of 351
8/4/2019 Implementation Guide SEPSBE12.1
1/350
Symantec Endpoint
Protection Small BusinessEdition ImplementationGuide
8/4/2019 Implementation Guide SEPSBE12.1
2/350
SymantecEndpoint Protection Small Business EditionImplementation Guide
Thesoftwaredescribedin this book is furnishedundera license agreement andmaybe used
only in accordance with the terms of the agreement.
Documentation version 12.01.00.00
Legal Notice
Copyright 2011 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, Bloodhound, Confidence Online, Digital Immune System,
LiveUpdate, Norton, Sygate, and TruScan are trademarks or registered trademarks of
Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be
trademarks of their respective owners.
This Symantec product may contain third party software for which Symantec is required
to provide attribution to the third party (Third Party Programs). Some of the Third Party
Programs areavailableunderopen sourceor free software licenses.The License Agreement
accompanying the Software does not alter any rights or obligations you may have under
those opensourceor freesoftware licenses. Please seethe Third Party Legal NoticeAppendix
to this Documentation or TPIP ReadMe File accompanying this Symantec product for more
information on the Third Party Programs.
The product described in this document is distributed under licenses restricting its use,
copying, distribution, and decompilation/reverse engineering. No part of this document
may be reproduced in any form by any means without prior written authorization of
Symantec Corporation and its licensors, if any.
THE DOCUMENTATIONIS PROVIDED"ASIS" ANDALL EXPRESS ORIMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,
ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO
BELEGALLYINVALID.SYMANTECCORPORATION SHALLNOT BELIABLE FORINCIDENTAL
OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,
PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED
IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
TheLicensedSoftwareand Documentation are deemedto be commercial computer software
as defined in FAR12.212 andsubjectto restricted rights as defined in FARSection 52.227-19"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in
Commercial Computer Software or Commercial Computer Software Documentation", as
applicable, and any successor regulations. Any use, modification, reproduction release,
performance,display or disclosure of theLicensedSoftwareandDocumentation by theU.S.
Government shall be solely in accordance with the terms of this Agreement.
8/4/2019 Implementation Guide SEPSBE12.1
3/350
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
http://www.symantec.com/http://www.symantec.com/8/4/2019 Implementation Guide SEPSBE12.1
4/350
Technical Support
Symantec Technical Support maintains support centers globally. Technical
Supports primary role is to respond to specific queries about product features
andfunctionality. The Technical Support group also creates contentfor ouronline
Knowledge Base. The Technical Support group works collaboratively with the
other functional areas within Symantec to answer your questions in a timely
fashion. Forexample,theTechnicalSupportgroupworks with Product Engineering
andSymantec Security Response to provide alerting services andvirus definition
updates.
Symantecs support offerings include the following:
A range of support options that give you the flexibility to select the right
amount of service for any size organization Telephone and/or Web-based support that provides rapid response and
up-to-the-minute information
Upgrade assurance that delivers software upgrades
Global support purchased on a regional business hours or 24 hours a day, 7
days a week basis
Premium service offerings that include Account Management Services
For information about Symantecs support offerings, you can visit our Web site
at the following URL:
www.symantec.com/business/support/
All support services will be delivered in accordance with your support agreement
and the then-current enterprise technical support policy.
Contacting Technical Support
Customers with a current support agreement may access Technical Support
information at the following URL:
www.symantec.com/business/support/
Before contacting Technical Support, make sure you have satisfied the systemrequirements that are listed in your product documentation. Also, you should be
at the computer onwhich the problem occurred, in case it is necessary to replicate
the problem.
When you contact Technical Support, please have the following information
available:
Product release level
http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/8/4/2019 Implementation Guide SEPSBE12.1
5/350
Hardware information
Available memory, disk space, and NIC information
Operating system Version and patch level
Network topology
Router, gateway, and IP address information
Problem description:
Error messages and log files
Troubleshooting that was performed before contacting Symantec
Recent software configuration changes and network changes
Licensing and registration
If your Symantec product requires registrationora license key, accessourtechnical
support Web page at the following URL:
www.symantec.com/business/support/
Customer service
Customer service information is available at the following URL:
www.symantec.com/business/support/
Customer Service is available to assist with non-technical questions, such as the
following types of issues:
Questions regarding product licensing or serialization
Product registration updates, such as address or name changes
General product information (features, language availability, local dealers)
Latest information about product updates and upgrades
Information about upgrade assurance and support contracts
Information about the Symantec Buying Programs
Advice about Symantec's technical support options
Nontechnical presales questions
Issues that are related to CD-ROMs, DVDs, or manuals
http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/http://www.symantec.com/business/support/8/4/2019 Implementation Guide SEPSBE12.1
6/350
Support agreement resources
If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:
[email protected] and Japan
[email protected], Middle-East, and Africa
[email protected] America and Latin America
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]8/4/2019 Implementation Guide SEPSBE12.1
7/350
Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Chapter 1 Introducing Symantec Endpoint Protection SmallBusiness Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
About Symantec Endpoint Protection Small Business Edition .... . . . . . . . . . . . 17
What's new in version 12.1 ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
About the types of threat protection that Symantec EndpointProtection Small Business Edition provides ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Protecting your network with Symantec Endpoint Protection Small
Business Edition .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Gettingup andrunning on Symantec Endpoint Protection Small
Business Edition for the first time .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Managing protection on client computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Maintaining the security of your environment ... . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Troubleshooting Symantec Endpoint Protection Small Business
Edition .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Section 1 Installing Symantec Endpoint ProtectionSmall Business Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Chapter 2 Planning the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Planning the installation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Components of Symantec Endpoint Protection Small Business
Edition .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Product license requirements ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
System requirements ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
About Symantec Endpoint Protection Manager compatibility with
other products ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Chapter 3 Installing Symantec Endpoint ProtectionManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Installing the management server and the console ... . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Configuring the management server during installation .... . . . . . . . . . . . . . . . . . . 47
Contents
8/4/2019 Implementation Guide SEPSBE12.1
8/350
Acceptingtheself-signedcertificate forSymantecEndpointProtection
Manager ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Uninstalling Symantec Endpoint Protection Manager ... . . . . . . . . . . . . . . . . . . . . . . 48
Logging on to the Symantec Endpoint Protection Managerconsole ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
What you can do from the console ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Chapter 4 Managing product licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Licensing Symantec Endpoint Protection .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
About the trialware license ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Purchasing licenses ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Where to buy a Symantec product license ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Activating your product license ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Using the License Activation wizard .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Required licensing contact information .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
About upgrading from trialware ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
About product upgrades and licenses ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
About renewing your Symantec Endpoint Protection Small Business
Edition license ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
About the Symantec Licensing Portal ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Maintaining your product licenses ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Checking license status ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Downloading a license file ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Licensing enforcement rules ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Backing up your license files ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Recovering a deleted license ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Importing a license ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
