Symantec 20032623 - Endpoint Protection Small Business Edition Скачать руководство пользователя страница 196 | Manualshive

Страница: 196 / 351

background image

See

“About the files and applications that SONAR detects”

on page 196.

About the files and applications that SONAR detects

SONAR uses a heuristics system that leverages Symantec's online intelligence
network with proactive local monitoring on your client computers to detect
emerging threats. SONAR also detects changes or behavior on your client
computers that you should monitor.

SONAR does not make detections on application type, but on how a process
behaves. SONAR acts on an application only if that application behaves maliciously,
regardless of its type. For example, if a Trojan horse or keylogger does not act
maliciously, SONAR does not detect it.

SONAR detects the following items:

SONAR uses heuristics to determine if an
unknown file behaves suspiciously and might be
a high risk or low risk. It also uses reputation data
to determine whether the threat is a high risk or
low risk.

Heuristic threats

SONAR detects applications or the files that try
to modify DNS settings or a host file on a client
computer.

System changes

Some good trusted files might be associated with
suspicious behavior. SONAR detects these files
as suspicious behavior events. For example, a
well-known document sharing application might
create executable files.

Trusted applications that exhibit bad
behavior

If you disable Auto-Protect, you limit SONAR's ability to make detections of high
and low risk files. If you disable Insight lookups (reputation queries), you also
limit the SONAR's detection capability.

See

“Managing SONAR”

on page 196.

Managing SONAR

SONAR is part of Proactive Threat Protection on your client computers. You
manage SONAR settings as part of a Virus and Spyware Protection policy.

You configure SONAR settings for the clients that run Symantec Endpoint
Protection Small Business Edition version 12.1. SONAR settings also include

Managing SONAR

About the files and applications that SONAR detects

196

«
...
194
195
196
197
198
...
»

Содержание 20032623 - Endpoint Protection Small Business Edition

Страница 1: ...Symantec Endpoint Protection Small Business Edition Implementation Guide...

Страница 2: ...scribed in this document is distributed under licenses restricting its use copying distribution and decompilation reverse engineering No part of this document may be reproduced in any form by any mean...

Страница 3: ...Symantec Corporation 350 Ellis Street Mountain View CA 94043 http www symantec com...

Страница 4: ...minute information Upgrade assurance that delivers software upgrades Global support purchased on a regional business hours or 24 hours a day 7 days a week basis Premium service offerings that include...

Страница 5: ...ss support Customer service Customer service information is available at the following URL www symantec com business support Customer Service is available to assist with non technical questions such a...

Страница 6: ...xisting support agreement please contact the support agreement administration team for your region as follows customercare_apac symantec com Asia Pacific and Japan semea symantec com Europe Middle Eas...

Страница 7: ...ing protection on client computers 29 Maintaining the security of your environment 30 Troubleshooting Symantec Endpoint Protection Small Business Edition 31 Section 1 Installing Symantec Endpoint Prot...

Страница 8: ...ymantec Endpoint Protection Small Business Edition license 63 About the Symantec Licensing Portal 63 Maintaining your product licenses 64 Checking license status 64 Downloading a license file 65 Licen...

Страница 9: ...e in Symantec AntiVirus before migration 92 Disabling scheduled scans in Symantec System Center when you migrate client computers 93 Turning off the roaming service 93 Uninstalling and deleting report...

Страница 10: ...ssigning a policy to a group 123 Viewing assigned policies 124 Testing a security policy 124 Replacing a policy 125 Exporting and importing policies 125 Deleting a policy permanently 126 How the clien...

Страница 11: ...tection features work together 170 Enabling or disabling client submissions to Symantec Security Response 172 Managing the Quarantine 174 Using the Risk log to delete quarantined files on your client...

Страница 12: ...207 Creating a firewall policy 209 Enabling and disabling a firewall policy 210 Adjusting the firewall security level 211 About firewall rules 212 About the firewall rule firewall setting and intrusi...

Страница 13: ...from scans 247 Creating a Tamper Protection exception 248 Restricting the types of exceptions that users can configure on client computers 249 Creating exceptions from log events in Symantec Endpoint...

Страница 14: ...custom logs by using filters 279 Running commands on the client computer from the logs 280 Chapter 20 Managing notifications 283 Managing notifications 283 How notifications work 284 About the precon...

Страница 15: ...ndpoint Protection Manager 313 Chapter 24 Troubleshooting installation and communication problems 315 Downloading the Symantec Endpoint Protection Support Tool to troubleshoot computer issues 315 Iden...

Страница 16: ...t recovering a corrupted client System Log on 64 bit computers 329 Appendix A Migration and client deployment reference 331 Where to go for information on upgrading and migrating 331 Supported server...

Страница 17: ...dition is a client server solution that protects laptops desktops Mac computers and servers in your network against malware Symantec Endpoint Protection combines virus protection with advanced threat...

Страница 18: ...management overhead time and cost by offering a single management console and the single client See About the types of threat protection that Symantec Endpoint Protection Small Business Edition provid...

Страница 19: ...ion uses reputation data to make decisions about files on page 169 Insight lets scans skip Symantec and community trusted files which improves scan performance See Modifying global scan settings for W...

Страница 20: ...ill Infected Status for a client computer once the computer is no longer infected Faster and more flexible management To increase the speed between the management server and the management console dat...

Страница 21: ...3 6 4 0 See System requirements on page 41 Support for additional operating systems About the types of threat protection that Symantec Endpoint Protection Small Business Edition provides Symantec Endp...

Страница 22: ...firewall engine shields computers from malicious threats before they appear The IPS scans network traffic and files for indications of intrusions or attempted intrusions Browser Intrusion Prevention s...

Страница 23: ...loit these vulnerabilities can evade signature based detection such as spyware definitions Zero day attacks may be used in targeted attacks and in the propagation of malicious code SONAR provides real...

Страница 24: ...ction policy SONAR Adware Back doors Mutating threats Spyware Trojans Worms Viruses Insider threats Keyloggers Retro viruses Spyware Targeted attacks Trojans Worms Zero day threats DNS and host file c...

Страница 25: ...hat your network is protected immediately after you install You can modify these settings to suit your network environment See Managing protection on client computers on page 29 Managing Symantec Endp...

Страница 26: ...up or a group of Mac computers in another group See How you can structure groups on page 103 See Adding a group on page 104 See Guidelines for managing portable computers on page 105 Create groups Cha...

Страница 27: ...ht not update for one to two heartbeats See Using the policy serial number to check client server communication on page 127 2 Change to the Protectiontechnology view and ensure that the following prot...

Страница 28: ...that the client does not scan certain folders and files For example the client scans the mail server every time a scheduled scan runs You can also exclude files by extension for Auto Protect scans See...

Страница 29: ...ge 107 Organizing and managing groups Symantec Endpoint Protection Manager includes default policies for each type of protection The policies balance the need for protection with performance Out of th...

Страница 30: ...to look for unprotected computers See Preparing for client installation on page 71 See Deploying clients using a Web link and email on page 76 Managing client deployment You use reports and logs to vi...

Страница 31: ...y server and LiveUpdate servers See Establishing communication between the management server and email servers on page 289 See Configuring Symantec Endpoint Protection Manager to connect to a proxy se...

Страница 32: ...se channels include server to client server to database and server and client to the content delivery component such as LiveUpdate See Troubleshooting communication problems between the management ser...

Страница 33: ...nstalling Symantec Endpoint Protection Manager Chapter 4 Managing product licenses Chapter 5 Preparing for client installation Chapter 6 Installing the Symantec Endpoint Protection Small Business Edit...

Страница 34: ...34...

Страница 35: ...tand the sizing requirements for your network In addition to identifying the endpoints requiring protection scheduling updates and other variables should be evaluated to ensure good network and databa...

