using Save Package on page 79 Save package Deploying clients using a Web link and email The Web link and email method creates a URL for each client installation package Yo...

Page 77: ...ge panel specify the email recipients and the subject and then click Next You can either specify who receives the URL by email or copy the URL and post it to a convenient online location To specify mu...

Page 78: ...y clients by using Remote Push 1 In the console click Home 2 On the Home page in the Common Tasks menu select Install protection client to computers The Client Deployment wizard starts 3 In the Welcom...

Page 79: ...e or a collection of files that include a setup exe file Computer users often find one setup exe file easier to use Save the installation package in the default directory or a directory of your choice...

Page 80: ...ion package to the computer users 12 Confirm that the computer users installed the custom installation package Note You or the computer users must restart the client computers See Viewing client inven...

Page 81: ...to your network You use the console to update the client software security policies and virus definitions on the managed client computers In most cases you install the client software as a managed cli...

Page 82: ...nel click I accept the terms in the license agreement and then click Next 4 Confirm that the unmanaged computer is selected and then click Next This panel appears when you install the client software...

Page 83: ...ove Programs 2 In the Add or Remove Programs dialog box select Symantec Endpoint Protection Small Business Edition and then click Remove 3 Follow the onscreen prompts to remove the client software 83...

Page 84: ...Installing the Symantec Endpoint Protection Small Business Edition client Uninstalling the client 84...

Page 85: ...rading to a new release Migrating a management server Stopping and starting the management server service Disabling LiveUpdate in Symantec AntiVirus before migration Disabling scheduled scans in Syman...

Page 86: ...to go for information on upgrading and migrating on page 331 You may skip migration as follows Uninstall the Symantec legacy virus protection software from your servers and client computers During Sy...

Page 87: ...ns on the client computers during migration See Disabling LiveUpdate in Symantec AntiVirus before migration on page 92 Turn off roaming service Migration might hang and fail to complete if the roaming...

Page 88: ...de from Symantec Endpoint Protection Small Business Edition Small Business Edition your upgrade license activates new features on previously installed clients About migrating computer groups Migration...

Page 89: ...rver policy settings are configured Select one of the following options Server group Each parent server Server policy settings Specify where the client policy settings are configured Select one of the...

Page 90: ...nager in your network The existing version is detected automatically and all settings are saved during the upgrade See Installing the management server and the console on page 45 Upgrade the Symantec...

Page 91: ...migration but you may notice performance improvements if you restart the computer and log on Stopping and starting the management server service Before you upgrade you must manually stop the Symantec...

Page 92: ...on See Migrating from Symantec Client Security or Symantec AntiVirus on page 87 To disable LiveUpdate in Symantec AntiVirus 1 In the Symantec System Center right click a server group 2 Click All Tasks...

Page 93: ...the Scheduled Scans dialog box on the Server Scans tab uncheck all scheduled scans 4 On the Client Scans tab uncheck all scheduled scans and then click OK 5 Repeat this procedure for all primary manag...

Page 94: ...files You must also delete reporting servers from the Symantec System Center Complete reporting server uninstallation information is available in the Symantec System Center Online Help Legacy settings...

Page 95: ...30 minutes Therefore you may want to upgrade client software when most users are not logged on to their computers Table 7 5 Methods to upgrade Symantec Endpoint Protection Small Business Edition and S...

Page 96: ...ion number is displayed in the client s Help About panel See About upgrading client software on page 95 To upgrade clients by using AutoUpgrade 1 In the Symantec Endpoint Protection Manager console cl...

Page 97: ...Note The wizard creates the package which can take two or three minutes During this time no progress is indicated After the package is created progress advances as the package is copied to the selecte...

Page 98: ...Upgrading and migrating to Symantec Endpoint Protection Small Business Edition Upgrading clients by using AutoUpgrade 98...

Page 99: ...9 Managing clients Chapter 10 Using policies to manage security Chapter 11 Managing Virus and Spyware Protection Chapter 12 Customizing scans Chapter 13 Managing SONAR Chapter 14 Managing Tamper Prot...

Page 100: ...pter 18 Configuring updates and updating client computer protection Chapter 19 Monitoring protection with reports and logs Chapter 20 Managing notifications Chapter 21 Managing administrator accounts...

Page 101: ...omputers You organize computers with similar security needs into groups For example you might organize the computers in your accounting department into the Accounting group The group structure that yo...

Page 102: ...view the assigned computers in the console to check whether they are assigned correctly See Viewing assigned computers on page 105 View assigned computers You can create groups in the console The newl...

Page 103: ...s are located Geography You can create groups based on a combination of criteria For example you can use the function and the role You can add a parent group by role and add child subgroups by functio...

Page 104: ...s You can set up client installation packages with their group membership already defined If you define a group in the package the client automatically is added to the appropriate group The client is...

Page 105: ...tab in the selected group select the computer and then right click Move Use the Shift key or the Control key to select multiple computers 4 In the Move Clients dialog box select the new group 5 Click...

Page 106: ...Endpoint Protection Manager and receive updates directly from Symantec LiveUpdate servers Create a group for the managed portable computers Placing the managed portable computers in one group lets you...

Page 107: ...Converting an unmanaged client to a managed client Managing client computers Table 9 1 lists the tasks you should perform with the computers after you install the client software You can perform addit...

Page 108: ...You can temporarily disable protection on the client computers if you need to diagnose a problem or improve performance See About enabling and disabling protection on page 111 See Running commands on...

Page 109: ...ed client computers that do not have the client installed You can view the computer name the domain name and the name of the user who is logged on Which protections are enabled and disabled Which clie...

Page 110: ...The only field that you can edit is the Description field on the General tab The page includes the following tabs General Displays the information about the group domain logon name and the hardware co...