About multi-year licenses ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Licensing an unmanaged client ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Chapter 5 Preparing for client installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Preparing for client installation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Preparing Windows operating systems for remote deployment ... . . . . . . . . . . 72
Chapter 6 Installing the Symantec Endpoint Protection SmallBusiness Edition client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
About client deployment methods ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Deploying clients using a Web link and email .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Deploying clients by using Remote Push .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Deploying clients by using Save Package .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Restarting client computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Contents8
8/4/2019 Implementation Guide SEPSBE12.1
9/350
About managed and unmanaged clients ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Installing an unmanaged client ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Uninstalling the client ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Chapter 7 Upgrading and migrating to Symantec EndpointProtection Small Business Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
About migrating to Symantec Endpoint Protection Small Business
Edition .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Migrating from Symantec Client Security or Symantec
AntiVirus ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
About migrating computer groups ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Migrating group settings and policy settings ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Upgrading to a new release ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Migrating a management server ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Stopping and starting the management server service ... . . . . . . . . . . . . . . . . . . . . . 91
Disabling LiveUpdate in Symantec AntiVirus before migration .... . . . . . . . . . 92
Disabling scheduled scans in Symantec System Center when you
migrate client computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Turning off the roaming service ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Uninstalling and deleting reporting servers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Unlocking server groups in Symantec System Center ... . . . . . . . . . . . . . . . . . . . . . . . 95
About upgrading client software ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Upgrading clients by using AutoUpgrade .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Section 2 Managing protection on SymantecEndpoint Protection Small BusinessEdition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Chapter 8 Managing groups of client computers . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Managing groups of computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
How you can structure groups ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Adding a group .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Blocking clients from being added to groups ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104Viewing assigned computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Moving a client computer to another group .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Guidelines for managing portable computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Contents
8/4/2019 Implementation Guide SEPSBE12.1
10/350
Chapter 9 Managing clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Managing client computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
About the client protection status icons ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Viewing the protection status of clients and client computers ... . . . . . . . . . . 109
Viewing a client computer's properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
About enabling and disabling protection .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
About commands you can run on client computers ... . . . . . . . . . . . . . . . . . . . . . . . . 113
Running commands on the client computer from the console ... . . . . . . . . . . 114
Converting an unmanaged client to a managed client ... . . . . . . . . . . . . . . . . . . . . . 115
Chapter 10 Using policies to manage security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
The types of security policies ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Performing tasks that are common to all security policies ... . . . . . . . . . . . . . . . 119
Adding a policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Copying and pasting a policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Editing a policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Locking and unlocking policy settings ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Assigning a policy to a group .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Viewing assigned policies ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Testing a security policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Replacing a policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Exporting and importing policies ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Deleting a policy permanently ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
How the client computers get policy updates ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126Using the policy serial number to check client-server
communication .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Chapter 11 Managing Virus and Spyware Protection . . . . . . . . . . . . . . . . . . . . . 129
Preventing and handling virus and spyware attacks on client
computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Remediating risks on the computers in your network .... . . . . . . . . . . . . . . . . . . . . 132
Identifying the infected and at-risk computers ... . . . . . . . . . . . . . . . . . . . . . . . . 134
Checking the scan action and rescanning the identified
computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Managing scans on client computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
About the types of scans and real-time protection .... . . . . . . . . . . . . . . . . . . 139
About the types of Auto-Protect ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
About virus and security risks ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
About the files and folders that Symantec Endpoint Protection
excludes from virus and spyware scans ... . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Contents10
8/4/2019 Implementation Guide SEPSBE12.1
11/350
About submitting information about detections to Symantec
Security Response ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
About submissions throttling ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
About the default Virus and Spyware Protection policy scansettings ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
How Symantec Endpoint Protection Small Business Edition
handles detections of viruses and security risks ... . . . . . . . . . . . . . . . . 156
Setting up scheduled scans that run on Windows computers ... . . . . . . . . . . . 157
Setting up scheduled scans that run on Mac computers ... . . . . . . . . . . . . . . . . . . 159
Running on-demand scans on client computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Adjusting scans to improve computer performance .... . . . . . . . . . . . . . . . . . . . . . . 161
Adjusting scans to increase protection on your client computers ... . . . . . . 163
Managing Download Insight detections ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
How Symantec Endpoint Protection Small Business Edition uses
reputation data to make decisions about files ... . . . . . . . . . . . . . . . . . . . . . . . . . 169HowSymantec Endpoint ProtectionSmall BusinessEdition protection
features work together ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Enabling or disabling client submissions to Symantec Security
Response ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Managing the Quarantine ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Using the Risk log to delete quarantined files on your client
computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Managing the virus and spyware notifications that appear on client
computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Chapter 12 Customizing scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Customizing the virus and spyware scans that run on Windows
computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Customizing the virus and spyware scans that run on Mac
computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Customizing Auto-Protect for Windows clients ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Customizing Auto-Protect for Mac clients ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Customizing Auto-Protect for email scans on Windows
computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Customizing administrator-defined scans for clients that run onWindows computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Customizing administrator-defined scans forclients that runon Mac
computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Randomizing scans to improve computer performance in virtualized
environments ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Modifying global scan settings for Windows clients ... . . . . . . . . . . . . . . . . . . . . . . . 188
Customizing Download Insight settings ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Contents
8/4/2019 Implementation Guide SEPSBE12.1
12/350
8/4/2019 Implementation Guide SEPSBE12.1
13/350
Creating exceptions for IPS signatures ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Chapter 17 Managing exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
About exceptions to Symantec Endpoint Protection Small Business
Edition .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Managing exceptions for Symantec Endpoint Protection Small
Business Edition .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Creating exceptionsfor Symantec EndpointProtectionSmall Business
Edition .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Excluding a file or a folder from scans ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Excluding known risks from virus and spyware scans ... . . . . . . . . . . . . . . . 245
Excluding file extensions from virus and spyware scans ... . . . . . . . . . . . 245
Forcing scans to detect an application .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Specifying how Symantec Endpoint Protection Small BusinessEdition handles an application that scans detector that users
download .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Excluding a trusted Web domain from scans ... . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Creating a Tamper Protection exception .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Restricting the types of exceptions that users can configure on client
computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Creatingexceptions from logevents in Symantec Endpoint Protection
Manager ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Chapter 18 Configuring updates and updating client computerprotection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Managing content updates ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
How client computers receive content updates ... . . . . . . . . . . . . . . . . . . . . . . . . 253
Configuring the LiveUpdate download schedule for Symantec
Endpoint Protection Manager ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Downloading LiveUpdate content manually to Symantec Endpoint
Protection Manager ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Viewing LiveUpdate downloads ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Checking LiveUpdate server activity ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Configuring Symantec Endpoint Protection Manager to connect to a
proxy server to access the Internet ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Enabling and disabling LiveUpdate scheduling for client
computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Configuring the LiveUpdate download schedule for client
computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Contents
8/4/2019 Implementation Guide SEPSBE12.1
14/350
Chapter 19 Monitoring protection with reports and logs . . . . . . . . . . . . . . . 261
Monitoring endpoint protection .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Viewing a daily or weekly status report ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Viewing system protection .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Finding offline computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Finding unscanned computers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Viewing risks ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Viewing client inventory ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Viewing attack targets and sources ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Configuring reporting preferences ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
About the types of reports ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Running and customizing quick reports ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Saving and deleting custom reports ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Creating scheduled reports ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273Editing the filter used for a scheduled report ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Printing and saving a copy of a report ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Viewing logs ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
About logs ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Saving and deleting custom logs by using filters ... . . . . . . . . . . . . . . . . . . . . . . 279
Running commands on the client computer from the logs ... . . . . . . . . . . . . . . . 280
Chapter 20 Managing notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Managing notifications ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
How notifications work .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284About the preconfigured notifications ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
About partner notifications ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Establishing communication between the management server and
email servers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Viewing and acknowledging notifications ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Saving and deleting administrative notification filters ... . . . . . . . . . . . . . . . . . . . 290
Setting up administrator notifications ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
How upgrades from another version affect notification
conditions ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Chapter 21 Managing administrator accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Managing administrator accounts ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
About administrator accounts ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Adding an administrator account ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
About access rights ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Configuring the access rights for a limited administrator ... . . . . . . . . . . . . . . . . 299
Changing an administrator password .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Contents14
8/4/2019 Implementation Guide SEPSBE12.1
15/350
Allowing administrators to save logon credentials ... . . . . . . . . . . . . . . . . . . . . . . . . . 300
Allowing administrators to reset forgotten passwords ... . . . . . . . . . . . . . . . . . . . . 300
Resetting a forgotten password .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Resetting the administrator user name and password to admin .... . . . . . . . 302
Section 3 Maintaining your securityenvironment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Chapter 22 Preparing for disaster recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Preparing for disaster recovery ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Backing up the database and logs ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Section 4 Troubleshooting Symantec EndpointProtection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Chapter 23 Performing disaster recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Performing disaster recovery ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Restoring the database ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Reinstalling or reconfiguring Symantec Endpoint Protection
Manager ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Chapter 24 Troubleshooting installation and communicationproblems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Downloading the Symantec Endpoint Protection Support Tool to
troubleshoot computer issues ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Identifying the point of failure of an installation .... . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Troubleshootingcommunication problems betweenthe management
server and the client ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Viewing the client connection status on the client ... . . . . . . . . . . . . . . . . . . . 318
How to determine whether the client is connected and
protected .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
Investigatingprotection problemsusing the troubleshooting file
on the client ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Stopping and starting the Apache Web server ... . . . . . . . . . . . . . . . . . . . . . . . . . 320
Using the ping command to test the connectivity to the
management server ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Checking the debug log on the client computer ... . . . . . . . . . . . . . . . . . . . . . . . 320
Checking the inbox logs on the management server ... . . . . . . . . . . . . . . . . . 321
Contents
8/4/2019 Implementation Guide SEPSBE12.1
16/350
Recovering client communication settings by using the
SylinkDrop tool ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Troubleshootingcommunication problems betweenthe management
server and the console or the database ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322Verifying the connection with the database ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Chapter 25 Troubleshooting reporting issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Troubleshooting reporting issues ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Troubleshooting context-sensitive help for the reporting
console ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Changing reporting fonts to display Asian languages ... . . . . . . . . . . . . . . . . . . . . . 327
Accessing reporting pages when the use of loopback addresses is
disabled ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
About recovering a corrupted client System Log on 64-bitcomputers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Appendix A Migration and client deployment reference . . . . . . . . . . . . . . . . . 331
Where to go for information on upgrading and migrating .... . . . . . . . . . . . . . . 331
Supported server upgrade paths ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Supported client upgrade paths ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Migrations that are supported and unsupported for the Mac
client ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
Feature mapping between 12.0 clients and 12.1 clients ... . . . . . . . . . . . . . . . . . . . 335
Client protection features by platform .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338Management features by platform .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Virus and Spyware Protection policy settings available for Windows
and Mac .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
LiveUpdate policy settings available for Windows and Mac .... . . . . . . . . . . . . 341
Increasing SymantecEndpointProtection Manager diskspace before
upgrading to version 12.1 ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 345
Contents16
8/4/2019 Implementation Guide SEPSBE12.1
17/350
Introducing SymantecEndpoint Protection Small
Business EditionThis chapter includes the following topics:
About Symantec Endpoint Protection Small Business Edition
What's new in version 12.1
About thetypes of threatprotection that SymantecEndpoint Protection Small
Business Edition provides
Protecting your network with Symantec Endpoint Protection Small Business
Edition
About Symantec Endpoint Protection Small BusinessEdition
Symantec Endpoint Protection Small Business Edition is a client-server solution
that protects laptops, desktops, Mac computers, and servers in your network
against malware. Symantec Endpoint Protection combines virus protection withadvanced threat protection to proactively secure your computers against known
and unknown threats.
Symantec Endpoint Protection protects against malware such as viruses, worms,
Trojan horses, spyware, and adware. It provides protection against even the most
sophisticated attacks that evade traditional security measures such as rootkits,
zero-day attacks, andspyware that mutates. Providinglowmaintenance andhigh
power, Symantec EndpointProtection Small BusinessEdition communicates over
1Chapter
8/4/2019 Implementation Guide SEPSBE12.1
18/350
your network to automatically safeguard computers against attacks for both
physical systems and virtual systems.
This comprehensive solution protects confidential and valuable information by
combining multiple layers of protection on a single integrated client. SymantecEndpoint Protection reduces management overhead, time, and cost by offering a
single management console and the single client.
See About the types of threat protection that Symantec Endpoint Protection
Small Business Edition provides on page 21.
What's new in version 12.1The current release includes the following improvements that make the product
easier and more efficient to use.Table 1-1 displays the new features in version 12.1.
Introducing Symantec Endpoint Protection Small Business EditionWhat's new in version 12.1
18
8/4/2019 Implementation Guide SEPSBE12.1
19/350
Table 1-1 New features in version 12.1
DescriptionFeature
The most significant improvements include the following policy features to provide betterprotection on the client computers.
TheVirusandSpywareProtection policydetects threats more accurately while it reduces
false positives and improves scan performance with the following technologies:
SONAR replaces theTruScan technology to identify maliciousbehavior of unknown
threats using heuristics and reputation data. While TruScan runs on a schedule,
SONAR runs at all times.
See Managing SONAR on page 196.
Auto-Protect provides additional protection withDownloadInsight,which examines
the files that users try to download through Web browsers, text messaging clients,
and other portals. Download Insight uses reputation information from Symantec
Insight to make decisions about files.
See Managing Download Insight detections on page 165.
See How Symantec Endpoint Protection Small Business Edition uses reputation
data to make decisions about files on page 169.
Insight lets scans skip Symantec and community trusted files, which improves scan
performance.
See Modifying global scan settings for Windows clients on page 188.
Insight Lookup detects the application files that might not typically be detected as
risks and sends information from the files to Symantec for evaluation. If Symantec
determines that theapplication files are risks, the client computer then handles the
files as risks. Insight Lookup makes malware detection faster and more accurate.
See Customizing administrator-defined scans for clients that run on Windows
computers on page 185.
The Firewall policy includes firewall rules to block IPv6-based traffic.
See Customizing firewall rules on page 221.
The IntrusionPrevention policy includes browser intrusionprevention, whichusesIPS
signatures to detect the attacks that are directed at browser vulnerabilities.
SeeEnablingor disabling network intrusion prevention or browser intrusionprevention
on page 233.
Better securityagainstmalware
Introducing Symantec Endpoint Protection Small Business EditionWhat's new in version 12.1
8/4/2019 Implementation Guide SEPSBE12.1
20/350
Table 1-1 New features in version 12.1 (continued)
DescriptionFeature
SymantecEndpoint Protection Managerhelps youmanage theclient computers moreeasilywith the following new features:
Centralized licensing lets you purchase, activate, and manage product licenses from
the management console.
See Licensing Symantec Endpoint Protection on page 56.
The Symantec Endpoint Protection Manager logon screen enables you to have your
forgotten password emailed to you.
See Logging on to the Symantec Endpoint Protection Manager console on page 49.
The Monitors page includes a set of preconfigured email notifications that inform you
of the most frequently used events. The events include when new client software is
available, when a policychanges, license renewal messages,andwhen themanagement
server locates unprotected computers. The notifications are enabled by default and
support the BlackBerry, iPhone, and Android.
See About the preconfigured notifications on page 285.
Improved status reporting automatically resets the Still Infected Statusfor a client
computer once the computer is no longer infected.
Faster and moreflexible management
To increase the speed between the management server and the management console,
database, and the client computers:
Virus and spyware scans use Insight to let scans skip safe files and focus on files at risk.
Scans that use Insight are faster and more accurate, and reduce scan overhead by up to
70 percent.
See Modifying global scan settings for Windows clients on page 188.
See Customizing Auto-Protect for Windows clients on page 182.
See About commands you can run on client computerson page 183 on page 183.
See Adjusting scans to improve computer performance on page 161.
LiveUpdate can run when the client computer is idle, has outdated content, or has been
disconnected, which uses less memory.
Better server and
client performance
In Symantec Enterprise Protection SmallBusinessEdition, youcan nowdeploy andmanage
Mac clients on Symantec Endpoint Protection Manager for Symantec Endpoint Protection
Small Business Edition.
See Deploying clients using a Web link and email on page 76.
Support for Mac
clients
Introducing Symantec Endpoint Protection Small Business EditionWhat's new in version 12.1
20
8/4/2019 Implementation Guide SEPSBE12.1
21/350
Table 1-1 New features in version 12.1 (continued)
DescriptionFeature
You caninstall the product fasterand easier than beforewith thefollowingnew installationfeatures:
You can upgrade to the current version of the product while the legacy clients stay
connected and protected.
A new quick report for deployment shows which computers have successfully installed
the client software.
See Running and customizing quick reports on page 270.
Improved installationprocess
Symantec Endpoint Protection Manager now supports the following additional operating
systems:
VMware Workstation 7.0 or later
VMware ESXi 4.0.x or later
VMware ESX 4.0.x or later
VMware Server 2.0.1
Citrix XenServer 5.1 or later
Symantec Endpoint Protection Manager now supports the following Web browsers:
Internet Explorer 7.0, 8.0, 9.0
Firefox 3.6, 4.0
See System requirements on page 41.
Support for additional
operating systems
About the types of threat protection that SymantecEndpoint Protection Small Business Edition provides
Symantec Endpoint Protection Small Business Edition uses state-of-the-art
protection to integrate multiple types of protection on each computer in your
network. It offers advanced defense against all types of attacks for both physical
systems and virtual systems. You need combinations of all the protection
technologies to fully protect and customize the security in your environment.
Symantec Endpoint Protection Small Business Edition combines traditional
scanning, behavioral analysis, intrusion prevention, and community intelligence
into a superior security system.
Table 1-2 describes the types of protection that the product provides and their
benefits.
Introducing Symantec Endpoint Protection Small Business EditionAbout the types of threat protection that Symantec Endpoint Protection Small Business Edition provides
8/4/2019 Implementation Guide SEPSBE12.1
22/350
Table 1-2 Layers of protection
BenefitDescriptionProtection
type
Virus and Spyware Protection detects new
threats earlier and more accurately using not
just signature-based and behavioral-based
solutions, but other technologies.
Symantec Insight provides faster and more
accurate malware detectionto detectthenew
and the unknown threats that other
approaches miss. Insight identifies new and
zero-day threats by using the collective
wisdom of over millions of systems in
hundreds of countries. Bloodhound uses heuristics to detect a high
percentage of known and unknown threats.
Auto-Protectscans files froma signaturelist
as they are read from or written to the client
computer.
Virus and Spyware Protection protects
computers from viruses and security risks, and
in many cases can repair their side effects. The
protection includes real-time scanning of files
and email as well as scheduled scans and
on-demand scans. Virus and spyware scans
detect viruses and the security risks that can
put a computer, as well as a network, at risk.
Security risks include spyware, adware, and
other malicious files.
See Managing scans on client computerson page 136.
Virus and
Spyware
Protection
The rules-based firewall engine shields
computers from malicious threats before
they appear.
The IPS scans network traffic and files for
indications of intrusions or attemptedintrusions.
Browser Intrusion Prevention scans for
attacks that are directed at browser
vulnerabilities.
Universal download protection monitors all
downloads from the browser and validates
that the downloads are not malware.
Network Threat Protection provides a firewall
and intrusion prevention protection to prevent
intrusion attacks and malicious content from
reaching the computer that runs the client
software.The firewall allows or blocks network traffic
based on the various criteria that the
administratorsets. If theadministratorpermits
it,end users canalso configurefirewallpolicies.
TheIntrusion Prevention System (IPS)analyzes
all the incoming and the outgoing information
for the data patterns that are typical of an
attack. It detects and blocks malicious traffic
and attempts by outside users to attack the
client computer. Intrusion Prevention also
monitors outbound traffic and prevents thespread of worms.
See Managing firewall protectiononpage 205.
See Managing intrusion prevention on your
client computers on page 229.
Network Threat
Protection
Introducing Symantec Endpoint Protection Small Business EditionAbout the types of threat protection that Symantec Endpoint Protection Small Business Edition provides
22
8/4/2019 Implementation Guide SEPSBE12.1
23/350
Table 1-2 Layers of protection (continued)
BenefitDescriptionProtection
type
SONAR examines programs as they run, and
identifies and stops malicious behavior of new
and previously unknown threats. SONAR uses
heuristics as well as reputation data to detect
emerging and unknown threats.
Proactive Threat Protection uses SONAR to
protect against zero-day attack vulnerabilities
in yournetwork.Zero-dayattack vulnerabilities
are the new vulnerabilities that are not yet
publicly known. Threats that exploit these
vulnerabilities can evade signature-based
detection, suchas spywaredefinitions.Zero-day
attacks may be used in targeted attacks and in
the propagation of malicious code. SONAR
provides real-time behavioral protection by
monitoring processes and threats as they
execute.
See Managing SONAR on page 196.
ProactiveThreat
Protection
The management server enforces each protection by using an associated policy
that is downloaded to the client.
Figure 1-1 shows the categories of threats that each type of protection blocks.
Introducing Symantec Endpoint Protection Small Business EditionAbout the types of threat protection that Symantec Endpoint Protection Small Business Edition provides
8/4/2019 Implementation Guide SEPSBE12.1
24/350
Figure 1-1 An overview of protection layers
Virus and Spyware Protection
Endpoint
Network Interface Card
Back doorsDoS attacksPort scansStack attacksTrojansWorms
Internet
Memory / peripherals
File system
Proactive Threat Protection
File/process/registrymodifications
Firewallpolicy
Intrusion
Prevention
policy
Application and
Device Control
policy
Company
Network
Virus and Spyware
Protection policy
(SONAR)
AdwareBack doorsMutating threatsSpywareTrojansWormsViruses
Insider threatsKeyloggersRetro virusesSpywareTargeted attacksTrojansWormsZero day threatsDNS and host
file changes
Network
Threat
Protection
Applicationvulnerabilities
Back doorsOS vulnerabilitiesTrojansWorms
Virus and Spyware
Protection policy
See Components of Symantec Endpoint Protection Small Business Edition
on page 37.
Introducing Symantec Endpoint Protection Small Business EditionAbout the types of threat protection that Symantec Endpoint Protection Small Business Edition provides
24
8/4/2019 Implementation Guide SEPSBE12.1
25/350
Protecting your network with Symantec EndpointProtection Small Business Edition
You protect the computers in your network by installing and managing the
Symantec Endpoint Protection Manager and the Symantec Endpoint Protection
Small Business Edition client.
Table 1-3 outlines the main high-level tasks that you need to do to use Symantec
Endpoint Protection Small Business Edition.
Table 1-3 Steps to set up, configure, and manage Symantec Endpoint
Protection Small Business Edition
DescriptionTask
Youcan installSymantecEndpoint Protection Managerand
the Symantec Endpoint Protection Small Business Edition
client and protect your network in a few easy steps.
See Getting up and running on Symantec Endpoint
Protection Small Business Edition for the first time
on page 26.
Setting up Symantec
Endpoint Protection Small
Business Edition
SymantecEndpoint Protection Managercomes withdefault
settings and policies so that your network is protected
immediatelyafter youinstall. Youcan modifythese settings
to suit your network environment.
See Managing protectionon client computers onpage29.
Managing Symantec
Endpoint Protection Small
Business Edition
You might need to perform some ongoing maintenance to
keep your network environment running smoothly at peak
performance. For example, you must back up the database
in case you need to perform disaster recovery.
See Maintaining the security of your environment
on page 30.
Maintaining a secure
network environment
If you have problems installing or using the product,
Symantec EndpointProtectionManagerincludesresources
to help fix common issues, such as client-servercommunication and virus outbreaks.
See Troubleshooting Symantec EndpointProtectionSmall
Business Edition on page 31.
Troubleshooting Symantec
Endpoint Protection Small
Business Edition
See Components of Symantec Endpoint Protection Small Business Edition
on page 37.
Introducing Symantec Endpoint Protection Small Business EditionProtecting your network with Symantec Endpoint Protection Small Business Edition
8/4/2019 Implementation Guide SEPSBE12.1
26/350
Getting up and running on Symantec Endpoint Protection SmallBusiness Edition for the first time
You should assess your security requirements and decide if the default settingsprovide the balance of performance and security you require. Some performance
enhancements can be made immediately after you install Symantec Endpoint
Protection Manager.
Table 1-4 lists the tasks you should perform to install and protect the computers
in your network immediately.
Table 1-4 Tasks to install and configure Symantec Endpoint Protection Small
Business Edition
DescriptionAction
Whether you install the product for the first time, upgrade from a previous version, or
migrate from another product, you install Symantec Endpoint Protection Manager first.
See Installing the management server and the console on page 45.
SeeAboutmigratingto Symantec Endpoint ProtectionSmallBusinessEditiononpage86.
Install or migrate the
management server
You can add the groups that contain computers based on the level of security or function
the computers perform. For example, you should put computers with a higher level of
security in one group, or a group of Mac computers in another group.
See How you can structure groups on page 103.
SeeAdding a group
on page 104.
See Guidelines for managing portable computers on page 105.
Create groups
Change the following default scan settings:
For the servers group, change the scheduled scan time to a time when most users are
offline.
See Setting up scheduled scans that run on Windows computers on page 157.
Modify the Virus and
Spyware Protection
policy
Purchase and activate a license within 30 days of product installation.
See Activating your product license on page 59.
Activate the product
license
Before you install the client software, perform the following tasks, if necessary:
Uninstall third-party virus protection software from your computers.
For more information on a tool to uninstall any competitive product automatically,
see the knowledge base article, SEPprep competitive product uninstall tool.
If youdeploy clientsoftware remotely, first modifythefirewall settings on your client
computers to allow communication between the computers and the management
server.
See Preparing for client installation on page 71.
Prepare computers forclient installation
(optional)
Introducing Symantec Endpoint Protection Small Business EditionProtecting your network with Symantec Endpoint Protection Small Business Edition
26
http://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=sepprephttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=sepprep8/4/2019 Implementation Guide SEPSBE12.1
27/350
Table 1-4 Tasks to install and configure Symantec Endpoint Protection Small
Business Edition (continued)
DescriptionAction
Deploy the client software.
See Deploying clients using a Web link and email on page 76.
Install the client
softwarewiththe Client
Deployment Wizard
In the management console, on the Computers > Computers page:
1 Change the view to Client status to make sure that the client computers in each
group communicate with the management server.
Look at the information in the following columns:
The Computer column displays a green dot for the clients that are connected to
the management server.
The Last Time Status Changed column displays the time that the client last
communicated with the management server.
The RestartRequiredcolumn displays which client computers youneed to restart
to enable protection.
See Restarting client computers on page 80.
The PolicySerialNumber column displays themostcurrentpolicy serialnumber.
The policy might not update for one to two heartbeats.
See Using the policy serial number to check client-server communication
on page 127.
2 Changeto theProtectiontechnology viewand ensure thatthefollowingprotections
are On: Antivirus status
Firewall status
See Viewing the protection status of clients and client computers on page 109.
3 On the client, check that the client is connected to a server, and check that the policy
serial number is the most current one.
See Viewing the client connection status on the client on page 318.
See Troubleshooting communication problems between the management server and the
client on page 316.
Check that the
computers are listed in
the groups that you
expected and that the
client communicates
with the management
server
Make sure that the content updates download to client computers at a time that affectsusers the least.
See Configuring the LiveUpdate download schedule for Symantec Endpoint Protection
Manager on page 255.
Check the LiveUpdateschedule and adjust if
necessary
Introducing Symantec Endpoint Protection Small Business EditionProtecting your network with Symantec Endpoint Protection Small Business Edition
8/4/2019 Implementation Guide SEPSBE12.1
28/350
Table 1-4 Tasks to install and configure Symantec Endpoint Protection Small
Business Edition (continued)
DescriptionAction
Alerts and notifications are critical to maintaining a secure environment and can also
save you time.
See Managing notifications on page 283.
Configure Symantec
Endpoint Protection
Manager to send email
alerts
Createa notification for a Singleriskeventandmodify thenotification for RiskOutbreak.
For these notifications, do the following:
1 Change the Risk severity to Category 1 (Very Low and above) to avoid receiving
emails about tracking cookies.
2 Keep the Damper setting at Auto.See Setting up administrator notifications on page 291.
Configure notifications
for a single risk
outbreak and when a
new risk is detected
Table 1-5displays thetasks to perform after youinstall andconfiguretheproduct
to assess whether the client computers have the correct level of protection.
Table 1-5 Tasks to perform two weeks after you install
DescriptionAction
You can increase performance so that the client does not scan certain folders and files.
For example, the client scans the mail server every time a scheduled scan runs.
You can also exclude files by extension for Auto-Protect scans.
See Creating exceptions for Symantec Endpoint Protection Small Business Edition
on page 240.
See Customizing Auto-Protect for Windows clients on page 182.
See About commands you can run on client computerson page 183 on page 183.
Excludeapplicationsand
files frombeing scanned
Run the quick reports and scheduled reports to see whether the client computers have
the correct level of security.
See About the types of reports on page 268.
See Running and customizing quick reports on page 270.
See Creating scheduled reports on page 273.
Run a quick report and
scheduled report after
the scheduled scan
Review monitors, logs, and the status of client computers to make sure that you have the
correct level of protection for each group.
See Monitoring endpoint protection on page 261.
Check to ensure that
scheduled scans have
been successful and
clients operate as
expected
Introducing Symantec Endpoint Protection Small Business EditionProtecting your network with Symantec Endpoint Protection Small Business Edition
28
8/4/2019 Implementation Guide SEPSBE12.1
29/350
Managing protection on client computers
You use a single management console to manage the protection on the client
computers. Although the client computers are protected immediately, you might
need to modify the protection to suit your needs.
Table 1-6 outlines the tasks that you can perform if you need to adjust the default
settings.
Table 1-6 Modifying protection on the client computer
DescriptionTask
You apply protection to the client computers based on the group that you place a computer
in. The computers in each group have the same level of security.
You can import your company's existing group structure. You can also create new groups.
To determine whichgroups to add, firstconsider the structureof thenetwork. Or, if you create
a new group structure, you base your group structure on function, role, geography, or a
combinationof criteria. Forexample,consider thenumber of computers at thesite, or whether
the computers are the same type, such as Windows or Mac computers.
See Managing groups of computers on page 101.
See Managing client computers on page 107.
Organizing and
managing groups
Symantec Endpoint Protection Manager includes default policies for each type of protection.
The policies balance the need for protection with performance. Out of the box, the default
policies provide appropriate settings for large and small organizations. You may want to
adjust settings over time based on your company needs.
See The types of security policies on page 118.
See About the types of threat protection that Symantec Endpoint Protection Small Business
Edition provides on page 21.
See Managing scans on client computers on page 136.
See Managing firewall protection on page 205.
See Managing intrusion prevention on your client computers on page 229.
Modifying
protection
Security policies must be applied to a group before the clients apply the policies to the client
computer. You can create policies that all groups share or that apply to only one group.Symantec Endpoint Protection Manager makes it easy to add and modify policies for all the
security needs of your company.
See Performing tasks that are common to all security policies on page 119.
Managing policies
Introducing Symantec Endpoint Protection Small Business EditionProtecting your network with Symantec Endpoint Protection Small Business Edition
8/4/2019 Implementation Guide SEPSBE12.1
30/350
Table 1-6 Modifying protection on the client computer (continued)
DescriptionTask
Client computers need to receive periodic updates to protection content such as virusdefinitions, intrusion prevention signatures, and product software. You can configure the
method, type of content, and schedule that Symantec Endpoint Protection Small Business
Edition uses to download the content to the client computers.
See Managing content updates on page 251.
Scheduling andmanaging updates
You can configure the client to display different client features and protection features. How
you configure these features depends on how much control you want client computer users
in each group to have.
See Locking and unlocking policy settings on page 122.
Controlling user
access
Symantec recommends that youanalyze which computersneed which type of security. If youdidnotdeploytheclient installation package at thetimethat youinstalled Symantec Endpoint
Protection Manager, you can deploy the client software later.
You have the option to look for unprotected computers.
See Preparing for client installation on page 71.
See Deploying clients using a Web link and email on page 76.
Managing clientdeployment
You use reports and logs to view the security status of the client computers. The reports and
logs help you to handlevirus outbreaks and to increase the security and performance of your
company's network.
Youcanalso configurenotifications to alert administrators andcomputer users about potentialsecurity problems.
See Monitoring endpoint protection on page 261.
See Managing notifications on page 283.
Monitoring and
respondingto status
changes
You can add administrator accounts so that different administrators have different levels of
control over managing the groups, policies, commands, and reports in Symantec Endpoint
Protection Manager.
See Managing administrator accounts on page 295.
Managing
administrators
Maintaining the security of your environment
After you have secured your network, you might want to modify the protection
and infrastructure to increase security or increase performance.
Introducing Symantec Endpoint Protection Small Business EditionProtecting your network with Symantec Endpoint Protection Small Business Edition
30
8/4/2019 Implementation Guide SEPSBE12.1
31/350
Table 1-7 Tasks you can perform to maintain the security of your network
DescriptionTask
You should periodically check the Home page to view the overall security status of yournetwork. You canusethe notifications, reports, andlogs to provide thedetails on thesecurity
status.
See Monitoring endpoint protection on page 261.
See Managing notifications on page 283.
Checking thesecurity status of
your network
You cancheck whether your license is about to expire or ifyouhavetoomanydeployedclients
for what your license covers.
See Maintaining your product licenses on page 64.
Maintaininglicenses
To help mitigate a case of data corruption or a hardware failure, you should back up the
database regularly and make a copy of specific management server files.
See Preparing for disaster recovery on page 305.
Preparing for
disaster recovery
You can update the settings for the mail server, proxy server, and LiveUpdate servers.
See Establishing communication between the management server and email servers
on page 289.
See Configuring Symantec Endpoint Protection Manager to connect to a proxy server to
access the Internet on page 257.
Reconfiguring
servers
Troubleshooting Symantec Endpoint Protection Small Business EditionTable 1-8 displays the most common issues that you might encounter when you
install and use Symantec Endpoint Protection Small Business Edition.
Table 1-8 Common issues you can troubleshoot
DescriptionTask
Youcan download andrun theSymantecEndpointProtection SmallBusiness EditionSupport
Tool to verify that your computers are ready for installation. The support tool is provided
with themanagement server andtheclient. It is also availableon theSymantec Support Web
site.
See Downloadingthe SymantecEndpointProtection Support Tool to troubleshoot computer
issues on page 315.
Fixing installation
problems
Introducing Symantec Endpoint Protection Small Business EditionProtecting your network with Symantec Endpoint Protection Small Business Edition
8/4/2019 Implementation Guide SEPSBE12.1
32/350
Table 1-8 Common issues you can troubleshoot (continued)
DescriptionTask
You can prevent threats from attacking computers on your network.
See Preventing and handling virus and spyware attacks on client computers on page 130.
See Remediating risks on the computers in your network on page 132.
If a threat does attack a client computer, you can identify and respond to the threat. See the
following knowledge base article:
Best practices for troubleshooting viruses on a network.
Handling virusoutbreaks
If the latest virus definitions do not update correctly on Symantec Endpoint Protection
Manager or the clients, see the following knowledge base article:
Symantec Endpoint Protection: LiveUpdate Troubleshooting.
Troubleshooting
content update
problems
Thecommunication channels between allof theSymantec Endpoint Protection Small Business
Edition componentsmust be open. These channels include, serverto client,serverto database,
and server and client to the content delivery component, such as LiveUpdate.
See Troubleshooting communication problems between the management server and the
client on page 316.
See Troubleshooting communication problems between the management server and the
console or the database on page 322.
See the following knowledge base article:
Troubleshooting Symantec Endpoint Protection Manager communication problems.
Fixing
communication
errors
In case of database corruption or hardware failure, you can restore thelatest snapshot of the
database if you have a database backup file.
See Performing disaster recovery on page 311.
Performing disaster
recovery
You can solve various report and log issues.
See Troubleshooting reporting issues on page 325.
Troubleshooting
reporting issues
Seetheknowledge base article,Top"Best Practices"Articlesfor SymantecEndpoint
Protection.
Introducing Symantec Endpoint Protection Small Business EditionProtecting your network with Symantec Endpoint Protection Small Business Edition
32
http://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=troubleshoot_virushttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=troubleshoot_luhttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=Troubleshooting_SPChttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=bp_article_navhttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=bp_article_navhttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=bp_article_navhttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=bp_article_navhttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=Troubleshooting_SPChttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=troubleshoot_luhttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=troubleshoot_virus8/4/2019 Implementation Guide SEPSBE12.1
33/350
Installing Symantec Endpoint
Protection Small BusinessEdition
Chapter 2. Planning the installation
Chapter 3. Installing Symantec Endpoint Protection Manager
Chapter 4. Managing product licenses
Chapter 5. Preparing for client installation
Chapter 6. Installing the Symantec EndpointProtection Small Business Edition
client
Chapter 7. Upgrading and migrating to Symantec Endpoint Protection Small
Business Edition
1Section
8/4/2019 Implementation Guide SEPSBE12.1
34/350
34
8/4/2019 Implementation Guide SEPSBE12.1
35/350
Planning the installation
This chapter includes the following topics:
Planning the installation
Components of Symantec Endpoint Protection Small Business Edition
Product license requirements
System requirements
About Symantec Endpoint Protection Manager compatibility with other
products
Planning the installationTable 2-1summarizesthehigh-level steps to install Symantec Endpoint Protection
Small Business Edition.
Table 2-1 Installation planning
DescriptionActionStep
Understand thesizingrequirementsforyour network. In addition to identifying
the endpoints requiring protection, scheduling updates, and other variables
should be evaluated to ensure good network and database performance.
For information to help you plan medium to large-scale installations, see the
Symantec white paper,Sizing and ScalabilityRecommendations for Symantec
Endpoint Protection Small Business Edition.
Purchase a license within 30 days of product installation.
See Licensing Symantec Endpoint Protection on page 56.
See Product license requirements on page 39.
Plan network
architecture and review
and purchase a license
within 30 days ofproduct installation
Step 1
2Chapter
http://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=sep_ee_sizing&build=symantec_enthttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=sep_ee_sizing&build=symantec_enthttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=sep_ee_sizing&build=symantec_enthttp://entced.symantec.com/entt?product=SEP&version=12.1&language=english&module=doc&error=sep_ee_sizing&build=symantec_ent8/4/2019 Implementation Guide SEPSBE12.1
36/350
Table 2-1 Installation planning (continued)
DescriptionActionStep
Make sure your computers comply with the minimum system requirementsand that you understand the product licensing requirements.
See System requirements on page 41.
See Product license requirements on page 39.
Review systemrequirements
Step 2
Uninstall other virus protection software from your computers, make sure
system-level access is available, andopen firewalls to allow remote deployment.
See Preparing for client installation on page 71.
SeePreparing Windows operating systems for remotedeploymentonpage72.
Prepare computers for
installation
Step 3
Remotely deploying the client requires that certain ports and protocols areopen andallowed between theSymantecEndpointProtection Manager andthe
endpoint computers.
Open ports and allowprotocols
Step 4
Identify the user names, passwords, email addresses, and other installation
settings. Have the information on hand during the installation.
Identify installation
settings
Step 5
Install Symantec Endpoint Protection Manager.
If the network that supports your business is small and located in one
geographiclocation, youneed to installonly oneSymantec Endpoint Protection
Manager. If your network is geographically dispersed, you may need to install
additional management servers for load balancing and bandwidthdistribution
purposes.
See Installing the management server and the console on page 45.
Install the management
server
Step 6
If youare running legacy Symantec protection, you usually migrate policy and
group settings from your older version.
See About migrating to Symantec Endpoint Protection Small Business Edition
on page 86.
Migrate Symanteclegacy
virus protectionsoftware
Step 7
Planning the installationPlanning the installation
36
8/4/2019 Implementation Guide SEPSBE12.1
37/350
Table 2-1 Installation planning (continued)
DescriptionActionStep
Prepare for client installation as follows:
Identify the computers on which to install the client software.
Identify themethodsto useto deploythe client software to your computers.
Uninstall third-party virus protection software from your computers.
Modifyor disable thefirewall settings on your endpoint computersto allow
communication between the endpoints and the Symantec Endpoint
Protection Manager.
Setup theconsolecomputergroups to match your organizational structure.
See Preparing for client installation on page 71.
See Guidelines for managing portable computers on page 105.
Prepare computers forclient installation
Step 8
Install theSymantecEndpoint Protection Small BusinessEditionclient on your
endpoint computers.
Symantec recommends that you also install the client on the computer that
hosts Symantec Endpoint Protection Manager.
See Deploying clients using a Web link and email on page 76.
Install clientsStep 9
See Getting up andrunning on Symantec Endpoint Protection Small Business
Edition for the first time on page 26.
Post-installation tasksStep 10
SeeAbout the trialware license
on page 58.
Components of Symantec Endpoint Protection SmallBusiness Edition
Table 2-2 lists the product's components and describes their functions.
Planning the installationComponents of Symantec