Страница 36: ...puters Open ports and allow protocols Step 4 Identify the user names passwords email addresses and other installation settings Have the information on hand during the installation Identify installatio...

Страница 37: ...for managing portable computers on page 105 Prepare computers for client installation Step 8 Install the Symantec Endpoint Protection Small Business Edition client on your endpoint computers Symantec...

Страница 38: ...r The database stores security policies and events The database is installed on the computer that hosts Symantec Endpoint Protection Manager Database The Symantec Endpoint Protection Small Business Ed...

Страница 39: ...ed Computers running the Symantec Endpoint Protection client See About the types of threat protection that Symantec Endpoint Protection Small Business Edition provides on page 21 Product license requi...

Страница 40: ...on license See Activating your product license on page 59 Serial number Deployed refers to the endpoint computers that are under the protection of the Symantec Endpoint Protection Small Business Editi...

Страница 41: ...Additional details are provided in the following tables Table 2 4 displays the minimum requirements for the Symantec Endpoint Protection Manager Table 2 5 displays the minimum requirements for the Sy...

Страница 42: ...nt Protection Manager regardless of the client operating system Table 2 5 Symantec Endpoint Protection Small Business Edition Windows and Mac client system requirements Requirements Component 32 bit p...

Страница 43: ...atibility with other products Some products may cause conflicts with Symantec Endpoint Protection Small Business Edition when they are installed on the same server You need to configure the Symantec E...

Страница 44: ...ee the Symantec Support knowledge base article Addressing Symantec Endpoint Protection compatibility issues See System requirements on page 41 Planning the installation About Symantec Endpoint Protect...

Страница 45: ...Manager Logging on to the Symantec Endpoint Protection Manager console What you can do from the console Installing the management server and the console You perform several tasks to install the serve...

Страница 46: ...The installation process begins with the installation of the Symantec Endpoint Protection Manager and console This part of the installation completes automatically 7 In the installation summary panel...

Страница 47: ...important notifications and reports The email server name and port number You can optionally add partner information if you have a Symantec Sales Partner who manages your Symantec licenses See Plannin...

Страница 48: ...have instructions to manually uninstall Symantec Endpoint Protection Manager and clients Table 3 1 List of manual uninstallation knowledge base articles Article Version How to manually uninstall Syma...

Страница 49: ...view content from the server you log on to When you log on remotely you can perform the same tasks as administrators who log on locally What you can view and do from the console depends on the type o...

Страница 50: ...k Yes This message means that the remote console URL that you specified does not match the Symantec Endpoint Protection Manager certificate name This problem occurs if you log on and specify an IP add...

Страница 51: ...phical user interface for administrators You use the console to manage policies and computers monitor endpoint protection status and create and manage administrator accounts The console divides the fu...

Страница 52: ...tasks from the Reports page Run Quick Reports Run the Daily Summary Report Run the Weekly Summary Report See Running and customizing quick reports on page 270 Reports Display the security policies th...

Страница 53: ...wing tasks from the Admin page Create edit and delete administrator accounts View and edit email and proxy server settings Import and purchase licenses Adjust the LiveUpdate schedule Download content...

Страница 54: ...Installing Symantec Endpoint Protection Manager What you can do from the console 54...

Страница 55: ...e Activation wizard Required licensing contact information About upgrading from trialware About product upgrades and licenses About renewing your Symantec Endpoint Protection Small Business Edition li...

Страница 56: ...s important to understand the license requirements imposed by the system you want to protect A license lets you install the Symantec Endpoint Protection Small Business Edition client on a specified nu...

Страница 57: ...preserves the license files in case the database or the computer s hard disk is damaged See Backing up your license files on page 66 Back up your license files Depending upon the license vendor you r...

Страница 58: ...cense expires you must activate a paid license to retain full product functionality You do not have to uninstall the trial licensed version to convert your Symantec Endpoint Protection Small Business...

Страница 59: ...ection Small Business Edition http customercare symantec com To get help with purchasing licenses or learn more about licenses See Licensing Symantec Endpoint Protection on page 56 Where to buy a Syma...

Страница 60: ...ct licenses The License Activation wizard is a component of the Symantec Endpoint Protection Manager You start the wizard from either from the Symantec Endpoint Protection Small Business Edition Welco...

Страница 61: ...cense file Symantec License files use the SLF extension If you received a SLF file from Symantec or a Symantec vendor use this option to activate your product license Note The SLF file is usually atta...

Страница 62: ...ntec Endpoint Protection Small Business Edition a trialware license is provided and activated automatically To continue using Symantec Endpoint Protection Small Business Edition beyond the trial perio...

Страница 63: ...e or contact your Symantec partner or preferred Symantec reseller Visit the Symantec Store at the following online location http store symantec com See Using the License Activation wizard on page 60 I...

Страница 64: ...nse See About renewing your Symantec Endpoint Protection Small Business Edition license on page 63 Recovering a deleted license See Recovering a deleted license on page 67 You should also become famil...

Страница 65: ...s a copy of the license file and the recovery file The default path to the license file is installation directory inetpub licensing See Licensing Symantec Endpoint Protection on page 56 See Preparing...

Страница 66: ...cts and versions Clients licensed as Symantec Endpoint Protection Small Business Edition Small Business Edition remained licensed as Small Business Edition clients when the Symantec Endpoint Protectio...

Страница 67: ...rting a license saves the license file in the Symantec Endpoint Protection Manager database See Licensing Symantec Endpoint Protection on page 56 You can import the following types of licenses License...

Страница 68: ...that expires last For instance a three year license that is activated with only the first two files indicates a duration of only two years When the third file is activated at a later date the full dur...

Страница 69: ...sers Application Data Symantec Symantec Endpoint Protection CurrentVersion inbox On the clients that use Vista or a newer version of Windows the inbox is located at Drive ProgramData Symantec Symantec...

Страница 70: ...Managing product licenses Licensing an unmanaged client 70...

Страница 71: ...rotection software In general you can use the Windows Add or Remove Programs tool to uninstall programs However some programs have special uninstallation routines See the documentation for the third p...

Страница 72: ...le 5 2 Remote deployment actions Tasks Operating system Windows XP computers that are installed in workgroups do not accept remote deployment To permit remote deployment disable Simple File Sharing No...

Страница 73: ...rform the following tasks Configure a server that runs Windows Server 2003 to allow remote control Connect to the server from a remote computer by using a remote console session or shadow the console...

Страница 74: ...Preparing for client installation Preparing Windows operating systems for remote deployment 74...

Страница 75: ...nstalling an unmanaged client Uninstalling the client About client deployment methods You deploy the Symantec Endpoint Protection Small Business Edition client by using the Client Deployment Wizard Yo...

Страница 76: ...are See Deploying clients by using Save Package on page 79 Save package Deploying clients using a Web link and email The Web link and email method creates a URL for each client installation package Yo...

Страница 77: ...ge panel specify the email recipients and the subject and then click Next You can either specify who receives the URL by email or copy the URL and post it to a convenient online location To specify mu...

Страница 78: ...y clients by using Remote Push 1 In the console click Home 2 On the Home page in the Common Tasks menu select Install protection client to computers The Client Deployment wizard starts 3 In the Welcom...

Страница 79: ...e or a collection of files that include a setup exe file Computer users often find one setup exe file easier to use Save the installation package in the default directory or a directory of your choice...

Страница 80: ...ion package to the computer users 12 Confirm that the computer users installed the custom installation package Note You or the computer users must restart the client computers See Viewing client inven...

Страница 81: ...to your network You use the console to update the client software security policies and virus definitions on the managed client computers In most cases you install the client software as a managed cli...

Страница 82: ...nel click I accept the terms in the license agreement and then click Next 4 Confirm that the unmanaged computer is selected and then click Next This panel appears when you install the client software...