Page 111: ...th the client computer For example if an application does not run or does not run correctly you might want to disable Network Threat Protection If you still have the problem after you disable all prot...

Page 112: ...tection of host file and system changes continues to function See Running commands on the client computer from the console on page 114 If Auto Protect causes a problem with an application it is better...

Page 113: ...emand scan on the client computers If you run a scan command and select a Custom scan the scan uses the command scan settings that you configured on the Administrator defined Scans page The command us...

Page 114: ...ocess this command Enable Network ThreatProtection and Disable Network Threat Protection See Running commands on the client computer from the console on page 114 See Running commands on the client com...

Page 115: ...n the message that appears click OK Converting an unmanaged client to a managed client You or the computer user can convert an unmanaged client to a managed computer See About managed and unmanaged cl...

Page 116: ...ment dialog box under CommunicationSettings click Import Follow the prompts to locate the sylink xml file The client computer immediately connects to the server The server places the computer in the g...

Page 117: ...olicy Copying and pasting a policy Editing a policy Locking and unlocking policy settings Assigning a policy to a group Viewing assigned policies Testing a security policy Replacing a policy Exporting...

Page 118: ...rs try to download by using reputation data from Download Insight Detect the applications that exhibit suspicious behavior by using SONAR heuristics and reputation data The VirusandSpywareProtectionpo...

Page 119: ...otection Small Business Edition on page 238 Exceptions policy Performing tasks that are common to all security policies You can manage your Symantec Endpoint Protection Small Business Edition security...

Page 120: ...o a group on page 123 Assign a policy Symantec recommends that you always test a new policy before you use it in a production environment See Testing a security policy on page 124 Test a policy You ca...

Page 121: ...g or after policy creation The new policy replaces the currently assigned policy of the same protection type See Assigning a policy to a group on page 123 Copying and pasting a policy You can copy a p...

Page 122: ...ecific policy that you want to edit 4 Under Tasks click Edit the Policy 5 In the policy type Policy Overview pane edit the name and description of the policy if necessary 6 To edit the policy click an...

Page 123: ...only apply to Window computers You can assign a policy to one or more groups The policy replaces the currently assigned policy of the same protection type Policies are assigned to computer groups as...

Page 124: ...ck Help for more information about the assigned policies To view assigned policies 1 In the console click Computers 2 On the Computers page on the Policies tab in the group tree click a group The poli...

Page 125: ...ich you want to replace the existing policy 7 Click Replace 8 When you are prompted to confirm the replacement of the policy click Yes See Performing tasks that are common to all security policies on...

Page 126: ...ed to delete old groups and their associated policies See Performing tasks that are common to all security policies on page 119 If a policy is assigned to one or more groups you cannot delete it until...

Page 127: ...ming tasks that are common to all security policies on page 119 To view the policy serial number in the console 1 In the console click Computers 2 Under Computers select the relevant group The policy...

Page 128: ...Using policies to manage security Using the policy serial number to check client server communication 128...

Page 129: ...mand scans on client computers Adjusting scans to improve computer performance Adjusting scans to increase protection on your client computers Managing Download Insight detections How Symantec Endpoin...

Page 130: ...t Protection Small Business Edition is functioning correctly Make sure that your computers have Symantec Endpoint Protection Small Business Edition installed Make sure that the latest virus definition...

Page 131: ...Edition generates an active scan that runs at 12 30 P M On unmanaged computers Symantec Endpoint Protection Small Business Edition also includes a default startup scan that is disabled You should make...

Page 132: ...page 172 Allow clients to submit information about detections to Symantec Symantec recommends that you run intrusion prevention on your client computers as well as Virus and Spyware Protection See Man...

Page 133: ...d They are part of the Suspicious count in the summary Computers are considered still infected if a subsequent scan detects them as infected For example a scheduled scan might partially clean a file A...

Page 134: ...280 Restart computers if necessary to complete remediation Step 4 If any risks remain you should to investigate them further You can check the Symantec Security Response Web pages for up to date infor...

Page 135: ...e action was Left Alone you should either clean the risk from the computer remove the computer from the network or accept the risk For Windows clients you might want to edit the Virus and Spyware Prot...

Page 136: ...un by default but you might want to change settings or set up your own scheduled scans You can also customize scans and change how much protection they provide on your client computers Table 11 3 Mana...

Page 137: ...computers See Setting up scheduled scans that run on Windows computers on page 157 See Setting up scheduled scans that run on Mac computers on page 159 See Running on demand scans on client computers...

Page 138: ...imize your client computers performance while still providing a high level of protection You can increase the level of protection however See Adjusting scans to increase protection on your client comp...

Page 139: ...submit Symantec recommends that you always allow clients to send submissions The information helps Symantec address threats See Enabling or disabling client submissions to Symantec Security Response...

Page 140: ...es detected viruses and security risks Note Mac clients support Auto Protect for the file system only See About the types of Auto Protect on page 142 Auto Protect Download Insight boosts the security...

Page 141: ...duled scan scans all files and directories Startup scans and triggered scans Startup scans run when the users log on to the computers Triggered scans run when new virus definitions are downloaded to c...

Page 142: ...the applications that are used for malicious purposes Unlike SONAR which runs in real time TruScan proactive threat scans run on a set frequency TruScanproactivethreat scans About the types of Auto P...

Page 143: ...s enabled Most email applications save attachments to a temporary folder when users launch email attachments Auto Protect scans the file as it is written to the temporary folder and detects any virus...

Page 144: ...virus and security risks Symantec Endpoint Protection Small Business Edition scans for both viruses and for security risks Security risks include spyware adware rootkits and other files that can put a...

Page 145: ...that blend the characteristics of viruses worms Trojan horses and code with server and Internet vulnerabilities to initiate transmit and spread an attack Blended threats use multiple methods and techn...

Page 146: ...access to a computer Security assessment tool Stand alone programs that can secretly monitor system activity and detect passwords and other confidential information and relay it back to another comput...

Page 147: ...at the client automatically creates Look in the following locations of the Windows registry On 32 bit computers see HKEY_LOCAL_MACHINE Software Symantec Symantec Endpoint Protection Small Business Edi...

Page 148: ...mputer where the client software is already installed the exclusions are created when the client checks for changes The client excludes both files and folders if a single file is moved from an exclude...

Page 149: ...the exclusions Active Directory domain controller The client automatically creates appropriate file and folder scan exclusions for certain Symantec products when they are detected The client creates...

Page 150: ...deselect are excluded from that particular scan Symantec does not recommend that you exclude any extensions from scans If you decide to exclude files by extension and any Microsoft folders however yo...

Page 151: ...nt to skip or you can disable the option If you disable the option you might increase scan time Trusted files About submitting information about detections to Symantec Security Response You can config...

Page 152: ...the Symantec Web site contact Symantec Technical Support See Enabling or disabling client submissions to Symantec Security Response on page 172 See How Symantec Endpoint Protection Small Business Edit...

Page 153: ...al to the percentage that is set in that computer s policy then the computer submits information If the number is greater than the configured percentage the computer does not submit information About...

Page 154: ...es Logs the boot viruses Notifies the computer users about viruses and security risks Auto Protect for the file system Enabled Other types of Auto Protect include the following settings Scans all file...

Page 155: ...nfection locations Cleans the virus infected files Backs up the files before it repairs them Quarantines the files that cannot be cleaned Quarantines the files with security risks Logs the files that...

Page 156: ...ined scans How Symantec Endpoint Protection Small Business Edition handles detections of viruses and security risks Symantec Endpoint Protection Small Business Edition uses default actions to handle t...

Page 157: ...mantec Endpoint Protection Small Business Edition to take when it finds risks You can configure different actions for viruses and security risks You can use different actions for scheduled on demand o...

Page 158: ...information about the options that are used in this procedure To set up scheduled scans that run on Windows computers 1 In the console open a Virus and Spyware Protection policy 2 Under Windows Setti...

Page 159: ...s the basis for a different Virus and Spyware Protection policy The scan templates can save you time when you configure new policies or scans A scheduled scan template is included by default in the po...

Page 160: ...omputers you can run only a custom on demand scan The custom scan uses the settings that are configured for on demand scans in the Virus and Spyware Protection policy Note If you issue a restart comma...

Page 161: ...Adjusting scans to improve performance on Windows computers Description Task You can adjust the following options for scheduled and on demand scans Change tuning options You can change the scan tunin...

Page 162: ...perform a full scan that runs until it scans the entire computer You should also not use a resumable scan if a scan can complete before the specified interval See Setting up scheduled scans that run...

Page 163: ...s is equivalent to tuning or performance adjustment on Windows computers High priority means that the scan runs as fast as possible but other applications may run more slowly during the scan Low prior...

Page 164: ...ntil finished Use Insight Lookup Insight Lookup uses the latest definition set from the cloud and information from the Insight reputation database to scan and make decisions about files You should mak...

Page 165: ...actions for detections Note Be careful when you use Delete or Terminate for security risk detections The action might cause some legitimate applications to lose functionality See Changing the action...

Page 166: ...ation You can also see whether a user chose to allow a detected file Note Risk details for a Download Insight detection show only the first portal application that attempted the download For example a...

Page 167: ...l intranet sites on the Windows Control Panel Internet Options Security tab When the Automaticallytrustanyfiledownloaded from an intranet site option is enabled Symantec Endpoint Protection Small Busi...

Page 168: ...tifications are enabled the malicious file sensitivity setting affects the number of notifications that users receive If you increase the sensitivity you increase the number of user notifications beca...

Page 169: ...nt computer The client computer must request or query the reputation database Symantec uses a technology it calls Insight to determine each file s level of risk or security rating Insight determines a...

Page 170: ...Small Business Edition protection features work together Some policy features require each other to provide complete protection on Windows client computers Warning Symantec recommends that you do not...

Page 171: ...en if you disable Download Insight the Automatically trust any file downloaded from anintranetwebsite option continues to function for Insight Lookup Download Insight Uses Insight lookups Insight Look...

Page 172: ...or disabled Browser Intrusion Prevention Download Protection must be installed When you create a Trusted Web domain exception the exception is only applied if Download Protection is installed Trusted...

Page 173: ...anonymous security information to Symantec 5 To disable submissions for the client uncheck Letcomputersautomatically forward selected anonymous security information to Symantec If you disable submissi...

Page 174: ...k log This information is used for statistical analysis 7 Check AllowInsightlookupsforthreatdetection to allow Symantec Endpoint Protection to use the Symantec Insight reputation database to make deci...

Page 175: ...ntined files on your client computers You can use the Risk log in the Symantec Endpoint Protection Manager console to delete quarantined files on your client computers You run the Delete from Quaranti...

Page 176: ...ears click Delete 7 In the confirmation dialog box that appears click OK Managing the virus and spyware notifications that appear on client computers You can decide whether or not notifications appear...

Page 177: ...alone log only For Mac client computers you can configure a detection message that applies to all scheduled scans and a message that applies to on demand scans See Customizing administrator defined sc...

Page 178: ...rotect for email scans on Windows computers on page 184 Set up Auto Protect email notifications Applies to Windows client computers only You can configure whether or not the scan progress dialog box a...

Page 179: ...Windows computers Customizing administrator defined scans for clients that run on Windows computers Customizing administrator defined scans for clients that run on Mac computers Randomizing scans to...

Page 180: ...s a detection The user notifications for Auto Protect detections You can also enable or disable the Scan Results dialog for Auto Protect scans of the file system See Customizing Auto Protect for Windo...

Page 181: ...ng the virus and spyware scans that run on Mac computers You can customize options for administrator defined scans scheduled and on demand scans that run on Mac computers You can also customize option...

Page 182: ...s Scan all files This is the default and most secure option Scan only selected extensions You can improve scan performance by selecting this option however you might decrease the protection on your co...

Page 183: ...le System Auto Protect 3 At the top of the Scan Details tab click the lock icon to lock or unlock all settings 4 Check or uncheck any of the following options Enable File System Auto Protect Automatic...

Page 184: ...the following options Scan all files This is the default and most secure option Scan only selected extensions You can improve scan performance by selecting this option however you might decrease the p...

Page 185: ...puters on page 157 To customize an administrator defined scan for clients that run on Windows computers 1 In the console open a Virus and Spyware Protection policy 2 Under Windows Settings click Admin...

Page 186: ...that run on Mac computers You customize scheduled scans and on demand scans separately Some of the options are different See Customizing the virus and spyware scans that run on Mac computers on page 1...

Page 187: ...dFolders select the items that you want to scan You can also specify actions for scan detections and enable or disables scans of compressed files 4 On the Notifications tab enable or disable notificat...

Page 188: ...at you apply the policy to the group that includes the computers that run Virtual Machines Modifying global scan settings for Windows clients You can customize global settings for scans that run on Wi...

Page 189: ...load Insight displays on client computers when it makes a detection See Customizing the virus and spyware scans that run on Windows computers on page 180 See Managing Download Insight detections on pa...

Page 190: ...ey make a detection Each scan has its own set of actions such as Clean Quarantine Delete or Leave alone log only On Windows clients each detection category can be configured with a first action and a...

Page 191: ...ecurity risks affect use the Quarantine action instead To specify the action that Symantec Endpoint Protection Small Business Edition takes when it makes a detection on Windows computers 1 In the cons...

Page 192: ...ans select the Common Settings tab For on demand scans on the Scans tab under AdministratorOn demand Scan click Edit 3 Under Actions check either of the following options Automatically repair infected...

Page 193: ...r stops a scan while the client software scans a compressed file the scan does not stop immediately In this case the scan stops as soon as the compressed file has been scanned A stopped scan does not...

Page 194: ...ber of snooze opportunities box type a number between 1 and 8 By default a user can delay a scan for 1 hour To change this limit to 3 hours check Allow users to snooze the scan for 3 hours 7 Click OK...

Page 195: ...have been created to address the threats SONAR uses heuristics as well as reputation data to detect emerging and unknown threats SONAR provides an additional level of protection on your client compute...

Page 196: ...the threat is a high risk or low risk Heuristic threats SONAR detects applications or the files that try to modify DNS settings or a host file on a client computer System changes Some good trusted fi...

Page 197: ...k whether Proactive Threat Protection is enabled on your client computers Note Legacy clients do not report Proactive Threat Protection status to Symantec Endpoint Protection Manager See Enabling or d...

Page 198: ...AR from detecting the applications that you know are safe Symantec recommends that you enable submissions on your client computers The information that clients submit about detections helps Symantec a...

Page 199: ...u need to look at the Application type and File Path columns for more information For example you might recognize the application name of a legitimate application that a third party company has develo...

Page 200: ...e SONAR Logs pane Enabling or disabling SONAR When you enable or disable SONAR you also enable or disable TruScan proactive threat scans for legacy clients See Managing SONAR on page 196 To enable or...

Page 201: ...ients only It does not run on Mac clients If you use third party security risk scanners that detect and defend against unwantedadwareandspyware thesescannerstypicallyaffectSymantecresources If you hav...

Page 202: ...an enable and disable Tamper Protection and configure the action that it takes when it detects a tampering attempt You can also configure it to notify users when it detects a tampering attempt Tamper...

Page 203: ...rom being tampered with or shut down 4 In the list box under Actions to take if an application attempts to tamper with or shut down Symantec security software select one of the following options Block...

Page 204: ...Managing Tamper Protection Changing Tamper Protection settings 204...

Page 205: ...otection Small Business Edition firewall policy contains rules and protection settings most of which you can enable or disable and configure Table 15 1 describes ways in which you can manage your fire...

Page 206: ...out firewall rules on page 212 See Setting up firewall rules on page 219 Create and customize firewall rules Regularly monitor the firewall protection status on your computers See Monitoring endpoint...

Page 207: ...tion firewall The Symantec Endpoint Protection Small Business Edition firewall uses firewall policies and rules to allow or block network traffic The Symantec Endpoint Protection Small Business Editio...

Page 208: ...lows all IP incoming traffic and outgoing traffic Low is the default security level Medium The Medium security level enforces the Low security level It also blocks TCP incoming traffic and UDP statefu...

Page 209: ...ient on the computers that run Microsoft Vista the Rules list includes several default rules that block the Ethernet protocol type of IPv6 If you remove the default rules you must create a rule that b...

Page 210: ...rewall security level on page 211 Adjust the firewall security level You can send users a notification that an application that they want to access is blocked These settings are disabled by default Se...

Page 211: ...level you select how strictly you want to restrict network traffic The security levels are as follows The Low security level allows all IP incoming traffic and outgoing traffic Low is the default sec...

Page 212: ...u need You can enable or disable rules as needed For example you might want to disable a rule to perform troubleshooting and enable it when you are done Table 15 4 describes what you need to know abou...

Page 213: ...f the rules list The rules that are lower in the list might allow the traffic The Rules list contains a blue dividing line The dividing line sets the priority of rules when a subgroup inherits rules f...

Page 214: ...initiate this outbound traffic you create a rule that permits the outbound traffic for these protocols Stateful inspection automatically permits the return traffic that responds to the outbound traff...

Page 215: ...net Explorer would have no effect should the user use a different Web browser The traffic that the other Web browser generates would be compared against all other rules except the Internet Explorer ru...

Page 216: ...access to an application is blocked 1 In the console open a Firewall policy 2 On the Firewall Policies page click Rules 3 Enable custom firewall protection 4 On the Notifications tab check the followi...

Page 217: ...be the source The source and the destination relationship are more commonly used in network based firewalls Source and destination The local host is always the local client computer and the remote hos...

Page 218: ...spect to the direction of traffic Figure 15 2 The relationship between local and remote hosts SEP client Symantec com HTTP Other client SEP client RDP Local Remote Remote Local Relationships are evalu...

Page 219: ...work protocols that are significant in relation to the described network traffic When you define TCP based or UDP based service triggers you identify the ports on both sides of the described network c...

Page 220: ...ness Edition client uses stateful inspection for TCP traffic Therefore it does not need a rule to filter the return traffic that the clients initiate When you create a new firewall rule it is automati...

Page 221: ...u can copy and paste rules from the same policy or another policy To copy and paste firewall rules 1 In the console open a Firewall policy 2 In the Firewall Policy page click Rules 3 On the Rules tab...

Page 222: ...ows Application When the application is the only trigger you define in an allow traffic rule the firewall allows the application to perform any network operation The application is the significant val...

Page 223: ...ed 6 In the Application field define an application See Defining information about applications on page 215 7 In the Host field specify a host trigger See Blocking traffic to or from a specific server...

Page 224: ...Do all of the following tasks In the Source and Destination or Local and Remote tables click Add In the Host dialog box select a host type from the Type drop down list and type the appropriate inform...

Page 225: ...the rule for which you want to create a local subnet traffic condition 6 Under the type of hosts for which this rule applies Local or Remote click Add 7 Click the Address Type drop down list and selec...

Page 226: ...r to browse for shared files and printers on the local network To prevent network based attacks you may not want to enable network file and printer sharing You enable network file and print sharing by...

Page 227: ...ist type 88 135 139 445 To enable other computers to browse files on the client 7 Click OK 8 In the Service List dialog box click Add 9 In the Protocol dialog box in the Protocol drop down list click...

Page 228: ...en a client blocks the traffic that comes from a particular IP address To set up notifications for firewall rule violations 1 In the console open a Firewall policy 2 On the Firewall Policy page click...

Page 229: ...r IPS signatures Managing intrusion prevention on your client computers The default intrusion prevention settings protect client computers against a wide variety of threats You can change the default...

Page 230: ...the Intrusion Prevention policy Network intrusion prevention Browser intrusion prevention See Enabling or disabling network intrusion prevention or browser intrusion prevention on page 233 You can als...

Page 231: ...e it from blocking Allow some network signatures that Symantec blocks by default For example you might want to create exceptions to reduce false positives when benign network activity matches an attac...

Page 232: ...data at the network layer It uses signatures to scan packets or streams of packets It scans each packet individually by looking for the patterns that correspond to network or browser attacks Intrusio...

Page 233: ...evention signatures Browser signatures match patterns of attack on supported browsers such as script files that can crash the browser You cannot customize the action or log setting for browser signatu...

Page 234: ...of Symantec browser signatures unlike network signatures browser signatures do not allow custom action and logging settings However you can create an exception for a browser signature so that clients...

Page 235: ...r all network signatures the same click Select All 5 Click Next 6 In the Signature Action dialog box set the action to Block or Allow Note The Signature Action dialog only applies to network signature...

Page 236: ...Managing intrusion prevention Creating exceptions for IPS signatures 236...

Page 237: ...ceptions are items such as files or Web domains that you want to exclude from scans Symantec Endpoint Protection Small Business Edition automatically excludes some files from virus and spyware scans S...

Page 238: ...Business Edition on page 238 Table 17 1 Scan exceptions and client type Exception Client Type File or folder exception Mac clients You can configure the following types of exceptions File Folder Known...

Page 239: ...age 249 Create exceptions for scans By default users on client computers have limited configuration rights for exceptions You can restrict users further so that they cannot create exceptions for virus...

Page 240: ...ters users cannot view the exceptions that you create A user can view only the exceptions that the user creates See Managing exceptions for Symantec Endpoint Protection Small Business Edition on page...

Page 241: ...gnore Symantec Endpoint Protection Small Business Edition ignores the custom actions See Excluding known risks from virus and spyware scans on page 245 Security risk exceptions do not apply to SONAR E...

Page 242: ...by specifying an Application to monitor exception Then you can create an Application exception to specify how scans handle the application The application exception is a SHA 2 hash based exception Leg...

Page 243: ...wledge Base article See Excluding a trusted Web domain from scans on page 247 Exclude a Web domain from scans Supported on Windows clients TamperProtectionprotectsclientcomputersfrom the processes tha...

Page 244: ...olute path and file name When you select a prefix the exception can be used on different Windows operating systems 4 In the File or Folder text box type the name of the file or folder If you select a...

Page 245: ...box select one or more security risks that you want to exclude from virus and spyware scans 4 Check Logwhenthesecurityriskisdetected if you want to log the detection If you do not check this option th...

Page 246: ...dialog in the Exceptions policy The detected application also appears in the relevant log and you can create an exception from the log See Creating exceptions for Symantec Endpoint Protection Small B...

Page 247: ...Edition on page 240 To specify how Symantec Endpoint Protection Small Business Edition handles an application that scans detect or that users download 1 On the Exceptions Policy page click Exceptions...

Page 248: ...pplication Then you can create an exception to allow the application to run See Creating exceptions for Symantec Endpoint Protection Small Business Edition on page 240 To create an exception for Tampe...

Page 249: ...lient computers 1 On the Exceptions Policy page click Client Restrictions 2 Under ClientRestrictions uncheck any exception that you do not want users on client computers to configure 3 If you are fini...

Page 250: ...onitors tab click the Logs tab 2 In the Logtype drop down list select the Risk log SONAR log or Application and Device Control log 3 Click View Log 4 Next to Time range select the time interval to fil...

Page 251: ...er to connect to a proxy server to access the Internet Enabling and disabling LiveUpdate scheduling for client computers Configuring the LiveUpdate download schedule for client computers Managing cont...

Page 252: ...f you restrict product updates from LiveUpdate on a Mac client you must provide them manually Mac clients cannot get updates from the management server Table 18 1 describes some of the important tasks...

Page 253: ...ther product updates directly from a Symantec LiveUpdate server when they do not have access to the Symantec Endpoint Protection Manager server Enabling a computer to use LiveUpdate over the Internet...

Page 254: ...hen Symantec Endpoint Protection Manager is nonresponsive for a long period of time Client computers can receive updates directlyfrom a SymantecLiveUpdateserver Note Mac client computers must use this...

Page 255: ...s Frequency Select download start time window The retry interval determines how often the management server tries to connect to the LiveUpdate server The retry window determines how long the managemen...

Page 256: ...Download LiveUpdate Content dialog box click Download See Managing content updates on page 251 Viewing LiveUpdate downloads You can list the recent downloads of LiveUpdate content To view LiveUpdate...

Page 257: ...you want to connect a proxy server 3 Under Tasks click Edit the server properties 4 On the ProxyServer tab under HTTPProxySettings for Proxyusage select Use custom proxy settings 5 Type in the proxy s...

Page 258: ...ction Small Business Edition clients run scheduled LiveUpdates from the Symantec LiveUpdate server only if both of the following conditions are met Virus and spyware definitions on a client computer a...

Page 259: ...oads to Mac client computers 1 Click Policies and then click LiveUpdate 2 Right click the policy that you want and then click Edit 3 Under Mac Settings click Schedule 4 Specify the frequency If you se...

Page 260: ...Configuring updates and updating client computer protection Configuring the LiveUpdate download schedule for client computers 260...

Page 261: ...r a scheduled report Printing and saving a copy of a report Viewing logs Running commands on the client computer from the logs Monitoring endpoint protection Symantec Endpoint Protection Small Busines...

Page 262: ...uters in your network and view the details for each computer See Viewing system protection on page 264 View the number of computers with up to date virus and spyware definitions See Viewing system pro...

Page 263: ...ble and critical activities that concern your Symantec Endpoint Protection Manager and client computers The information in the event logs supplements the information is that is contained in the report...

Page 264: ...lick Symantec Endpoint Protection Daily Status or Symantec Endpoint Protection Small Business Edition Weekly Status Viewing system protection System protection comprises the following information The...

Page 265: ...tab from the Log type list box click Computer Status 3 Click Advanced Settings 4 In the Online status list box click Offline 5 Click View Log By default a list of the computers that have been offline...

Page 266: ...2 On the Quick Reports tab specify the following information You select Risk Report type You select New Risks Detected in the Network Selected report 3 Click Create Report To view a comprehensive ris...

Page 267: ...Reports tab specify the following information You select Network Threat Protection Report type You select Top Targets Attacked Select a report 3 Click Create Report To view top attack sources 1 In th...

Page 268: ...lay options that are used for the logs and the reports as well as legacy log file uploading For information about the preference options that you can set you can click Help on each tab in the Preferen...

Page 269: ...ee Printing and saving a copy of a report on page 275 Table 19 2 describes the types of reports that are available Table 19 2 Report types available as quick reports and scheduled reports Description...

Page 270: ...port settings so that you can run the same report at a later date and you can print and save reports Quick reports are static they provide information specific to the time frame you specify for the re...

Page 271: ...Set specific dates then use the Start date and End date list boxes These options set the time interval that you want to view information about When you generate a Computer Status report and select Se...

Page 272: ...report list box and the screen is repopulated with the default configuration settings Note If you delete an administrator from the management server you have the option to save the reports that were...

Page 273: ...nfigure as an mht file attachment The data that appears in the scheduled reports is updated in the database every hour At the time that the management server emails a scheduled report the data in the...

Page 274: ...eport that you have already scheduled The next time the report runs it uses the new filter settings You can also create additional scheduled reports which you can base on a previously saved report fil...

Page 275: ...ng database If you run the same report later based on the same filter configuration the new report shows different data To save a copy of a report 1 In the report window click Save 2 In the File Downl...

Page 276: ...the Log type list box select the type of log that you want to view 3 For some types of logs a Log content list box appears If it appears select the log content that you want to view 4 In the Useasaved...

Page 277: ...in reports Because reports are static and do not include as much detail as the logs you might prefer to monitor the network primarily by using logs You can view information about the created notifica...

Page 278: ...k applications and configuring software No actions are associated with these logs Network Threat Protection The SONAR log contains information about the threats that have been detected during SONAR th...

Page 279: ...lect a different time range and then reselect Past 24 hours To save a custom log by using a filter 1 In the main window click Monitors 2 On the Logs tab select the type of log view that you want to co...

Page 280: ...view the status of the commands that you have run from the console and their details You can also cancel a specific scan from this tab if the scan is in progress You can cancel all scans in progress a...

Page 281: ...if the server is down If the console has lost connectivity with the server you can log off the console and then log back on to see if that helps To view command status details 1 Click Monitors 2 On t...

Page 282: ...ick Yes to cancel all in progress and queued scans for the selected computers 7 When a confirmation that the command was queued successfully appears click OK Monitoring protection with reports and log...

Page 283: ...your environment but they may need to be adjusted Trial and error may be required to find the right balance between too many and too few notifications for your environment Set the threshold to an ini...

Page 284: ...ators about important issues See Setting up administrator notifications on page 291 Configure new notifications Optionally create filters to expand or limit your view of all of the notifications that...

Page 285: ...289 See About the preconfigured notifications on page 285 See Setting up administrator notifications on page 291 See Viewing and acknowledging notifications on page 289 About the preconfigured notifi...

Page 286: ...occur Some of these occurrence types require that you also enable logging in the associated policy Client security alert Alerts administrators about out of date Download Protection content You can spe...

Page 287: ...this condition This notification condition is enabled by default New software package This notification alerts administrators about security risk outbreaks You set the number and type of occurrences...

Page 288: ...milarly the management server can send a notification to the administrator when it detects that licenses are over deployed However in both of these cases the resolution of the problem may require the...

Page 289: ...otifications You can acknowledge an unacknowledged notification You can view all the notification conditions that are currently configured in the console The Security Status pane on the Home page indi...

Page 290: ...all configured notification conditions 1 In the console click Monitors 2 On the Monitors page on the Notifications tab click NotificationConditions All the notification conditions that are configured...

Page 291: ...ox click Yes Setting up administrator notifications You can configure notifications to alert you and other administrators when particular kinds of events occur You can also add the conditions that tri...

Page 292: ...hen click a notification type 4 In the Add Notification Condition dialog box provide the following information In the Notification name text box type a name to label the notification condition In the...

Page 293: ...ns setting is disabled for this notification condition Note When the Securitydefinitions setting in the Newclientsoftware notification condition is enabled it may cause a large number of notifications...

Page 294: ...during the upgrade process Unlike the other default notification conditions both the Log the notification and the Sendemailtosystemadministrators action settings are enabled for this condition If a tr...

Page 295: ...ts Configuring the access rights for a limited administrator Changing an administrator password Allowing administrators to save logon credentials Allowing administrators to reset forgotten passwords R...

Page 296: ...ess rights for a limited administrator on page 299 Grant access rights You can allow the administrator to reset another administrator s forgotten password See Allowing administrators to reset forgotte...

Page 297: ...s to specific policies Licenses The Limited Administrator role does not have access to license information including reports and notifications See Configuring the access rights for a limited administr...

Page 298: ...vailable to limited administrators when you restrict access rights See Configuring the access rights for a limited administrator on page 299 Table 21 3 Types of access rights Description Type of acces...

Page 299: ...imited administrator 1 In the console click Admin 2 On the Admin page click Administrators 3 Select the limited administrator You can also configure the access rights when you create a limited adminis...

Page 300: ...must be six or more characters in length All characters are permitted 6 Click OK Allowing administrators to save logon credentials You can allow your administrators to save their credentials when they...

Page 301: ...ators to reset forgotten passwords on page 300 Note A temporary password can be requested only once per minute from a single Symantec Endpoint Protection Manager console Note For security reasons entr...

Page 302: ...to log on to Symantec Endpoint Protection Manager If the user name or password is something other than admin running resetpass bat changes the user name and password back to admin To reset the adminis...

Page 303: ...Maintaining your security environment Chapter 22 Preparing for disaster recovery 3 Section...

Page 304: ...304...

Page 305: ...is collected while you installed Symantec Endpoint Protection Manager You then copy these files to another computer Table 22 1 High level steps to prepare for disaster recovery Description Action Step...

Page 306: ...to a text file optional Step 3 Copy the backed up files to a computer in a secure location Copy the files you backed up in the previous steps to another computer Step 4 See Performing disaster recover...

Page 307: ...uring and after the backup See Preparing for disaster recovery on page 305 To back up the database and logs 1 On the computer that runs Symantec Endpoint Protection Manager on the Start menu click All...

Page 308: ...Preparing for disaster recovery Backing up the database and logs 308...

Page 309: ...ubleshooting Symantec Endpoint Protection Chapter 23 Performing disaster recovery Chapter 24 Troubleshooting installation and communication problems Chapter 25 Troubleshooting reporting issues 4 Secti...

Page 310: ...310...

Page 311: ...ent in the event of hardware failure or database corruption Note This topic assumes that you have prepared for disaster recovery and have created backups and recovery files Table 23 1 Process for perf...

Page 312: ...u used to back up the database You can restore the database on the same computer on which it was installed originally or on a different computer The database restore might take several minutes to comp...

Page 313: ...tall the management server by using the product disc See Uninstalling Symantec Endpoint Protection Manager on page 48 See Installing the management server and the console on page 45 To reconfigure the...

Page 314: ...Performing disaster recovery Reinstalling or reconfiguring Symantec Endpoint Protection Manager 314...

Page 315: ...etween the management server and the console or the database Downloading the Symantec Endpoint Protection Support Tool to troubleshoot computer issues You can download a utility to diagnose common iss...

Page 316: ...file is overwritten To identify the point of failure of an installation 1 In a text editor open the log file that the installation generated 2 To find failures search for the following entry Value 3...

Page 317: ...the management server Test the connectivity between the client and the management server You should verify that there are no network problems by checking the following items Test the connectivity betw...

Page 318: ...n the management server and the client on page 316 To check connection status data values in the client 1 On the client on the program panel click Help Troubleshooting 2 In the left column select Conn...

Page 319: ...problems you can examine the Troubleshooting txt file The Troubleshooting txt file contains information about policies virus definitions and other client related data See Troubleshooting communication...

Page 320: ...connectivity to the management server 1 On the client open a command prompt 2 Type the ping command For example ping name where name is the computer name of the management server You can use the serve...

Page 321: ...ox logs on the management server 1 On the management server under HKEY_LOCAL_MACHINE SOFTWARE Symantec Symantec Endpoint Protection Small Business Edition SEPM set the DebugLevel value to 3 Typically...

Page 322: ...ter 3 On the product disc locate the Tools NoSupport SylinkDrop folder and open SylinkDrop exe You can run the tool remotely or save it and then run it on the client computer If you use the tool on th...

Page 323: ...ate for the management server s operating system If you cannot log in to the management server s remote console or if you see an out of memory message in the smc server log you may need to increase th...

Page 324: ...tab in the User ID text box type dba 8 In the Password text box type the password for the database This password is the one that you entered for the database when you installed the management server 9...

Page 325: ...rting database contains events in Greenwich Mean Time GMT When you create a report the GMT values are converted to the local time of the computer on which you view the reports If managed clients are i...

Page 326: ...uters in your network Reports are based on log data not the Windows registry data Report pages and log pages always display in the language that the management server was installed with To display the...

Page 327: ...porting you cannot access the on line context sensitive help To access context sensitive help when you use a non default port you must add a variable to the Reporter php file To change the port used t...

Page 328: ...at and then close the file 5 Make sure that the font file you type is located in the WINDIR fonts directory Accessing reporting pages when the use of loopback addresses is disabled If you have disable...

Page 329: ...System logs on the Symantec Endpoint Protection Manager console If corrupted you cannot view the data in the log on the client and the data does not upload to the console This condition can affect dat...

Page 330: ...Troubleshooting reporting issues About recovering a corrupted client System Log on 64 bit computers 330...

Page 331: ...and 12 1 clients Client protection features by platform Management features by platform Virus and Spyware Protection policy settings available for Windows and Mac LiveUpdate policy settings available...

Page 332: ...reating security policies for the clients See About client deployment methods on page 75 Configuring feature sets for clients See About client deployment methods on page 75 Deploying clients to the cl...

Page 333: ...ss Edition to 12 1 Small Business Edition From 12 1 Small Business Edition to 12 1 full version Note Symantec AntiVirus 9 x and 10 x server information can be imported during the installation of Syman...

Page 334: ...A 2 Migration paths from Symantec AntiVirus for Mac to the Symantec Endpoint Protection Small Business Edition Mac client Supported Migrate to Migrate from Yes Managed Symantec EndpointProtectionforM...

Page 335: ...nd Spyware Protection Virus and Spyware Protection Auto Protect Email Protection Email Scanner Auto Protect Email Protection POP3 SMTP Scanner Microsoft Outlook Scanner Proactive Threat Protection SON...

Page 336: ...Scanner Auto Protect Email Protection POP3 SMTP Scanner Microsoft Outlook Scanner N A Network Threat Protection Firewall and Intrusion Prevention The following tables show how email settings are mappe...

Page 337: ...o the legacy 12 0 64 bit client does not have a POP3 SMTP Scanner Email scanning is therefore not turned on automatically in the 12 1 64 bit client You can turn on this feature by sending a new policy...

Page 338: ...that enables email scanning to the 64 bit clients Auto Protect Email Protection Microsoft Outlook Scanner Client protection features by platform Table A 9 explains the differences in the protection f...

Page 339: ...nagement features by platform on page 339 See Virus and Spyware Protection policy settings available for Windows and Mac on page 340 See LiveUpdate policy settings available for Windows and Mac on pag...

Page 340: ...updates for third party tools in management server No Yes Set randomized scans Yes Yes Set randomized updates You can run Intelligent Updater to get Mac content updates You can then push the updates t...

Page 341: ...repair Terminate processes Stop services Specify remediation if a virus or a risk is found Custom only Active Full Custom Set scan type No Yes Retry scheduled scans No Yes Set scans to check additiona...

Page 342: ...point Protection Manager disk space before upgrading to version 12 1 The Symantec Endpoint Protection Manager version 12 1 requires a minimum of 5 GB of available disk space Make sure that any legacy...

Page 343: ...mantec Endpoint Protection Small Business Edition files See Symantec Technical Support knowledge base article TECH98416 for a list of temporary files you can remove Note Defragment the hard drive afte...

Page 344: ...Migration and client deployment reference Increasing Symantec Endpoint Protection Manager disk space before upgrading to version 12 1 344...

Page 345: ...g 215 searching for 215 assistive technology creating exceptions for 243 Auto Protect customizing for email scans 184 customizing for Mac computers 183 Auto Protect continued customizing for Windows c...

Page 346: ...g communication with the database 323 console about 51 content how clients receive updates 253 managing updates 251 content continued viewing downloads to server 256 D database backing up 306 restorin...

Page 347: ...services adding 225 pasting 221 processing order about 213 changing 213 setting up 219 full scans when to run 139 G global scan settings 188 group about 101 add 104 blocking 104 computer assignment 10...

Page 348: ...321 computer status 278 deleting configuration settings 280 filtering 279 Network Threat Protection 278 logs continued past 24 hours filter 279 refreshing 276 Risk 278 deleting files from the Quarant...

Page 349: ...ling 112 product components 37 protection enabling or disabling 111 updating 251 protocols adding to a rule 225 proxy required exceptions when using authentication 167 Symantec Endpoint Protection Man...

Page 350: ...out detections 196 SONAR continued enabling or disabling 200 feature dependencies 170 managing 196 monitoring scan events 198 spyware 146 stateful inspection 214 status clients and computers 109 statu...

Page 351: ...erties displaying 110 V virtual machine adjusting scans for 161 virtualization adjusting scans for 161 randomizing scans 187 Virus and Spyware Protection preventing attacks 130 Virus and Spyware Prote...

Reviews: