Implementation Guide SEPSBE12.1

8/4/2019 Implementation Guide SEPSBE12.1

1/350

Symantec Endpoint

Protection Small BusinessEdition ImplementationGuide


2/350

SymantecEndpoint Protection Small Business EditionImplementation Guide

Thesoftwaredescribedin this book is furnishedundera license agreement andmaybe used

only in accordance with the terms of the agreement.

Documentation version 12.01.00.00

Legal Notice

Copyright 2011 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, Bloodhound, Confidence Online, Digital Immune System,

LiveUpdate, Norton, Sygate, and TruScan are trademarks or registered trademarks of

Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be

trademarks of their respective owners.

This Symantec product may contain third party software for which Symantec is required

to provide attribution to the third party (Third Party Programs). Some of the Third Party

Programs areavailableunderopen sourceor free software licenses.The License Agreement

accompanying the Software does not alter any rights or obligations you may have under

those opensourceor freesoftware licenses. Please seethe Third Party Legal NoticeAppendix

to this Documentation or TPIP ReadMe File accompanying this Symantec product for more

information on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use,

copying, distribution, and decompilation/reverse engineering. No part of this document

may be reproduced in any form by any means without prior written authorization of

Symantec Corporation and its licensors, if any.

THE DOCUMENTATIONIS PROVIDED"ASIS" ANDALL EXPRESS ORIMPLIED CONDITIONS,

REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,

ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO

BELEGALLYINVALID.SYMANTECCORPORATION SHALLNOT BELIABLE FORINCIDENTAL

OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,

PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED

IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

TheLicensedSoftwareand Documentation are deemedto be commercial computer software

as defined in FAR12.212 andsubjectto restricted rights as defined in FARSection 52.227-19"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in

Commercial Computer Software or Commercial Computer Software Documentation", as

applicable, and any successor regulations. Any use, modification, reproduction release,

performance,display or disclosure of theLicensedSoftwareandDocumentation by theU.S.

Government shall be solely in accordance with the terms of this Agreement.


3/350

Symantec Corporation

350 Ellis Street

Mountain View, CA 94043

http://www.symantec.com
http://www.symantec.com/http://www.symantec.com/


4/350

Technical Support

Symantec Technical Support maintains support centers globally. Technical

Supports primary role is to respond to specific queries about product features

andfunctionality. The Technical Support group also creates contentfor ouronline

Knowledge Base. The Technical Support group works collaboratively with the

other functional areas within Symantec to answer your questions in a timely

fashion. Forexample,theTechnicalSupportgroupworks with Product Engineering

andSymantec Security Response to provide alerting services andvirus definition

updates.

Symantecs support offerings include the following:

A range of support options that give you the flexibility to select the right

amount of service for any size organization Telephone and/or Web-based support that provides rapid response and

up-to-the-minute information

Upgrade assurance that delivers software upgrades

Global support purchased on a regional business hours or 24 hours a day, 7

days a week basis

Premium service offerings that include Account Management Services

For information about Symantecs support offerings, you can visit our Web site

at the following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreement

and the then-current enterprise technical support policy.

Contacting Technical Support

Customers with a current support agreement may access Technical Support

information at the following URL:


Before contacting Technical Support, make sure you have satisfied the systemrequirements that are listed in your product documentation. Also, you should be

at the computer onwhich the problem occurred, in case it is necessary to replicate

the problem.

When you contact Technical Support, please have the following information

available:

Product release level
http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/


5/350

Hardware information

Available memory, disk space, and NIC information

Operating system Version and patch level

Network topology

Router, gateway, and IP address information

Problem description:

Error messages and log files

Troubleshooting that was performed before contacting Symantec

Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registrationora license key, accessourtechnical

support Web page at the following URL:


Customer service

Customer service information is available at the following URL:


Customer Service is available to assist with non-technical questions, such as the

following types of issues:

Questions regarding product licensing or serialization

Product registration updates, such as address or name changes

General product information (features, language availability, local dealers)

Latest information about product updates and upgrades

Information about upgrade assurance and support contracts

Information about the Symantec Buying Programs

Advice about Symantec's technical support options

Nontechnical presales questions

Issues that are related to CD-ROMs, DVDs, or manuals
http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/


6/350

Support agreement resources

If you want to contact Symantec regarding an existing support agreement, please

contact the support agreement administration team for your region as follows:

[email protected] and Japan

[email protected], Middle-East, and Africa

[email protected] America and Latin America
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]


7/350

Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Chapter 1 Introducing Symantec Endpoint Protection SmallBusiness Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

About Symantec Endpoint Protection Small Business Edition .... . . . . . . . . . . . 17

What's new in version 12.1 ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

About the types of threat protection that Symantec EndpointProtection Small Business Edition provides ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Protecting your network with Symantec Endpoint Protection Small

Business Edition .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Gettingup andrunning on Symantec Endpoint Protection Small

Business Edition for the first time .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Managing protection on client computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Maintaining the security of your environment ... . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Troubleshooting Symantec Endpoint Protection Small Business

Edition .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Section 1 Installing Symantec Endpoint ProtectionSmall Business Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Chapter 2 Planning the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Planning the installation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Components of Symantec Endpoint Protection Small Business

Edition .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Product license requirements ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

System requirements ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

About Symantec Endpoint Protection Manager compatibility with

other products ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Chapter 3 Installing Symantec Endpoint ProtectionManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Installing the management server and the console ... . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Configuring the management server during installation .... . . . . . . . . . . . . . . . . . . 47

Contents


8/350

Acceptingtheself-signedcertificate forSymantecEndpointProtection

Manager ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Uninstalling Symantec Endpoint Protection Manager ... . . . . . . . . . . . . . . . . . . . . . . 48

Logging on to the Symantec Endpoint Protection Managerconsole ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

What you can do from the console ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Chapter 4 Managing product licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Licensing Symantec Endpoint Protection .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

About the trialware license ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Purchasing licenses ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Where to buy a Symantec product license ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Activating your product license ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Using the License Activation wizard .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Required licensing contact information .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

About upgrading from trialware ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

About product upgrades and licenses ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

About renewing your Symantec Endpoint Protection Small Business

Edition license ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

About the Symantec Licensing Portal ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Maintaining your product licenses ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Checking license status ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Downloading a license file ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Licensing enforcement rules ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Backing up your license files ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Recovering a deleted license ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Importing a license ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

About multi-year licenses ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Licensing an unmanaged client ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Chapter 5 Preparing for client installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Preparing for client installation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Preparing Windows operating systems for remote deployment ... . . . . . . . . . . 72

Chapter 6 Installing the Symantec Endpoint Protection SmallBusiness Edition client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

About client deployment methods ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Deploying clients using a Web link and email .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Deploying clients by using Remote Push .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Deploying clients by using Save Package .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Restarting client computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Contents8


9/350

About managed and unmanaged clients ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Installing an unmanaged client ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Uninstalling the client ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Chapter 7 Upgrading and migrating to Symantec EndpointProtection Small Business Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

About migrating to Symantec Endpoint Protection Small Business

Edition .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Migrating from Symantec Client Security or Symantec

AntiVirus ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

About migrating computer groups ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Migrating group settings and policy settings ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Upgrading to a new release ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Migrating a management server ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Stopping and starting the management server service ... . . . . . . . . . . . . . . . . . . . . . 91

Disabling LiveUpdate in Symantec AntiVirus before migration .... . . . . . . . . . 92

Disabling scheduled scans in Symantec System Center when you

migrate client computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Turning off the roaming service ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Uninstalling and deleting reporting servers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Unlocking server groups in Symantec System Center ... . . . . . . . . . . . . . . . . . . . . . . . 95

About upgrading client software ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Upgrading clients by using AutoUpgrade .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Section 2 Managing protection on SymantecEndpoint Protection Small BusinessEdition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Chapter 8 Managing groups of client computers . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Managing groups of computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

How you can structure groups ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Adding a group .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

Blocking clients from being added to groups ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104Viewing assigned computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Moving a client computer to another group .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Guidelines for managing portable computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Contents


10/350

Chapter 9 Managing clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Managing client computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

About the client protection status icons ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Viewing the protection status of clients and client computers ... . . . . . . . . . . 109

Viewing a client computer's properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

About enabling and disabling protection .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

About commands you can run on client computers ... . . . . . . . . . . . . . . . . . . . . . . . . 113

Running commands on the client computer from the console ... . . . . . . . . . . 114

Converting an unmanaged client to a managed client ... . . . . . . . . . . . . . . . . . . . . . 115

Chapter 10 Using policies to manage security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

The types of security policies ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Performing tasks that are common to all security policies ... . . . . . . . . . . . . . . . 119

Adding a policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Copying and pasting a policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Editing a policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Locking and unlocking policy settings ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Assigning a policy to a group .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Viewing assigned policies ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Testing a security policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Replacing a policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Exporting and importing policies ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Deleting a policy permanently ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

How the client computers get policy updates ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126Using the policy serial number to check client-server

communication .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Chapter 11 Managing Virus and Spyware Protection . . . . . . . . . . . . . . . . . . . . . 129

Preventing and handling virus and spyware attacks on client

computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Remediating risks on the computers in your network .... . . . . . . . . . . . . . . . . . . . . 132

Identifying the infected and at-risk computers ... . . . . . . . . . . . . . . . . . . . . . . . . 134

Checking the scan action and rescanning the identified

computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Managing scans on client computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

About the types of scans and real-time protection .... . . . . . . . . . . . . . . . . . . 139

About the types of Auto-Protect ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

About virus and security risks ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

About the files and folders that Symantec Endpoint Protection

excludes from virus and spyware scans ... . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Contents10


11/350

About submitting information about detections to Symantec

Security Response ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

About submissions throttling ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

About the default Virus and Spyware Protection policy scansettings ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

How Symantec Endpoint Protection Small Business Edition

handles detections of viruses and security risks ... . . . . . . . . . . . . . . . . 156

Setting up scheduled scans that run on Windows computers ... . . . . . . . . . . . 157

Setting up scheduled scans that run on Mac computers ... . . . . . . . . . . . . . . . . . . 159

Running on-demand scans on client computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

Adjusting scans to improve computer performance .... . . . . . . . . . . . . . . . . . . . . . . 161

Adjusting scans to increase protection on your client computers ... . . . . . . 163

Managing Download Insight detections ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

How Symantec Endpoint Protection Small Business Edition uses

reputation data to make decisions about files ... . . . . . . . . . . . . . . . . . . . . . . . . . 169HowSymantec Endpoint ProtectionSmall BusinessEdition protection

features work together ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Enabling or disabling client submissions to Symantec Security

Response ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Managing the Quarantine ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Using the Risk log to delete quarantined files on your client

computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Managing the virus and spyware notifications that appear on client

computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

Chapter 12 Customizing scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Customizing the virus and spyware scans that run on Windows

computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Customizing the virus and spyware scans that run on Mac

computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Customizing Auto-Protect for Windows clients ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

Customizing Auto-Protect for Mac clients ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

Customizing Auto-Protect for email scans on Windows

computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Customizing administrator-defined scans for clients that run onWindows computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Customizing administrator-defined scans forclients that runon Mac

computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Randomizing scans to improve computer performance in virtualized

environments ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Modifying global scan settings for Windows clients ... . . . . . . . . . . . . . . . . . . . . . . . 188

Customizing Download Insight settings ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Contents


12/350


13/350

Creating exceptions for IPS signatures ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Chapter 17 Managing exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

About exceptions to Symantec Endpoint Protection Small Business

Edition .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Managing exceptions for Symantec Endpoint Protection Small

Business Edition .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Creating exceptionsfor Symantec EndpointProtectionSmall Business

Edition .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

Excluding a file or a folder from scans ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Excluding known risks from virus and spyware scans ... . . . . . . . . . . . . . . . 245

Excluding file extensions from virus and spyware scans ... . . . . . . . . . . . 245

Forcing scans to detect an application .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

Specifying how Symantec Endpoint Protection Small BusinessEdition handles an application that scans detector that users

download .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

Excluding a trusted Web domain from scans ... . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

Creating a Tamper Protection exception .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Restricting the types of exceptions that users can configure on client

computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Creatingexceptions from logevents in Symantec Endpoint Protection

Manager ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Chapter 18 Configuring updates and updating client computerprotection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Managing content updates ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

How client computers receive content updates ... . . . . . . . . . . . . . . . . . . . . . . . . 253

Configuring the LiveUpdate download schedule for Symantec

Endpoint Protection Manager ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Downloading LiveUpdate content manually to Symantec Endpoint

Protection Manager ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

Viewing LiveUpdate downloads ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

Checking LiveUpdate server activity ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

Configuring Symantec Endpoint Protection Manager to connect to a

proxy server to access the Internet ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Enabling and disabling LiveUpdate scheduling for client

computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Configuring the LiveUpdate download schedule for client

computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Contents


14/350

Chapter 19 Monitoring protection with reports and logs . . . . . . . . . . . . . . . 261

Monitoring endpoint protection .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Viewing a daily or weekly status report ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

Viewing system protection .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

Finding offline computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

Finding unscanned computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

Viewing risks ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

Viewing client inventory ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

Viewing attack targets and sources ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

Configuring reporting preferences ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

About the types of reports ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

Running and customizing quick reports ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

Saving and deleting custom reports ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

Creating scheduled reports ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273Editing the filter used for a scheduled report ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

Printing and saving a copy of a report ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

Viewing logs ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

About logs ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277

Saving and deleting custom logs by using filters ... . . . . . . . . . . . . . . . . . . . . . . 279

Running commands on the client computer from the logs ... . . . . . . . . . . . . . . . 280

Chapter 20 Managing notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

Managing notifications ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

How notifications work .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284About the preconfigured notifications ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

About partner notifications ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Establishing communication between the management server and

email servers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Viewing and acknowledging notifications ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Saving and deleting administrative notification filters ... . . . . . . . . . . . . . . . . . . . 290

Setting up administrator notifications ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

How upgrades from another version affect notification

conditions ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

Chapter 21 Managing administrator accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

Managing administrator accounts ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

About administrator accounts ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

Adding an administrator account ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

About access rights ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

Configuring the access rights for a limited administrator ... . . . . . . . . . . . . . . . . 299

Changing an administrator password .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

Contents14


15/350

Allowing administrators to save logon credentials ... . . . . . . . . . . . . . . . . . . . . . . . . . 300

Allowing administrators to reset forgotten passwords ... . . . . . . . . . . . . . . . . . . . . 300

Resetting a forgotten password .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

Resetting the administrator user name and password to admin .... . . . . . . . 302

Section 3 Maintaining your securityenvironment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Chapter 22 Preparing for disaster recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

Preparing for disaster recovery ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

Backing up the database and logs ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

Section 4 Troubleshooting Symantec EndpointProtection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

Chapter 23 Performing disaster recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

Performing disaster recovery ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

Restoring the database ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

Reinstalling or reconfiguring Symantec Endpoint Protection

Manager ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

Chapter 24 Troubleshooting installation and communicationproblems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

Downloading the Symantec Endpoint Protection Support Tool to

troubleshoot computer issues ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

Identifying the point of failure of an installation .... . . . . . . . . . . . . . . . . . . . . . . . . . . 316

Troubleshootingcommunication problems betweenthe management

server and the client ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

Viewing the client connection status on the client ... . . . . . . . . . . . . . . . . . . . 318

How to determine whether the client is connected and

protected .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

Investigatingprotection problemsusing the troubleshooting file

on the client ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

Stopping and starting the Apache Web server ... . . . . . . . . . . . . . . . . . . . . . . . . . 320

Using the ping command to test the connectivity to the

management server ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320

Checking the debug log on the client computer ... . . . . . . . . . . . . . . . . . . . . . . . 320

Checking the inbox logs on the management server ... . . . . . . . . . . . . . . . . . 321

Contents


16/350

Recovering client communication settings by using the

SylinkDrop tool ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

Troubleshootingcommunication problems betweenthe management

server and the console or the database ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322Verifying the connection with the database ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323

Chapter 25 Troubleshooting reporting issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

Troubleshooting reporting issues ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

Troubleshooting context-sensitive help for the reporting

console ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

Changing reporting fonts to display Asian languages ... . . . . . . . . . . . . . . . . . . . . . 327

Accessing reporting pages when the use of loopback addresses is

disabled ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328

About recovering a corrupted client System Log on 64-bitcomputers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

Appendix A Migration and client deployment reference . . . . . . . . . . . . . . . . . 331

Where to go for information on upgrading and migrating .... . . . . . . . . . . . . . . 331

Supported server upgrade paths ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

Supported client upgrade paths ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

Migrations that are supported and unsupported for the Mac

client ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334

Feature mapping between 12.0 clients and 12.1 clients ... . . . . . . . . . . . . . . . . . . . 335

Client protection features by platform .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338Management features by platform .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

Virus and Spyware Protection policy settings available for Windows

and Mac .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340

LiveUpdate policy settings available for Windows and Mac .... . . . . . . . . . . . . 341

Increasing SymantecEndpointProtection Manager diskspace before

upgrading to version 12.1 ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 345

Contents16


17/350

Introducing SymantecEndpoint Protection Small

Business EditionThis chapter includes the following topics:

About Symantec Endpoint Protection Small Business Edition

What's new in version 12.1

About thetypes of threatprotection that SymantecEndpoint Protection Small

Business Edition provides

Protecting your network with Symantec Endpoint Protection Small Business

Edition

About Symantec Endpoint Protection Small BusinessEdition

Symantec Endpoint Protection Small Business Edition is a client-server solution

that protects laptops, desktops, Mac computers, and servers in your network

against malware. Symantec Endpoint Protection combines virus protection withadvanced threat protection to proactively secure your computers against known

and unknown threats.

Symantec Endpoint Protection protects against malware such as viruses, worms,

Trojan horses, spyware, and adware. It provides protection against even the most

sophisticated attacks that evade traditional security measures such as rootkits,

zero-day attacks, andspyware that mutates. Providinglowmaintenance andhigh

power, Symantec EndpointProtection Small BusinessEdition communicates over

1Chapter


18/350

your network to automatically safeguard computers against attacks for both

physical systems and virtual systems.

This comprehensive solution protects confidential and valuable information by

combining multiple layers of protection on a single integrated client. SymantecEndpoint Protection reduces management overhead, time, and cost by offering a

single management console and the single client.

See About the types of threat protection that Symantec Endpoint Protection

Small Business Edition provides on page 21.

What's new in version 12.1The current release includes the following improvements that make the product

easier and more efficient to use.Table 1-1 displays the new features in version 12.1.

Introducing Symantec Endpoint Protection Small Business EditionWhat's new in version 12.1

18


19/350

Table 1-1 New features in version 12.1

DescriptionFeature

The most significant improvements include the following policy features to provide betterprotection on the client computers.

TheVirusandSpywareProtection policydetects threats more accurately while it reduces

false positives and improves scan performance with the following technologies:

SONAR replaces theTruScan technology to identify maliciousbehavior of unknown

threats using heuristics and reputation data. While TruScan runs on a schedule,

SONAR runs at all times.

See Managing SONAR on page 196.

Auto-Protect provides additional protection withDownloadInsight,which examines

the files that users try to download through Web browsers, text messaging clients,

and other portals. Download Insight uses reputation information from Symantec

Insight to make decisions about files.

See Managing Download Insight detections on page 165.

See How Symantec Endpoint Protection Small Business Edition uses reputation

data to make decisions about files on page 169.

Insight lets scans skip Symantec and community trusted files, which improves scan

performance.

See Modifying global scan settings for Windows clients on page 188.

Insight Lookup detects the application files that might not typically be detected as

risks and sends information from the files to Symantec for evaluation. If Symantec

determines that theapplication files are risks, the client computer then handles the

files as risks. Insight Lookup makes malware detection faster and more accurate.

See Customizing administrator-defined scans for clients that run on Windows

computers on page 185.

The Firewall policy includes firewall rules to block IPv6-based traffic.

See Customizing firewall rules on page 221.

The IntrusionPrevention policy includes browser intrusionprevention, whichusesIPS

signatures to detect the attacks that are directed at browser vulnerabilities.

SeeEnablingor disabling network intrusion prevention or browser intrusionprevention

on page 233.

Better securityagainstmalware



20/350

Table 1-1 New features in version 12.1 (continued)

DescriptionFeature

SymantecEndpoint Protection Managerhelps youmanage theclient computers moreeasilywith the following new features:

Centralized licensing lets you purchase, activate, and manage product licenses from

the management console.

See Licensing Symantec Endpoint Protection on page 56.

The Symantec Endpoint Protection Manager logon screen enables you to have your

forgotten password emailed to you.

See Logging on to the Symantec Endpoint Protection Manager console on page 49.

The Monitors page includes a set of preconfigured email notifications that inform you

of the most frequently used events. The events include when new client software is

available, when a policychanges, license renewal messages,andwhen themanagement

server locates unprotected computers. The notifications are enabled by default and

support the BlackBerry, iPhone, and Android.

See About the preconfigured notifications on page 285.

Improved status reporting automatically resets the Still Infected Statusfor a client

computer once the computer is no longer infected.

Faster and moreflexible management

To increase the speed between the management server and the management console,

database, and the client computers:

Virus and spyware scans use Insight to let scans skip safe files and focus on files at risk.

Scans that use Insight are faster and more accurate, and reduce scan overhead by up to

70 percent.

See Modifying global scan settings for Windows clients on page 188.

See Customizing Auto-Protect for Windows clients on page 182.

See About commands you can run on client computerson page 183 on page 183.

See Adjusting scans to improve computer performance on page 161.

LiveUpdate can run when the client computer is idle, has outdated content, or has been

disconnected, which uses less memory.

Better server and

client performance

In Symantec Enterprise Protection SmallBusinessEdition, youcan nowdeploy andmanage

Mac clients on Symantec Endpoint Protection Manager for Symantec Endpoint Protection

Small Business Edition.

See Deploying clients using a Web link and email on page 76.

Support for Mac

clients


20


21/350

Table 1-1 New features in version 12.1 (continued)

DescriptionFeature

You caninstall the product fasterand easier than beforewith thefollowingnew installationfeatures:

You can upgrade to the current version of the product while the legacy clients stay

connected and protected.

A new quick report for deployment shows which computers have successfully installed

the client software.

See Running and customizing quick reports on page 270.

Improved installationprocess

Symantec Endpoint Protection Manager now supports the following additional operating

systems:

VMware Workstation 7.0 or later

VMware ESXi 4.0.x or later

VMware ESX 4.0.x or later

VMware Server 2.0.1

Citrix XenServer 5.1 or later

Symantec Endpoint Protection Manager now supports the following Web browsers:

Internet Explorer 7.0, 8.0, 9.0

Firefox 3.6, 4.0

See System requirements on page 41.

Support for additional

operating systems

About the types of threat protection that SymantecEndpoint Protection Small Business Edition provides

Symantec Endpoint Protection Small Business Edition uses state-of-the-art

protection to integrate multiple types of protection on each computer in your

network. It offers advanced defense against all types of attacks for both physical

systems and virtual systems. You need combinations of all the protection

technologies to fully protect and customize the security in your environment.

Symantec Endpoint Protection Small Business Edition combines traditional

scanning, behavioral analysis, intrusion prevention, and community intelligence

into a superior security system.

Table 1-2 describes the types of protection that the product provides and their

benefits.

Introducing Symantec Endpoint Protection Small Business EditionAbout the types of threat protection that Symantec Endpoint Protection Small Business Edition provides


22/350

Table 1-2 Layers of protection

BenefitDescriptionProtection

type

Virus and Spyware Protection detects new

threats earlier and more accurately using not

just signature-based and behavioral-based

solutions, but other technologies.

Symantec Insight provides faster and more

accurate malware detectionto detectthenew

and the unknown threats that other

approaches miss. Insight identifies new and

zero-day threats by using the collective

wisdom of over millions of systems in

hundreds of countries. Bloodhound uses heuristics to detect a high

percentage of known and unknown threats.

Auto-Protectscans files froma signaturelist

as they are read from or written to the client

computer.

Virus and Spyware Protection protects

computers from viruses and security risks, and

in many cases can repair their side effects. The

protection includes real-time scanning of files

and email as well as scheduled scans and

on-demand scans. Virus and spyware scans

detect viruses and the security risks that can

put a computer, as well as a network, at risk.

Security risks include spyware, adware, and

other malicious files.

See Managing scans on client computerson page 136.

Virus and

Spyware

Protection

The rules-based firewall engine shields

computers from malicious threats before

they appear.

The IPS scans network traffic and files for

indications of intrusions or attemptedintrusions.

Browser Intrusion Prevention scans for

attacks that are directed at browser

vulnerabilities.

Universal download protection monitors all

downloads from the browser and validates

that the downloads are not malware.

Network Threat Protection provides a firewall

and intrusion prevention protection to prevent

intrusion attacks and malicious content from

reaching the computer that runs the client

software.The firewall allows or blocks network traffic

based on the various criteria that the

administratorsets. If theadministratorpermits

it,end users canalso configurefirewallpolicies.

TheIntrusion Prevention System (IPS)analyzes

all the incoming and the outgoing information

for the data patterns that are typical of an

attack. It detects and blocks malicious traffic

and attempts by outside users to attack the

client computer. Intrusion Prevention also

monitors outbound traffic and prevents thespread of worms.

See Managing firewall protectiononpage 205.

See Managing intrusion prevention on your

client computers on page 229.

Network Threat

Protection


22


23/350

Table 1-2 Layers of protection (continued)

BenefitDescriptionProtection

type

SONAR examines programs as they run, and

identifies and stops malicious behavior of new

and previously unknown threats. SONAR uses

heuristics as well as reputation data to detect

emerging and unknown threats.

Proactive Threat Protection uses SONAR to

protect against zero-day attack vulnerabilities

in yournetwork.Zero-dayattack vulnerabilities

are the new vulnerabilities that are not yet

publicly known. Threats that exploit these

vulnerabilities can evade signature-based

detection, suchas spywaredefinitions.Zero-day

attacks may be used in targeted attacks and in

the propagation of malicious code. SONAR

provides real-time behavioral protection by

monitoring processes and threats as they

execute.

See Managing SONAR on page 196.

ProactiveThreat

Protection

The management server enforces each protection by using an associated policy

that is downloaded to the client.

Figure 1-1 shows the categories of threats that each type of protection blocks.



24/350

Figure 1-1 An overview of protection layers

Virus and Spyware Protection

Endpoint

Network Interface Card

Back doorsDoS attacksPort scansStack attacksTrojansWorms

Internet

Memory / peripherals

File system

Proactive Threat Protection

File/process/registrymodifications

Firewallpolicy

Intrusion

Prevention

policy

Application and

Device Control

policy

Company

Network

Virus and Spyware

Protection policy

(SONAR)

AdwareBack doorsMutating threatsSpywareTrojansWormsViruses

Insider threatsKeyloggersRetro virusesSpywareTargeted attacksTrojansWormsZero day threatsDNS and host

file changes

Network

Threat

Protection

Applicationvulnerabilities

Back doorsOS vulnerabilitiesTrojansWorms

Virus and Spyware

Protection policy

See Components of Symantec Endpoint Protection Small Business Edition

on page 37.


24


25/350

Protecting your network with Symantec EndpointProtection Small Business Edition

You protect the computers in your network by installing and managing the

Symantec Endpoint Protection Manager and the Symantec Endpoint Protection

Small Business Edition client.

Table 1-3 outlines the main high-level tasks that you need to do to use Symantec

Endpoint Protection Small Business Edition.

Table 1-3 Steps to set up, configure, and manage Symantec Endpoint

Protection Small Business Edition

DescriptionTask

Youcan installSymantecEndpoint Protection Managerand

the Symantec Endpoint Protection Small Business Edition

client and protect your network in a few easy steps.

See Getting up and running on Symantec Endpoint

Protection Small Business Edition for the first time

on page 26.

Setting up Symantec

Endpoint Protection Small

Business Edition

SymantecEndpoint Protection Managercomes withdefault

settings and policies so that your network is protected

immediatelyafter youinstall. Youcan modifythese settings

to suit your network environment.

See Managing protectionon client computers onpage29.

Managing Symantec


Business Edition

You might need to perform some ongoing maintenance to

keep your network environment running smoothly at peak

performance. For example, you must back up the database

in case you need to perform disaster recovery.

See Maintaining the security of your environment

on page 30.

Maintaining a secure

network environment

If you have problems installing or using the product,

Symantec EndpointProtectionManagerincludesresources

to help fix common issues, such as client-servercommunication and virus outbreaks.

See Troubleshooting Symantec EndpointProtectionSmall

Business Edition on page 31.

Troubleshooting Symantec


Business Edition

See Components of Symantec Endpoint Protection Small Business Edition

on page 37.

Introducing Symantec Endpoint Protection Small Business EditionProtecting your network with Symantec Endpoint Protection Small Business Edition


26/350

Getting up and running on Symantec Endpoint Protection SmallBusiness Edition for the first time

You should assess your security requirements and decide if the default settingsprovide the balance of performance and security you require. Some performance

enhancements can be made immediately after you install Symantec Endpoint

Protection Manager.

Table 1-4 lists the tasks you should perform to install and protect the computers

in your network immediately.

Table 1-4 Tasks to install and configure Symantec Endpoint Protection Small

Business Edition

DescriptionAction

Whether you install the product for the first time, upgrade from a previous version, or

migrate from another product, you install Symantec Endpoint Protection Manager first.

See Installing the management server and the console on page 45.

SeeAboutmigratingto Symantec Endpoint ProtectionSmallBusinessEditiononpage86.

Install or migrate the

management server

You can add the groups that contain computers based on the level of security or function

the computers perform. For example, you should put computers with a higher level of

security in one group, or a group of Mac computers in another group.

See How you can structure groups on page 103.

SeeAdding a group

on page 104.

See Guidelines for managing portable computers on page 105.

Create groups

Change the following default scan settings:

For the servers group, change the scheduled scan time to a time when most users are

offline.

See Setting up scheduled scans that run on Windows computers on page 157.

Modify the Virus and

Spyware Protection

policy

Purchase and activate a license within 30 days of product installation.

See Activating your product license on page 59.

Activate the product

license

Before you install the client software, perform the following tasks, if necessary:

Uninstall third-party virus protection software from your computers.

For more information on a tool to uninstall any competitive product automatically,

see the knowledge base article, SEPprep competitive product uninstall tool.

If youdeploy clientsoftware remotely, first modifythefirewall settings on your client

computers to allow communication between the computers and the management

server.

See Preparing for client installation on page 71.

Prepare computers forclient installation

(optional)


26
http://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=sepprephttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=sepprep


27/350


Business Edition (continued)

DescriptionAction

Deploy the client software.


Install the client

softwarewiththe Client

Deployment Wizard

In the management console, on the Computers > Computers page:

1 Change the view to Client status to make sure that the client computers in each

group communicate with the management server.

Look at the information in the following columns:

The Computer column displays a green dot for the clients that are connected to

the management server.

The Last Time Status Changed column displays the time that the client last

communicated with the management server.

The RestartRequiredcolumn displays which client computers youneed to restart

to enable protection.

See Restarting client computers on page 80.

The PolicySerialNumber column displays themostcurrentpolicy serialnumber.

The policy might not update for one to two heartbeats.

See Using the policy serial number to check client-server communication

on page 127.

2 Changeto theProtectiontechnology viewand ensure thatthefollowingprotections

are On: Antivirus status

Firewall status

See Viewing the protection status of clients and client computers on page 109.

3 On the client, check that the client is connected to a server, and check that the policy

serial number is the most current one.

See Viewing the client connection status on the client on page 318.

See Troubleshooting communication problems between the management server and the

client on page 316.

Check that the

computers are listed in

the groups that you

expected and that the

client communicates

with the management

server

Make sure that the content updates download to client computers at a time that affectsusers the least.

See Configuring the LiveUpdate download schedule for Symantec Endpoint Protection

Manager on page 255.

Check the LiveUpdateschedule and adjust if

necessary



28/350


Business Edition (continued)

DescriptionAction

Alerts and notifications are critical to maintaining a secure environment and can also

save you time.

See Managing notifications on page 283.

Configure Symantec

Endpoint Protection

Manager to send email

alerts

Createa notification for a Singleriskeventandmodify thenotification for RiskOutbreak.

For these notifications, do the following:

1 Change the Risk severity to Category 1 (Very Low and above) to avoid receiving

emails about tracking cookies.

2 Keep the Damper setting at Auto.See Setting up administrator notifications on page 291.

Configure notifications

for a single risk

outbreak and when a

new risk is detected

Table 1-5displays thetasks to perform after youinstall andconfiguretheproduct

to assess whether the client computers have the correct level of protection.

Table 1-5 Tasks to perform two weeks after you install

DescriptionAction

You can increase performance so that the client does not scan certain folders and files.

For example, the client scans the mail server every time a scheduled scan runs.

You can also exclude files by extension for Auto-Protect scans.

See Creating exceptions for Symantec Endpoint Protection Small Business Edition

on page 240.

See Customizing Auto-Protect for Windows clients on page 182.

See About commands you can run on client computerson page 183 on page 183.

Excludeapplicationsand

files frombeing scanned

Run the quick reports and scheduled reports to see whether the client computers have

the correct level of security.

See About the types of reports on page 268.

See Running and customizing quick reports on page 270.

See Creating scheduled reports on page 273.

Run a quick report and

scheduled report after

the scheduled scan

Review monitors, logs, and the status of client computers to make sure that you have the

correct level of protection for each group.

See Monitoring endpoint protection on page 261.

Check to ensure that

scheduled scans have

been successful and

clients operate as

expected


28


29/350

Managing protection on client computers

You use a single management console to manage the protection on the client

computers. Although the client computers are protected immediately, you might

need to modify the protection to suit your needs.

Table 1-6 outlines the tasks that you can perform if you need to adjust the default

settings.

Table 1-6 Modifying protection on the client computer

DescriptionTask

You apply protection to the client computers based on the group that you place a computer

in. The computers in each group have the same level of security.

You can import your company's existing group structure. You can also create new groups.

To determine whichgroups to add, firstconsider the structureof thenetwork. Or, if you create

a new group structure, you base your group structure on function, role, geography, or a

combinationof criteria. Forexample,consider thenumber of computers at thesite, or whether

the computers are the same type, such as Windows or Mac computers.

See Managing groups of computers on page 101.

See Managing client computers on page 107.

Organizing and

managing groups

Symantec Endpoint Protection Manager includes default policies for each type of protection.

The policies balance the need for protection with performance. Out of the box, the default

policies provide appropriate settings for large and small organizations. You may want to

adjust settings over time based on your company needs.

See The types of security policies on page 118.

See About the types of threat protection that Symantec Endpoint Protection Small Business

Edition provides on page 21.

See Managing scans on client computers on page 136.

See Managing firewall protection on page 205.

See Managing intrusion prevention on your client computers on page 229.

Modifying

protection

Security policies must be applied to a group before the clients apply the policies to the client

computer. You can create policies that all groups share or that apply to only one group.Symantec Endpoint Protection Manager makes it easy to add and modify policies for all the

security needs of your company.

See Performing tasks that are common to all security policies on page 119.

Managing policies



30/350

Table 1-6 Modifying protection on the client computer (continued)

DescriptionTask

Client computers need to receive periodic updates to protection content such as virusdefinitions, intrusion prevention signatures, and product software. You can configure the

method, type of content, and schedule that Symantec Endpoint Protection Small Business

Edition uses to download the content to the client computers.

See Managing content updates on page 251.

Scheduling andmanaging updates

You can configure the client to display different client features and protection features. How

you configure these features depends on how much control you want client computer users

in each group to have.

See Locking and unlocking policy settings on page 122.

Controlling user

access

Symantec recommends that youanalyze which computersneed which type of security. If youdidnotdeploytheclient installation package at thetimethat youinstalled Symantec Endpoint

Protection Manager, you can deploy the client software later.

You have the option to look for unprotected computers.



Managing clientdeployment

You use reports and logs to view the security status of the client computers. The reports and

logs help you to handlevirus outbreaks and to increase the security and performance of your

company's network.

Youcanalso configurenotifications to alert administrators andcomputer users about potentialsecurity problems.



Monitoring and

respondingto status

changes

You can add administrator accounts so that different administrators have different levels of

control over managing the groups, policies, commands, and reports in Symantec Endpoint

Protection Manager.

See Managing administrator accounts on page 295.

Managing

administrators

Maintaining the security of your environment

After you have secured your network, you might want to modify the protection

and infrastructure to increase security or increase performance.


30


31/350

Table 1-7 Tasks you can perform to maintain the security of your network

DescriptionTask

You should periodically check the Home page to view the overall security status of yournetwork. You canusethe notifications, reports, andlogs to provide thedetails on thesecurity

status.



Checking thesecurity status of

your network

You cancheck whether your license is about to expire or ifyouhavetoomanydeployedclients

for what your license covers.

See Maintaining your product licenses on page 64.

Maintaininglicenses

To help mitigate a case of data corruption or a hardware failure, you should back up the

database regularly and make a copy of specific management server files.

See Preparing for disaster recovery on page 305.

Preparing for

disaster recovery

You can update the settings for the mail server, proxy server, and LiveUpdate servers.

See Establishing communication between the management server and email servers

on page 289.

See Configuring Symantec Endpoint Protection Manager to connect to a proxy server to

access the Internet on page 257.

Reconfiguring

servers

Troubleshooting Symantec Endpoint Protection Small Business EditionTable 1-8 displays the most common issues that you might encounter when you

install and use Symantec Endpoint Protection Small Business Edition.

Table 1-8 Common issues you can troubleshoot

DescriptionTask

Youcan download andrun theSymantecEndpointProtection SmallBusiness EditionSupport

Tool to verify that your computers are ready for installation. The support tool is provided

with themanagement server andtheclient. It is also availableon theSymantec Support Web

site.

See Downloadingthe SymantecEndpointProtection Support Tool to troubleshoot computer

issues on page 315.

Fixing installation

problems



32/350

Table 1-8 Common issues you can troubleshoot (continued)

DescriptionTask

You can prevent threats from attacking computers on your network.

See Preventing and handling virus and spyware attacks on client computers on page 130.

See Remediating risks on the computers in your network on page 132.

If a threat does attack a client computer, you can identify and respond to the threat. See the

following knowledge base article:

Best practices for troubleshooting viruses on a network.

Handling virusoutbreaks

If the latest virus definitions do not update correctly on Symantec Endpoint Protection

Manager or the clients, see the following knowledge base article:

Symantec Endpoint Protection: LiveUpdate Troubleshooting.

Troubleshooting

content update

problems

Thecommunication channels between allof theSymantec Endpoint Protection Small Business

Edition componentsmust be open. These channels include, serverto client,serverto database,

and server and client to the content delivery component, such as LiveUpdate.


client on page 316.


console or the database on page 322.

See the following knowledge base article:

Troubleshooting Symantec Endpoint Protection Manager communication problems.

Fixing

communication

errors

In case of database corruption or hardware failure, you can restore thelatest snapshot of the

database if you have a database backup file.

See Performing disaster recovery on page 311.

Performing disaster

recovery

You can solve various report and log issues.

See Troubleshooting reporting issues on page 325.

Troubleshooting

reporting issues

Seetheknowledge base article,Top"Best Practices"Articlesfor SymantecEndpoint

Protection.


32
http://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=troubleshoot_virushttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=troubleshoot_luhttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=Troubleshooting_SPChttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=bp_article_navhttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=bp_article_navhttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=bp_article_navhttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=bp_article_navhttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=Troubleshooting_SPChttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=troubleshoot_luhttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=troubleshoot_virus


33/350

Installing Symantec Endpoint

Protection Small BusinessEdition

Chapter 2. Planning the installation

Chapter 3. Installing Symantec Endpoint Protection Manager

Chapter 4. Managing product licenses

Chapter 5. Preparing for client installation

Chapter 6. Installing the Symantec EndpointProtection Small Business Edition

client

Chapter 7. Upgrading and migrating to Symantec Endpoint Protection Small

Business Edition

1Section


34/350

34


35/350

Planning the installation

This chapter includes the following topics:

Planning the installation

Components of Symantec Endpoint Protection Small Business Edition

Product license requirements

System requirements

About Symantec Endpoint Protection Manager compatibility with other

products

Planning the installationTable 2-1summarizesthehigh-level steps to install Symantec Endpoint Protection

Small Business Edition.

Table 2-1 Installation planning

DescriptionActionStep

Understand thesizingrequirementsforyour network. In addition to identifying

the endpoints requiring protection, scheduling updates, and other variables

should be evaluated to ensure good network and database performance.

For information to help you plan medium to large-scale installations, see the

Symantec white paper,Sizing and ScalabilityRecommendations for Symantec

Endpoint Protection Small Business Edition.

Purchase a license within 30 days of product installation.

See Licensing Symantec Endpoint Protection on page 56.

See Product license requirements on page 39.

Plan network

architecture and review

and purchase a license

within 30 days ofproduct installation

Step 1

2Chapter
http://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=sep_ee_sizing&build=symantec_enthttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=sep_ee_sizing&build=symantec_enthttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=sep_ee_sizing&build=symantec_enthttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=sep_ee_sizing&build=symantec_ent


36/350

Table 2-1 Installation planning (continued)


Make sure your computers comply with the minimum system requirementsand that you understand the product licensing requirements.

See System requirements on page 41.

See Product license requirements on page 39.

Review systemrequirements

Step 2

Uninstall other virus protection software from your computers, make sure

system-level access is available, andopen firewalls to allow remote deployment.


SeePreparing Windows operating systems for remotedeploymentonpage72.

Prepare computers for

installation

Step 3

Remotely deploying the client requires that certain ports and protocols areopen andallowed between theSymantecEndpointProtection Manager andthe

endpoint computers.

Open ports and allowprotocols

Step 4

Identify the user names, passwords, email addresses, and other installation

settings. Have the information on hand during the installation.

Identify installation

settings

Step 5

Install Symantec Endpoint Protection Manager.

If the network that supports your business is small and located in one

geographiclocation, youneed to installonly oneSymantec Endpoint Protection

Manager. If your network is geographically dispersed, you may need to install

additional management servers for load balancing and bandwidthdistribution

purposes.

See Installing the management server and the console on page 45.

Install the management

server

Step 6

If youare running legacy Symantec protection, you usually migrate policy and

group settings from your older version.

See About migrating to Symantec Endpoint Protection Small Business Edition

on page 86.

Migrate Symanteclegacy

virus protectionsoftware

Step 7

Planning the installationPlanning the installation

36


37/350

Table 2-1 Installation planning (continued)


Prepare for client installation as follows:

Identify the computers on which to install the client software.

Identify themethodsto useto deploythe client software to your computers.

Uninstall third-party virus protection software from your computers.

Modifyor disable thefirewall settings on your endpoint computersto allow

communication between the endpoints and the Symantec Endpoint

Protection Manager.

Setup theconsolecomputergroups to match your organizational structure.


See Guidelines for managing portable computers on page 105.

Prepare computers forclient installation

Step 8

Install theSymantecEndpoint Protection Small BusinessEditionclient on your

endpoint computers.

Symantec recommends that you also install the client on the computer that

hosts Symantec Endpoint Protection Manager.


Install clientsStep 9

See Getting up andrunning on Symantec Endpoint Protection Small Business

Edition for the first time on page 26.

Post-installation tasksStep 10

SeeAbout the trialware license

on page 58.

Components of Symantec Endpoint Protection SmallBusiness Edition

Table 2-2 lists the product's components and describes their functions.

Planning the installationComponents of Symantec

Date post:	07-Apr-2018
Category:	Documents
Upload:	ssharma79
View:	217 times
Download:	0 times

Implementation Guide SEPSBE12.1

Documents