Страница 83: ...ove Programs 2 In the Add or Remove Programs dialog box select Symantec Endpoint Protection Small Business Edition and then click Remove 3 Follow the onscreen prompts to remove the client software 83...

Страница 84: ...Installing the Symantec Endpoint Protection Small Business Edition client Uninstalling the client 84...

Страница 85: ...rading to a new release Migrating a management server Stopping and starting the management server service Disabling LiveUpdate in Symantec AntiVirus before migration Disabling scheduled scans in Syman...

Страница 86: ...to go for information on upgrading and migrating on page 331 You may skip migration as follows Uninstall the Symantec legacy virus protection software from your servers and client computers During Sy...

Страница 87: ...ns on the client computers during migration See Disabling LiveUpdate in Symantec AntiVirus before migration on page 92 Turn off roaming service Migration might hang and fail to complete if the roaming...

Страница 88: ...de from Symantec Endpoint Protection Small Business Edition Small Business Edition your upgrade license activates new features on previously installed clients About migrating computer groups Migration...

Страница 89: ...rver policy settings are configured Select one of the following options Server group Each parent server Server policy settings Specify where the client policy settings are configured Select one of the...

Страница 90: ...nager in your network The existing version is detected automatically and all settings are saved during the upgrade See Installing the management server and the console on page 45 Upgrade the Symantec...

Страница 91: ...migration but you may notice performance improvements if you restart the computer and log on Stopping and starting the management server service Before you upgrade you must manually stop the Symantec...

Страница 92: ...on See Migrating from Symantec Client Security or Symantec AntiVirus on page 87 To disable LiveUpdate in Symantec AntiVirus 1 In the Symantec System Center right click a server group 2 Click All Tasks...

Страница 93: ...the Scheduled Scans dialog box on the Server Scans tab uncheck all scheduled scans 4 On the Client Scans tab uncheck all scheduled scans and then click OK 5 Repeat this procedure for all primary manag...

Страница 94: ...files You must also delete reporting servers from the Symantec System Center Complete reporting server uninstallation information is available in the Symantec System Center Online Help Legacy settings...

Страница 95: ...30 minutes Therefore you may want to upgrade client software when most users are not logged on to their computers Table 7 5 Methods to upgrade Symantec Endpoint Protection Small Business Edition and S...

Страница 96: ...ion number is displayed in the client s Help About panel See About upgrading client software on page 95 To upgrade clients by using AutoUpgrade 1 In the Symantec Endpoint Protection Manager console cl...

Страница 97: ...Note The wizard creates the package which can take two or three minutes During this time no progress is indicated After the package is created progress advances as the package is copied to the selecte...

Страница 98: ...Upgrading and migrating to Symantec Endpoint Protection Small Business Edition Upgrading clients by using AutoUpgrade 98...

Страница 99: ...9 Managing clients Chapter 10 Using policies to manage security Chapter 11 Managing Virus and Spyware Protection Chapter 12 Customizing scans Chapter 13 Managing SONAR Chapter 14 Managing Tamper Prot...

Страница 100: ...pter 18 Configuring updates and updating client computer protection Chapter 19 Monitoring protection with reports and logs Chapter 20 Managing notifications Chapter 21 Managing administrator accounts...

Страница 101: ...omputers You organize computers with similar security needs into groups For example you might organize the computers in your accounting department into the Accounting group The group structure that yo...

Страница 102: ...view the assigned computers in the console to check whether they are assigned correctly See Viewing assigned computers on page 105 View assigned computers You can create groups in the console The newl...

Страница 103: ...s are located Geography You can create groups based on a combination of criteria For example you can use the function and the role You can add a parent group by role and add child subgroups by functio...

Страница 104: ...s You can set up client installation packages with their group membership already defined If you define a group in the package the client automatically is added to the appropriate group The client is...

Страница 105: ...tab in the selected group select the computer and then right click Move Use the Shift key or the Control key to select multiple computers 4 In the Move Clients dialog box select the new group 5 Click...

Страница 106: ...Endpoint Protection Manager and receive updates directly from Symantec LiveUpdate servers Create a group for the managed portable computers Placing the managed portable computers in one group lets you...

Страница 107: ...Converting an unmanaged client to a managed client Managing client computers Table 9 1 lists the tasks you should perform with the computers after you install the client software You can perform addit...

Страница 108: ...You can temporarily disable protection on the client computers if you need to diagnose a problem or improve performance See About enabling and disabling protection on page 111 See Running commands on...

Страница 109: ...ed client computers that do not have the client installed You can view the computer name the domain name and the name of the user who is logged on Which protections are enabled and disabled Which clie...

Страница 110: ...The only field that you can edit is the Description field on the General tab The page includes the following tabs General Displays the information about the group domain logon name and the hardware co...

Страница 111: ...th the client computer For example if an application does not run or does not run correctly you might want to disable Network Threat Protection If you still have the problem after you disable all prot...

Страница 112: ...tection of host file and system changes continues to function See Running commands on the client computer from the console on page 114 If Auto Protect causes a problem with an application it is better...

Страница 113: ...emand scan on the client computers If you run a scan command and select a Custom scan the scan uses the command scan settings that you configured on the Administrator defined Scans page The command us...

Страница 114: ...ocess this command Enable Network ThreatProtection and Disable Network Threat Protection See Running commands on the client computer from the console on page 114 See Running commands on the client com...

Страница 115: ...n the message that appears click OK Converting an unmanaged client to a managed client You or the computer user can convert an unmanaged client to a managed computer See About managed and unmanaged cl...

Страница 116: ...ment dialog box under CommunicationSettings click Import Follow the prompts to locate the sylink xml file The client computer immediately connects to the server The server places the computer in the g...

Страница 117: ...olicy Copying and pasting a policy Editing a policy Locking and unlocking policy settings Assigning a policy to a group Viewing assigned policies Testing a security policy Replacing a policy Exporting...

Страница 118: ...rs try to download by using reputation data from Download Insight Detect the applications that exhibit suspicious behavior by using SONAR heuristics and reputation data The VirusandSpywareProtectionpo...

Страница 119: ...otection Small Business Edition on page 238 Exceptions policy Performing tasks that are common to all security policies You can manage your Symantec Endpoint Protection Small Business Edition security...

Страница 120: ...o a group on page 123 Assign a policy Symantec recommends that you always test a new policy before you use it in a production environment See Testing a security policy on page 124 Test a policy You ca...

Страница 121: ...g or after policy creation The new policy replaces the currently assigned policy of the same protection type See Assigning a policy to a group on page 123 Copying and pasting a policy You can copy a p...

Страница 122: ...ecific policy that you want to edit 4 Under Tasks click Edit the Policy 5 In the policy type Policy Overview pane edit the name and description of the policy if necessary 6 To edit the policy click an...

Страница 123: ...only apply to Window computers You can assign a policy to one or more groups The policy replaces the currently assigned policy of the same protection type Policies are assigned to computer groups as...

Страница 124: ...ck Help for more information about the assigned policies To view assigned policies 1 In the console click Computers 2 On the Computers page on the Policies tab in the group tree click a group The poli...

Страница 125: ...ich you want to replace the existing policy 7 Click Replace 8 When you are prompted to confirm the replacement of the policy click Yes See Performing tasks that are common to all security policies on...

Страница 126: ...ed to delete old groups and their associated policies See Performing tasks that are common to all security policies on page 119 If a policy is assigned to one or more groups you cannot delete it until...

Страница 127: ...ming tasks that are common to all security policies on page 119 To view the policy serial number in the console 1 In the console click Computers 2 Under Computers select the relevant group The policy...

Страница 128: ...Using policies to manage security Using the policy serial number to check client server communication 128...

Страница 129: ...mand scans on client computers Adjusting scans to improve computer performance Adjusting scans to increase protection on your client computers Managing Download Insight detections How Symantec Endpoin...

Страница 130: ...t Protection Small Business Edition is functioning correctly Make sure that your computers have Symantec Endpoint Protection Small Business Edition installed Make sure that the latest virus definition...

Страница 131: ...Edition generates an active scan that runs at 12 30 P M On unmanaged computers Symantec Endpoint Protection Small Business Edition also includes a default startup scan that is disabled You should make...

Страница 132: ...page 172 Allow clients to submit information about detections to Symantec Symantec recommends that you run intrusion prevention on your client computers as well as Virus and Spyware Protection See Man...

Страница 133: ...d They are part of the Suspicious count in the summary Computers are considered still infected if a subsequent scan detects them as infected For example a scheduled scan might partially clean a file A...

Страница 134: ...280 Restart computers if necessary to complete remediation Step 4 If any risks remain you should to investigate them further You can check the Symantec Security Response Web pages for up to date infor...

Страница 135: ...e action was Left Alone you should either clean the risk from the computer remove the computer from the network or accept the risk For Windows clients you might want to edit the Virus and Spyware Prot...

Страница 136: ...un by default but you might want to change settings or set up your own scheduled scans You can also customize scans and change how much protection they provide on your client computers Table 11 3 Mana...

Страница 137: ...computers See Setting up scheduled scans that run on Windows computers on page 157 See Setting up scheduled scans that run on Mac computers on page 159 See Running on demand scans on client computers...

Страница 138: ...imize your client computers performance while still providing a high level of protection You can increase the level of protection however See Adjusting scans to increase protection on your client comp...

Страница 139: ...submit Symantec recommends that you always allow clients to send submissions The information helps Symantec address threats See Enabling or disabling client submissions to Symantec Security Response...

Страница 140: ...es detected viruses and security risks Note Mac clients support Auto Protect for the file system only See About the types of Auto Protect on page 142 Auto Protect Download Insight boosts the security...

Страница 141: ...duled scan scans all files and directories Startup scans and triggered scans Startup scans run when the users log on to the computers Triggered scans run when new virus definitions are downloaded to c...

Страница 142: ...the applications that are used for malicious purposes Unlike SONAR which runs in real time TruScan proactive threat scans run on a set frequency TruScanproactivethreat scans About the types of Auto P...

Страница 143: ...s enabled Most email applications save attachments to a temporary folder when users launch email attachments Auto Protect scans the file as it is written to the temporary folder and detects any virus...

Страница 144: ...virus and security risks Symantec Endpoint Protection Small Business Edition scans for both viruses and for security risks Security risks include spyware adware rootkits and other files that can put a...

Страница 145: ...that blend the characteristics of viruses worms Trojan horses and code with server and Internet vulnerabilities to initiate transmit and spread an attack Blended threats use multiple methods and techn...

Страница 146: ...access to a computer Security assessment tool Stand alone programs that can secretly monitor system activity and detect passwords and other confidential information and relay it back to another comput...

Страница 147: ...at the client automatically creates Look in the following locations of the Windows registry On 32 bit computers see HKEY_LOCAL_MACHINE Software Symantec Symantec Endpoint Protection Small Business Edi...

Страница 148: ...mputer where the client software is already installed the exclusions are created when the client checks for changes The client excludes both files and folders if a single file is moved from an exclude...

Страница 149: ...the exclusions Active Directory domain controller The client automatically creates appropriate file and folder scan exclusions for certain Symantec products when they are detected The client creates...

Страница 150: ...deselect are excluded from that particular scan Symantec does not recommend that you exclude any extensions from scans If you decide to exclude files by extension and any Microsoft folders however yo...

Страница 151: ...nt to skip or you can disable the option If you disable the option you might increase scan time Trusted files About submitting information about detections to Symantec Security Response You can config...

Страница 152: ...the Symantec Web site contact Symantec Technical Support See Enabling or disabling client submissions to Symantec Security Response on page 172 See How Symantec Endpoint Protection Small Business Edit...

Страница 153: ...al to the percentage that is set in that computer s policy then the computer submits information If the number is greater than the configured percentage the computer does not submit information About...

Страница 154: ...es Logs the boot viruses Notifies the computer users about viruses and security risks Auto Protect for the file system Enabled Other types of Auto Protect include the following settings Scans all file...

Страница 155: ...nfection locations Cleans the virus infected files Backs up the files before it repairs them Quarantines the files that cannot be cleaned Quarantines the files with security risks Logs the files that...

Страница 156: ...ined scans How Symantec Endpoint Protection Small Business Edition handles detections of viruses and security risks Symantec Endpoint Protection Small Business Edition uses default actions to handle t...

Страница 157: ...mantec Endpoint Protection Small Business Edition to take when it finds risks You can configure different actions for viruses and security risks You can use different actions for scheduled on demand o...

Страница 158: ...information about the options that are used in this procedure To set up scheduled scans that run on Windows computers 1 In the console open a Virus and Spyware Protection policy 2 Under Windows Setti...

Страница 159: ...s the basis for a different Virus and Spyware Protection policy The scan templates can save you time when you configure new policies or scans A scheduled scan template is included by default in the po...

Страница 160: ...omputers you can run only a custom on demand scan The custom scan uses the settings that are configured for on demand scans in the Virus and Spyware Protection policy Note If you issue a restart comma...

Страница 161: ...Adjusting scans to improve performance on Windows computers Description Task You can adjust the following options for scheduled and on demand scans Change tuning options You can change the scan tunin...

Страница 162: ...perform a full scan that runs until it scans the entire computer You should also not use a resumable scan if a scan can complete before the specified interval See Setting up scheduled scans that run...

Страница 163: ...s is equivalent to tuning or performance adjustment on Windows computers High priority means that the scan runs as fast as possible but other applications may run more slowly during the scan Low prior...

Страница 164: ...ntil finished Use Insight Lookup Insight Lookup uses the latest definition set from the cloud and information from the Insight reputation database to scan and make decisions about files You should mak...

Страница 165: ...actions for detections Note Be careful when you use Delete or Terminate for security risk detections The action might cause some legitimate applications to lose functionality See Changing the action...

Страница 166: ...ation You can also see whether a user chose to allow a detected file Note Risk details for a Download Insight detection show only the first portal application that attempted the download For example a...

Страница 167: ...l intranet sites on the Windows Control Panel Internet Options Security tab When the Automaticallytrustanyfiledownloaded from an intranet site option is enabled Symantec Endpoint Protection Small Busi...

Страница 168: ...tifications are enabled the malicious file sensitivity setting affects the number of notifications that users receive If you increase the sensitivity you increase the number of user notifications beca...

Страница 169: ...nt computer The client computer must request or query the reputation database Symantec uses a technology it calls Insight to determine each file s level of risk or security rating Insight determines a...

Страница 170: ...Small Business Edition protection features work together Some policy features require each other to provide complete protection on Windows client computers Warning Symantec recommends that you do not...

Страница 171: ...en if you disable Download Insight the Automatically trust any file downloaded from anintranetwebsite option continues to function for Insight Lookup Download Insight Uses Insight lookups Insight Look...

Страница 172: ...or disabled Browser Intrusion Prevention Download Protection must be installed When you create a Trusted Web domain exception the exception is only applied if Download Protection is installed Trusted...

Страница 173: ...anonymous security information to Symantec 5 To disable submissions for the client uncheck Letcomputersautomatically forward selected anonymous security information to Symantec If you disable submissi...

Страница 174: ...k log This information is used for statistical analysis 7 Check AllowInsightlookupsforthreatdetection to allow Symantec Endpoint Protection to use the Symantec Insight reputation database to make deci...

Страница 175: ...ntined files on your client computers You can use the Risk log in the Symantec Endpoint Protection Manager console to delete quarantined files on your client computers You run the Delete from Quaranti...

Страница 176: ...ears click Delete 7 In the confirmation dialog box that appears click OK Managing the virus and spyware notifications that appear on client computers You can decide whether or not notifications appear...

Страница 177: ...alone log only For Mac client computers you can configure a detection message that applies to all scheduled scans and a message that applies to on demand scans See Customizing administrator defined sc...

Страница 178: ...rotect for email scans on Windows computers on page 184 Set up Auto Protect email notifications Applies to Windows client computers only You can configure whether or not the scan progress dialog box a...

Страница 179: ...Windows computers Customizing administrator defined scans for clients that run on Windows computers Customizing administrator defined scans for clients that run on Mac computers Randomizing scans to...

Страница 180: ...s a detection The user notifications for Auto Protect detections You can also enable or disable the Scan Results dialog for Auto Protect scans of the file system See Customizing Auto Protect for Windo...

Страница 181: ...ng the virus and spyware scans that run on Mac computers You can customize options for administrator defined scans scheduled and on demand scans that run on Mac computers You can also customize option...

Страница 182: ...s Scan all files This is the default and most secure option Scan only selected extensions You can improve scan performance by selecting this option however you might decrease the protection on your co...

Страница 183: ...le System Auto Protect 3 At the top of the Scan Details tab click the lock icon to lock or unlock all settings 4 Check or uncheck any of the following options Enable File System Auto Protect Automatic...

Страница 184: ...the following options Scan all files This is the default and most secure option Scan only selected extensions You can improve scan performance by selecting this option however you might decrease the p...

Страница 185: ...puters on page 157 To customize an administrator defined scan for clients that run on Windows computers 1 In the console open a Virus and Spyware Protection policy 2 Under Windows Settings click Admin...

Страница 186: ...that run on Mac computers You customize scheduled scans and on demand scans separately Some of the options are different See Customizing the virus and spyware scans that run on Mac computers on page 1...

Страница 187: ...dFolders select the items that you want to scan You can also specify actions for scan detections and enable or disables scans of compressed files 4 On the Notifications tab enable or disable notificat...

Страница 188: ...at you apply the policy to the group that includes the computers that run Virtual Machines Modifying global scan settings for Windows clients You can customize global settings for scans that run on Wi...

Страница 189: ...load Insight displays on client computers when it makes a detection See Customizing the virus and spyware scans that run on Windows computers on page 180 See Managing Download Insight detections on pa...

Страница 190: ...ey make a detection Each scan has its own set of actions such as Clean Quarantine Delete or Leave alone log only On Windows clients each detection category can be configured with a first action and a...

Страница 191: ...ecurity risks affect use the Quarantine action instead To specify the action that Symantec Endpoint Protection Small Business Edition takes when it makes a detection on Windows computers 1 In the cons...

Страница 192: ...ans select the Common Settings tab For on demand scans on the Scans tab under AdministratorOn demand Scan click Edit 3 Under Actions check either of the following options Automatically repair infected...

Страница 193: ...r stops a scan while the client software scans a compressed file the scan does not stop immediately In this case the scan stops as soon as the compressed file has been scanned A stopped scan does not...

Страница 194: ...ber of snooze opportunities box type a number between 1 and 8 By default a user can delay a scan for 1 hour To change this limit to 3 hours check Allow users to snooze the scan for 3 hours 7 Click OK...

Страница 195: ...have been created to address the threats SONAR uses heuristics as well as reputation data to detect emerging and unknown threats SONAR provides an additional level of protection on your client compute...

Страница 196: ...the threat is a high risk or low risk Heuristic threats SONAR detects applications or the files that try to modify DNS settings or a host file on a client computer System changes Some good trusted fi...

Страница 197: ...k whether Proactive Threat Protection is enabled on your client computers Note Legacy clients do not report Proactive Threat Protection status to Symantec Endpoint Protection Manager See Enabling or d...

Страница 198: ...AR from detecting the applications that you know are safe Symantec recommends that you enable submissions on your client computers The information that clients submit about detections helps Symantec a...

Страница 199: ...u need to look at the Application type and File Path columns for more information For example you might recognize the application name of a legitimate application that a third party company has develo...

Страница 200: ...e SONAR Logs pane Enabling or disabling SONAR When you enable or disable SONAR you also enable or disable TruScan proactive threat scans for legacy clients See Managing SONAR on page 196 To enable or...

Страница 201: ...ients only It does not run on Mac clients If you use third party security risk scanners that detect and defend against unwantedadwareandspyware thesescannerstypicallyaffectSymantecresources If you hav...

Страница 202: ...an enable and disable Tamper Protection and configure the action that it takes when it detects a tampering attempt You can also configure it to notify users when it detects a tampering attempt Tamper...

Страница 203: ...rom being tampered with or shut down 4 In the list box under Actions to take if an application attempts to tamper with or shut down Symantec security software select one of the following options Block...

Страница 204: ...Managing Tamper Protection Changing Tamper Protection settings 204...

Страница 205: ...otection Small Business Edition firewall policy contains rules and protection settings most of which you can enable or disable and configure Table 15 1 describes ways in which you can manage your fire...

Страница 206: ...out firewall rules on page 212 See Setting up firewall rules on page 219 Create and customize firewall rules Regularly monitor the firewall protection status on your computers See Monitoring endpoint...

Страница 207: ...tion firewall The Symantec Endpoint Protection Small Business Edition firewall uses firewall policies and rules to allow or block network traffic The Symantec Endpoint Protection Small Business Editio...

Страница 208: ...lows all IP incoming traffic and outgoing traffic Low is the default security level Medium The Medium security level enforces the Low security level It also blocks TCP incoming traffic and UDP statefu...

Страница 209: ...ient on the computers that run Microsoft Vista the Rules list includes several default rules that block the Ethernet protocol type of IPv6 If you remove the default rules you must create a rule that b...

Страница 210: ...rewall security level on page 211 Adjust the firewall security level You can send users a notification that an application that they want to access is blocked These settings are disabled by default Se...

Страница 211: ...level you select how strictly you want to restrict network traffic The security levels are as follows The Low security level allows all IP incoming traffic and outgoing traffic Low is the default sec...

Страница 212: ...u need You can enable or disable rules as needed For example you might want to disable a rule to perform troubleshooting and enable it when you are done Table 15 4 describes what you need to know abou...

Страница 213: ...f the rules list The rules that are lower in the list might allow the traffic The Rules list contains a blue dividing line The dividing line sets the priority of rules when a subgroup inherits rules f...

Страница 214: ...initiate this outbound traffic you create a rule that permits the outbound traffic for these protocols Stateful inspection automatically permits the return traffic that responds to the outbound traff...

Страница 215: ...net Explorer would have no effect should the user use a different Web browser The traffic that the other Web browser generates would be compared against all other rules except the Internet Explorer ru...

Страница 216: ...access to an application is blocked 1 In the console open a Firewall policy 2 On the Firewall Policies page click Rules 3 Enable custom firewall protection 4 On the Notifications tab check the followi...

Страница 217: ...be the source The source and the destination relationship are more commonly used in network based firewalls Source and destination The local host is always the local client computer and the remote hos...

Страница 218: ...spect to the direction of traffic Figure 15 2 The relationship between local and remote hosts SEP client Symantec com HTTP Other client SEP client RDP Local Remote Remote Local Relationships are evalu...

Страница 219: ...work protocols that are significant in relation to the described network traffic When you define TCP based or UDP based service triggers you identify the ports on both sides of the described network c...

Страница 220: ...ness Edition client uses stateful inspection for TCP traffic Therefore it does not need a rule to filter the return traffic that the clients initiate When you create a new firewall rule it is automati...

Страница 221: ...u can copy and paste rules from the same policy or another policy To copy and paste firewall rules 1 In the console open a Firewall policy 2 In the Firewall Policy page click Rules 3 On the Rules tab...

Страница 222: ...ows Application When the application is the only trigger you define in an allow traffic rule the firewall allows the application to perform any network operation The application is the significant val...

Страница 223: ...ed 6 In the Application field define an application See Defining information about applications on page 215 7 In the Host field specify a host trigger See Blocking traffic to or from a specific server...

Страница 224: ...Do all of the following tasks In the Source and Destination or Local and Remote tables click Add In the Host dialog box select a host type from the Type drop down list and type the appropriate inform...

Страница 225: ...the rule for which you want to create a local subnet traffic condition 6 Under the type of hosts for which this rule applies Local or Remote click Add 7 Click the Address Type drop down list and selec...

Страница 226: ...r to browse for shared files and printers on the local network To prevent network based attacks you may not want to enable network file and printer sharing You enable network file and print sharing by...

Страница 227: ...ist type 88 135 139 445 To enable other computers to browse files on the client 7 Click OK 8 In the Service List dialog box click Add 9 In the Protocol dialog box in the Protocol drop down list click...

Страница 228: ...en a client blocks the traffic that comes from a particular IP address To set up notifications for firewall rule violations 1 In the console open a Firewall policy 2 On the Firewall Policy page click...

Страница 229: ...r IPS signatures Managing intrusion prevention on your client computers The default intrusion prevention settings protect client computers against a wide variety of threats You can change the default...

Страница 230: ...the Intrusion Prevention policy Network intrusion prevention Browser intrusion prevention See Enabling or disabling network intrusion prevention or browser intrusion prevention on page 233 You can als...

Страница 231: ...e it from blocking Allow some network signatures that Symantec blocks by default For example you might want to create exceptions to reduce false positives when benign network activity matches an attac...

Страница 232: ...data at the network layer It uses signatures to scan packets or streams of packets It scans each packet individually by looking for the patterns that correspond to network or browser attacks Intrusio...

Страница 233: ...evention signatures Browser signatures match patterns of attack on supported browsers such as script files that can crash the browser You cannot customize the action or log setting for browser signatu...

Страница 234: ...of Symantec browser signatures unlike network signatures browser signatures do not allow custom action and logging settings However you can create an exception for a browser signature so that clients...

Страница 235: ...r all network signatures the same click Select All 5 Click Next 6 In the Signature Action dialog box set the action to Block or Allow Note The Signature Action dialog only applies to network signature...

Страница 236: ...Managing intrusion prevention Creating exceptions for IPS signatures 236...

Страница 237: ...ceptions are items such as files or Web domains that you want to exclude from scans Symantec Endpoint Protection Small Business Edition automatically excludes some files from virus and spyware scans S...

Страница 238: ...Business Edition on page 238 Table 17 1 Scan exceptions and client type Exception Client Type File or folder exception Mac clients You can configure the following types of exceptions File Folder Known...

Страница 239: ...age 249 Create exceptions for scans By default users on client computers have limited configuration rights for exceptions You can restrict users further so that they cannot create exceptions for virus...

Страница 240: ...ters users cannot view the exceptions that you create A user can view only the exceptions that the user creates See Managing exceptions for Symantec Endpoint Protection Small Business Edition on page...

Страница 241: ...gnore Symantec Endpoint Protection Small Business Edition ignores the custom actions See Excluding known risks from virus and spyware scans on page 245 Security risk exceptions do not apply to SONAR E...

Страница 242: ...by specifying an Application to monitor exception Then you can create an Application exception to specify how scans handle the application The application exception is a SHA 2 hash based exception Leg...

Страница 243: ...wledge Base article See Excluding a trusted Web domain from scans on page 247 Exclude a Web domain from scans Supported on Windows clients TamperProtectionprotectsclientcomputersfrom the processes tha...

Страница 244: ...olute path and file name When you select a prefix the exception can be used on different Windows operating systems 4 In the File or Folder text box type the name of the file or folder If you select a...

Страница 245: ...box select one or more security risks that you want to exclude from virus and spyware scans 4 Check Logwhenthesecurityriskisdetected if you want to log the detection If you do not check this option th...

Страница 246: ...dialog in the Exceptions policy The detected application also appears in the relevant log and you can create an exception from the log See Creating exceptions for Symantec Endpoint Protection Small B...

Страница 247: ...Edition on page 240 To specify how Symantec Endpoint Protection Small Business Edition handles an application that scans detect or that users download 1 On the Exceptions Policy page click Exceptions...

Страница 248: ...pplication Then you can create an exception to allow the application to run See Creating exceptions for Symantec Endpoint Protection Small Business Edition on page 240 To create an exception for Tampe...

Страница 249: ...lient computers 1 On the Exceptions Policy page click Client Restrictions 2 Under ClientRestrictions uncheck any exception that you do not want users on client computers to configure 3 If you are fini...

Страница 250: ...onitors tab click the Logs tab 2 In the Logtype drop down list select the Risk log SONAR log or Application and Device Control log 3 Click View Log 4 Next to Time range select the time interval to fil...

Страница 251: ...er to connect to a proxy server to access the Internet Enabling and disabling LiveUpdate scheduling for client computers Configuring the LiveUpdate download schedule for client computers Managing cont...

Страница 252: ...f you restrict product updates from LiveUpdate on a Mac client you must provide them manually Mac clients cannot get updates from the management server Table 18 1 describes some of the important tasks...

Страница 253: ...ther product updates directly from a Symantec LiveUpdate server when they do not have access to the Symantec Endpoint Protection Manager server Enabling a computer to use LiveUpdate over the Internet...

Страница 254: ...hen Symantec Endpoint Protection Manager is nonresponsive for a long period of time Client computers can receive updates directlyfrom a SymantecLiveUpdateserver Note Mac client computers must use this...

Страница 255: ...s Frequency Select download start time window The retry interval determines how often the management server tries to connect to the LiveUpdate server The retry window determines how long the managemen...

Страница 256: ...Download LiveUpdate Content dialog box click Download See Managing content updates on page 251 Viewing LiveUpdate downloads You can list the recent downloads of LiveUpdate content To view LiveUpdate...

Страница 257: ...you want to connect a proxy server 3 Under Tasks click Edit the server properties 4 On the ProxyServer tab under HTTPProxySettings for Proxyusage select Use custom proxy settings 5 Type in the proxy s...

Страница 258: ...ction Small Business Edition clients run scheduled LiveUpdates from the Symantec LiveUpdate server only if both of the following conditions are met Virus and spyware definitions on a client computer a...

Страница 259: ...oads to Mac client computers 1 Click Policies and then click LiveUpdate 2 Right click the policy that you want and then click Edit 3 Under Mac Settings click Schedule 4 Specify the frequency If you se...

Страница 260: ...Configuring updates and updating client computer protection Configuring the LiveUpdate download schedule for client computers 260...

Страница 261: ...r a scheduled report Printing and saving a copy of a report Viewing logs Running commands on the client computer from the logs Monitoring endpoint protection Symantec Endpoint Protection Small Busines...

Страница 262: ...uters in your network and view the details for each computer See Viewing system protection on page 264 View the number of computers with up to date virus and spyware definitions See Viewing system pro...

Страница 263: ...ble and critical activities that concern your Symantec Endpoint Protection Manager and client computers The information in the event logs supplements the information is that is contained in the report...

Страница 264: ...lick Symantec Endpoint Protection Daily Status or Symantec Endpoint Protection Small Business Edition Weekly Status Viewing system protection System protection comprises the following information The...

Страница 265: ...tab from the Log type list box click Computer Status 3 Click Advanced Settings 4 In the Online status list box click Offline 5 Click View Log By default a list of the computers that have been offline...

Страница 266: ...2 On the Quick Reports tab specify the following information You select Risk Report type You select New Risks Detected in the Network Selected report 3 Click Create Report To view a comprehensive ris...

Страница 267: ...Reports tab specify the following information You select Network Threat Protection Report type You select Top Targets Attacked Select a report 3 Click Create Report To view top attack sources 1 In th...

Страница 268: ...lay options that are used for the logs and the reports as well as legacy log file uploading For information about the preference options that you can set you can click Help on each tab in the Preferen...

Страница 269: ...ee Printing and saving a copy of a report on page 275 Table 19 2 describes the types of reports that are available Table 19 2 Report types available as quick reports and scheduled reports Description...

Страница 270: ...port settings so that you can run the same report at a later date and you can print and save reports Quick reports are static they provide information specific to the time frame you specify for the re...

Страница 271: ...Set specific dates then use the Start date and End date list boxes These options set the time interval that you want to view information about When you generate a Computer Status report and select Se...

Страница 272: ...report list box and the screen is repopulated with the default configuration settings Note If you delete an administrator from the management server you have the option to save the reports that were...

Страница 273: ...nfigure as an mht file attachment The data that appears in the scheduled reports is updated in the database every hour At the time that the management server emails a scheduled report the data in the...

Страница 274: ...eport that you have already scheduled The next time the report runs it uses the new filter settings You can also create additional scheduled reports which you can base on a previously saved report fil...

Страница 275: ...ng database If you run the same report later based on the same filter configuration the new report shows different data To save a copy of a report 1 In the report window click Save 2 In the File Downl...

Страница 276: ...the Log type list box select the type of log that you want to view 3 For some types of logs a Log content list box appears If it appears select the log content that you want to view 4 In the Useasaved...

Страница 277: ...in reports Because reports are static and do not include as much detail as the logs you might prefer to monitor the network primarily by using logs You can view information about the created notifica...

Страница 278: ...k applications and configuring software No actions are associated with these logs Network Threat Protection The SONAR log contains information about the threats that have been detected during SONAR th...

Страница 279: ...lect a different time range and then reselect Past 24 hours To save a custom log by using a filter 1 In the main window click Monitors 2 On the Logs tab select the type of log view that you want to co...

Страница 280: ...view the status of the commands that you have run from the console and their details You can also cancel a specific scan from this tab if the scan is in progress You can cancel all scans in progress a...

Страница 281: ...if the server is down If the console has lost connectivity with the server you can log off the console and then log back on to see if that helps To view command status details 1 Click Monitors 2 On t...

Страница 282: ...ick Yes to cancel all in progress and queued scans for the selected computers 7 When a confirmation that the command was queued successfully appears click OK Monitoring protection with reports and log...

Страница 283: ...your environment but they may need to be adjusted Trial and error may be required to find the right balance between too many and too few notifications for your environment Set the threshold to an ini...

Страница 284: ...ators about important issues See Setting up administrator notifications on page 291 Configure new notifications Optionally create filters to expand or limit your view of all of the notifications that...

Страница 285: ...289 See About the preconfigured notifications on page 285 See Setting up administrator notifications on page 291 See Viewing and acknowledging notifications on page 289 About the preconfigured notifi...

Страница 286: ...occur Some of these occurrence types require that you also enable logging in the associated policy Client security alert Alerts administrators about out of date Download Protection content You can spe...

Страница 287: ...this condition This notification condition is enabled by default New software package This notification alerts administrators about security risk outbreaks You set the number and type of occurrences...

Страница 288: ...milarly the management server can send a notification to the administrator when it detects that licenses are over deployed However in both of these cases the resolution of the problem may require the...

Страница 289: ...otifications You can acknowledge an unacknowledged notification You can view all the notification conditions that are currently configured in the console The Security Status pane on the Home page indi...

Страница 290: ...all configured notification conditions 1 In the console click Monitors 2 On the Monitors page on the Notifications tab click NotificationConditions All the notification conditions that are configured...

Страница 291: ...ox click Yes Setting up administrator notifications You can configure notifications to alert you and other administrators when particular kinds of events occur You can also add the conditions that tri...

Страница 292: ...hen click a notification type 4 In the Add Notification Condition dialog box provide the following information In the Notification name text box type a name to label the notification condition In the...

Страница 293: ...ns setting is disabled for this notification condition Note When the Securitydefinitions setting in the Newclientsoftware notification condition is enabled it may cause a large number of notifications...

Страница 294: ...during the upgrade process Unlike the other default notification conditions both the Log the notification and the Sendemailtosystemadministrators action settings are enabled for this condition If a tr...

Страница 295: ...ts Configuring the access rights for a limited administrator Changing an administrator password Allowing administrators to save logon credentials Allowing administrators to reset forgotten passwords R...

Страница 296: ...ess rights for a limited administrator on page 299 Grant access rights You can allow the administrator to reset another administrator s forgotten password See Allowing administrators to reset forgotte...

Страница 297: ...s to specific policies Licenses The Limited Administrator role does not have access to license information including reports and notifications See Configuring the access rights for a limited administr...

Страница 298: ...vailable to limited administrators when you restrict access rights See Configuring the access rights for a limited administrator on page 299 Table 21 3 Types of access rights Description Type of acces...

Страница 299: ...imited administrator 1 In the console click Admin 2 On the Admin page click Administrators 3 Select the limited administrator You can also configure the access rights when you create a limited adminis...

Страница 300: ...must be six or more characters in length All characters are permitted 6 Click OK Allowing administrators to save logon credentials You can allow your administrators to save their credentials when they...

Страница 301: ...ators to reset forgotten passwords on page 300 Note A temporary password can be requested only once per minute from a single Symantec Endpoint Protection Manager console Note For security reasons entr...

Страница 302: ...to log on to Symantec Endpoint Protection Manager If the user name or password is something other than admin running resetpass bat changes the user name and password back to admin To reset the adminis...

Страница 303: ...Maintaining your security environment Chapter 22 Preparing for disaster recovery 3 Section...

Страница 304: ...304...

Страница 305: ...is collected while you installed Symantec Endpoint Protection Manager You then copy these files to another computer Table 22 1 High level steps to prepare for disaster recovery Description Action Step...

Страница 306: ...to a text file optional Step 3 Copy the backed up files to a computer in a secure location Copy the files you backed up in the previous steps to another computer Step 4 See Performing disaster recover...

Страница 307: ...uring and after the backup See Preparing for disaster recovery on page 305 To back up the database and logs 1 On the computer that runs Symantec Endpoint Protection Manager on the Start menu click All...

Страница 308: ...Preparing for disaster recovery Backing up the database and logs 308...

Страница 309: ...ubleshooting Symantec Endpoint Protection Chapter 23 Performing disaster recovery Chapter 24 Troubleshooting installation and communication problems Chapter 25 Troubleshooting reporting issues 4 Secti...

Страница 310: ...310...

Страница 311: ...ent in the event of hardware failure or database corruption Note This topic assumes that you have prepared for disaster recovery and have created backups and recovery files Table 23 1 Process for perf...

Страница 312: ...u used to back up the database You can restore the database on the same computer on which it was installed originally or on a different computer The database restore might take several minutes to comp...

Страница 313: ...tall the management server by using the product disc See Uninstalling Symantec Endpoint Protection Manager on page 48 See Installing the management server and the console on page 45 To reconfigure the...

Страница 314: ...Performing disaster recovery Reinstalling or reconfiguring Symantec Endpoint Protection Manager 314...

Страница 315: ...etween the management server and the console or the database Downloading the Symantec Endpoint Protection Support Tool to troubleshoot computer issues You can download a utility to diagnose common iss...

Страница 316: ...file is overwritten To identify the point of failure of an installation 1 In a text editor open the log file that the installation generated 2 To find failures search for the following entry Value 3...

Страница 317: ...the management server Test the connectivity between the client and the management server You should verify that there are no network problems by checking the following items Test the connectivity betw...

Страница 318: ...n the management server and the client on page 316 To check connection status data values in the client 1 On the client on the program panel click Help Troubleshooting 2 In the left column select Conn...

Страница 319: ...problems you can examine the Troubleshooting txt file The Troubleshooting txt file contains information about policies virus definitions and other client related data See Troubleshooting communication...

Страница 320: ...connectivity to the management server 1 On the client open a command prompt 2 Type the ping command For example ping name where name is the computer name of the management server You can use the serve...

Страница 321: ...ox logs on the management server 1 On the management server under HKEY_LOCAL_MACHINE SOFTWARE Symantec Symantec Endpoint Protection Small Business Edition SEPM set the DebugLevel value to 3 Typically...

Страница 322: ...ter 3 On the product disc locate the Tools NoSupport SylinkDrop folder and open SylinkDrop exe You can run the tool remotely or save it and then run it on the client computer If you use the tool on th...

Страница 323: ...ate for the management server s operating system If you cannot log in to the management server s remote console or if you see an out of memory message in the smc server log you may need to increase th...

Страница 324: ...tab in the User ID text box type dba 8 In the Password text box type the password for the database This password is the one that you entered for the database when you installed the management server 9...

Страница 325: ...rting database contains events in Greenwich Mean Time GMT When you create a report the GMT values are converted to the local time of the computer on which you view the reports If managed clients are i...

Страница 326: ...uters in your network Reports are based on log data not the Windows registry data Report pages and log pages always display in the language that the management server was installed with To display the...

Страница 327: ...porting you cannot access the on line context sensitive help To access context sensitive help when you use a non default port you must add a variable to the Reporter php file To change the port used t...

Страница 328: ...at and then close the file 5 Make sure that the font file you type is located in the WINDIR fonts directory Accessing reporting pages when the use of loopback addresses is disabled If you have disable...

Страница 329: ...System logs on the Symantec Endpoint Protection Manager console If corrupted you cannot view the data in the log on the client and the data does not upload to the console This condition can affect dat...

Страница 330: ...Troubleshooting reporting issues About recovering a corrupted client System Log on 64 bit computers 330...

Страница 331: ...and 12 1 clients Client protection features by platform Management features by platform Virus and Spyware Protection policy settings available for Windows and Mac LiveUpdate policy settings available...

Страница 332: ...reating security policies for the clients See About client deployment methods on page 75 Configuring feature sets for clients See About client deployment methods on page 75 Deploying clients to the cl...

Страница 333: ...ss Edition to 12 1 Small Business Edition From 12 1 Small Business Edition to 12 1 full version Note Symantec AntiVirus 9 x and 10 x server information can be imported during the installation of Syman...

Страница 334: ...A 2 Migration paths from Symantec AntiVirus for Mac to the Symantec Endpoint Protection Small Business Edition Mac client Supported Migrate to Migrate from Yes Managed Symantec EndpointProtectionforM...

Страница 335: ...nd Spyware Protection Virus and Spyware Protection Auto Protect Email Protection Email Scanner Auto Protect Email Protection POP3 SMTP Scanner Microsoft Outlook Scanner Proactive Threat Protection SON...

Страница 336: ...Scanner Auto Protect Email Protection POP3 SMTP Scanner Microsoft Outlook Scanner N A Network Threat Protection Firewall and Intrusion Prevention The following tables show how email settings are mappe...

Страница 337: ...o the legacy 12 0 64 bit client does not have a POP3 SMTP Scanner Email scanning is therefore not turned on automatically in the 12 1 64 bit client You can turn on this feature by sending a new policy...

Страница 338: ...that enables email scanning to the 64 bit clients Auto Protect Email Protection Microsoft Outlook Scanner Client protection features by platform Table A 9 explains the differences in the protection f...

Страница 339: ...nagement features by platform on page 339 See Virus and Spyware Protection policy settings available for Windows and Mac on page 340 See LiveUpdate policy settings available for Windows and Mac on pag...

Страница 340: ...updates for third party tools in management server No Yes Set randomized scans Yes Yes Set randomized updates You can run Intelligent Updater to get Mac content updates You can then push the updates t...

Страница 341: ...repair Terminate processes Stop services Specify remediation if a virus or a risk is found Custom only Active Full Custom Set scan type No Yes Retry scheduled scans No Yes Set scans to check additiona...

Страница 342: ...point Protection Manager disk space before upgrading to version 12 1 The Symantec Endpoint Protection Manager version 12 1 requires a minimum of 5 GB of available disk space Make sure that any legacy...

Страница 343: ...mantec Endpoint Protection Small Business Edition files See Symantec Technical Support knowledge base article TECH98416 for a list of temporary files you can remove Note Defragment the hard drive afte...

Страница 344: ...Migration and client deployment reference Increasing Symantec Endpoint Protection Manager disk space before upgrading to version 12 1 344...

Страница 345: ...g 215 searching for 215 assistive technology creating exceptions for 243 Auto Protect customizing for email scans 184 customizing for Mac computers 183 Auto Protect continued customizing for Windows c...

Страница 346: ...g communication with the database 323 console about 51 content how clients receive updates 253 managing updates 251 content continued viewing downloads to server 256 D database backing up 306 restorin...

Страница 347: ...services adding 225 pasting 221 processing order about 213 changing 213 setting up 219 full scans when to run 139 G global scan settings 188 group about 101 add 104 blocking 104 computer assignment 10...

Страница 348: ...321 computer status 278 deleting configuration settings 280 filtering 279 Network Threat Protection 278 logs continued past 24 hours filter 279 refreshing 276 Risk 278 deleting files from the Quarant...

Страница 349: ...ling 112 product components 37 protection enabling or disabling 111 updating 251 protocols adding to a rule 225 proxy required exceptions when using authentication 167 Symantec Endpoint Protection Man...

Страница 350: ...out detections 196 SONAR continued enabling or disabling 200 feature dependencies 170 managing 196 monitoring scan events 198 spyware 146 stateful inspection 214 status clients and computers 109 statu...

Страница 351: ...erties displaying 110 V virtual machine adjusting scans for 161 virtualization adjusting scans for 161 randomizing scans 187 Virus and Spyware Protection preventing attacks 130 Virus and Spyware Prote...

Отзывы:

Нет отзывов

Похожие инструкции для 20032623 - Endpoint Protection Small Business Edition

Бренд: Canon Страницы: 5

WJ-ND300 Administrator Console

Бренд: Panasonic Страницы: 27

ZENworks 7.2 Linux Management

Бренд: Novell Страницы: 10

Бренд: ICP Страницы: 16

Бренд: Native Instruments Страницы: 38

MELSOFT FR Configurator2

Бренд: Mitsubishi Electric Страницы: 230

Бренд: VESA Страницы: 18

ConferenceSuite

Бренд: Polycom Страницы: 2

Бренд: M-Audio Страницы: 88

Бренд: Adaptec Страницы: 133

Бренд: Focusrite Страницы: 16

Enterprise Manager

Бренд: Oracle Страницы: 38

Бренд: Oce Страницы: 22

131018 - StorView Snapshot - Mac

Бренд: LaCie Страницы: 214

Бренд: IBM Страницы: 516

Бренд: National Instruments Страницы: 455

SECURITY 5.5 - FOR MICROSOFT EXCHANGE SERVER...

Бренд: KAPERSKY Страницы: 185

Бренд: Tandem Страницы: 312

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды