Implementation Guide for Symantec™ Endpoint Protection Small Business Edition
The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version 12.00.00.00.00 Legal Notice Copyright © 2009 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, LiveUpdate, Symantec Protection Center, and TruScan are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 http://www.symantec.
Technical Support Symantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion.
■ Version and patch level ■ Network topology ■ Router, gateway, and IP address information ■ Problem description: ■ Error messages and log files ■ Troubleshooting that was performed before contacting Symantec ■ Recent software configuration changes and network changes Licensing and registration If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: www.symantec.
Maintenance agreement resources If you want to contact Symantec regarding an existing maintenance agreement, please contact the maintenance agreement administration team for your region as follows: Asia-Pacific and Japan contractsadmin@symantec.com Europe, Middle-East, and Africa semea@symantec.com North America and Latin America supportsolutions@symantec.
Contents Technical Support ............................................................................................... 4 Chapter 1 Introducing Symantec Endpoint Protection Small Business Edition ............................................................ 13 About Symantec Endpoint Protection Small Business Edition ............... About the types of protection ......................................................... Single console management ...........................................................
Contents Creating the database ............................................................. 37 What to do after you install Symantec Protection Center ..................... 37 Uninstalling Symantec Protection Center ......................................... 39 Chapter 4 Preparing for client installation ....................................... 41 Preparing for client installation ...................................................... 41 Configuring firewalls for remote deployment .....................
Contents What you can do from the console ................................................... 64 Configuring console preferences ..................................................... 66 Chapter 8 Monitoring endpoint protection ....................................... 69 About monitoring endpoint protection ............................................. Viewing the Daily Status Report ..................................................... Viewing the Weekly Status Report .....................................
Contents About the default LiveUpdate schedules ........................................... Configuring LiveUpdate for the server ....................................... Enabling LiveUpdate for clients ................................................ Checking LiveUpdate server activity ................................................ Viewing LiveUpdate downloads ...................................................... Manually downloading content updates to Symantec Protection Center ....................
Contents About managing quarantined files ................................................. Enabling or disabling TruScan proactive threat scans ....................... About adjusting the protection scans ............................................. About exceptions ........................................................................ Configuring an exception ....................................................... Chapter 14 Managing firewall protection ..........................................
Contents Appendix A Maintaining and troubleshooting Symantec Endpoint Protection Small Business Edition ......... 153 Restarting client computers ......................................................... Finding managed computers ........................................................ Converting an unmanaged computer .............................................. Finding the server host name and IP address ................................... Modifying email server settings ...........................
Chapter 1 Introducing Symantec Endpoint Protection Small Business Edition This chapter includes the following topics: ■ About Symantec Endpoint Protection Small Business Edition ■ About the types of protection ■ Single console management ■ How you are protected out-of-the-box ■ Key features of Symantec Endpoint Protection Small Business Edition ■ Components of Symantec Endpoint Protection Small Business Edition ■ Where to get more information about Symantec Endpoint Protection Small Business
Introducing Symantec Endpoint Protection Small Business Edition About the types of protection communicates over your network to automatically safeguard computers against viruses and security threats. About the types of protection The Symantec Endpoint Protection Small Business Edition client enforces virus and other protection technologies on the client computers using three layers of essential protection.
Introducing Symantec Endpoint Protection Small Business Edition Single console management your computers and networks. Intrusion Prevention automatically detects and blocks network attacks. Single console management You manage the protection technologies in Symantec Endpoint Protection Small Business Edition from a single console. Using a graphical user interface, you deploy the protection technologies to your computers and monitor the endpoint status—all from one console.
Introducing Symantec Endpoint Protection Small Business Edition Key features of Symantec Endpoint Protection Small Business Edition See “How clients receive content updates” on page 90. Key features of Symantec Endpoint Protection Small Business Edition Table 1-1 lists the key features of Symantec Endpoint Protection Small Business Edition.
Introducing Symantec Endpoint Protection Small Business Edition Components of Symantec Endpoint Protection Small Business Edition Components of Symantec Endpoint Protection Small Business Edition Table 1-2 lists the Symantec Endpoint Protection Small Business Edition components. Table 1-2 Product components Component Description Symantec Protection Center Symantec Protection Center centrally manages the client computers that connect to your company's network.
Introducing Symantec Endpoint Protection Small Business Edition Where to get more information about Symantec Endpoint Protection Small Business Edition Figure 1-2 Symantec Endpoint Protection Small Business Edition components Computers running the Symantec Endpoint Protection Small Business Edition client, connecting through a VPN tunnel Internet Firewall Local Ethernet Network Symantec Protection Center, with the Symantec Endpoint Protection Small Business Edition client installed Computers run
Introducing Symantec Endpoint Protection Small Business Edition Where to get more information about Symantec Endpoint Protection Small Business Edition Center. You can find the tool in the Tools\PushDeploymentWizard folder of the product disc. ■ Symantec Client Firewall Policy Migration Guide This guide includes information on how to convert policies from Symantec Client Firewall Administrator to Symantec Protection Center.
Introducing Symantec Endpoint Protection Small Business Edition Where to get more information about Symantec Endpoint Protection Small Business Edition
Chapter 2 Planning the installation This chapter includes the following topics: ■ Planning the installation ■ Network architecture considerations ■ Guidelines for managing portable computers ■ About trialware ■ Product license requirements ■ System requirements ■ Preparing your computers for installation Planning the installation Table 2-1 summarizes the installation steps for Symantec Endpoint Protection Small Business Edition.
Planning the installation Planning the installation Installation planning (continued) Table 2-1 Step Action Description Step 3 Review system requirements Make sure your computers comply with the minimum system requirements. Prepare computers for installation Uninstall other virus protection software from your computers. Identify installation settings Identify the user names, passwords, email addresses, and other installation settings. Have the information on hand during the installation.
Planning the installation Network architecture considerations Network architecture considerations You can install Symantec Endpoint Protection Small Business Edition for testing purposes without considering your company network architecture. You can install Symantec Protection Center with a few clients, and become familiar with the features and functions. When you are ready to install the production clients, you should plan your deployment based on your organizational structure and computing needs.
Planning the installation Guidelines for managing portable computers You organize the computers with similar security needs into groups. For example, you might organize the computers in the Payroll department into the Payroll group. The group structure that you define most likely matches the structure of your organization. You create the groups by using Symantec Protection Center. Adjust the security policy settings for the groups that require additional restrictions.
Planning the installation Product license requirements ■ Database for storing security policies and events ■ Access to LiveUpdate content You may visit the following Trialware Web site to download trialware for Symantec Endpoint Protection Small Business Edition: http://www.symantec.com/business/products/downloads/ See “Product license requirements” on page 25. Product license requirements Symantec Endpoint Protection Small Business Edition requires that you purchase a product license.
Planning the installation System requirements ■ 64-bit processor : 2-GHz Pentium 4 with x86-64 support or equivalent minimum Intel Itanium IA-64 is not supported. ■ Operating systems: Windows 2000 Server, Windows XP (32-bit, 64-bit), Windows Server 2003 (32-bit, 64-bit), Windows Server 2008 (32-bit, 64-bit), Windows Small Business Server 2008 (64-bit), or Windows Essential Business Server 2008 (64-bit) Windows Vista (32-bit, 64-bit) is not officially supported.
Planning the installation System requirements Table 2-3 Internationalization requirements Component Requirements Computer names, server names, and work group names Non-English characters are supported with the following limitations: English characters English characters are required in the following situations: Network audit may not work for a host or user that uses a double-byte character set or a high-ASCII character set.
Planning the installation Preparing your computers for installation Table 2-4 VMware support Symantec software VMware support Symantec Protection Center Symantec Protection Center is supported on the following and database VMware versions: ■ VMware WS 5.0 (workstation) or later ■ VMware GSX 3.2 (enterprise) or later ■ VMware ESX 2.
Planning the installation Preparing your computers for installation To prepare your computers for installation 1 Uninstall third-party virus protection software. Symantec does not recommend that you run two virus protection programs on the same computer. The programs can affect the performance and effectiveness of Symantec Endpoint Protection Small Business Edition. Follow your company's software removal procedure to uninstall your third-party virus protection programs.
Planning the installation Preparing your computers for installation
Chapter 3 Installing Symantec Protection Center This chapter includes the following topics: ■ Installing Symantec Protection Center ■ About the installation wizards ■ About the Symantec Protection Center installation settings ■ Installing the server and the console ■ What to do after you install Symantec Protection Center ■ Uninstalling Symantec Protection Center Installing Symantec Protection Center Table 3-1 lists the steps to install Symantec Protection Center.
Installing Symantec Protection Center About the installation wizards Table 3-1 Symantec Protection Center installation summary (continued) Step Action Description Step 3 Identify installation settings Installation prompts you to enter values such as the email address that you want to use to receive important notifications. See “About the Symantec Protection Center installation settings” on page 33.
Installing Symantec Protection Center About the Symantec Protection Center installation settings Table 3-2 Installation wizards (continued) Wizard Description Migration Wizard The Migration Wizard migrates the following Symantec legacy virus protection software: ■ Symantec AntiVirus Corporate Edition ■ Symantec Client Security The Migration Wizard runs immediately after the Server Configuration Wizard.
Installing Symantec Protection Center About the Symantec Protection Center installation settings Table 3-3 Symantec Protection Center installation settings Setting Default value Description Destination folder See Description The directory that is used to install the server software. Required Accept the default directory or click Change to specify another directory. Default directory: C:\Program Files\Symantec\Symantec Protection Center Company name none The name of your company.
Installing Symantec Protection Center Installing the server and the console Table 3-3 Symantec Protection Center installation settings (continued) Setting Default value Description Port number 25 The email server port number. Symantec Protection Center uses the port number to communicate with your email server. Required If you do not know the port number, contact your administrator or ISP. In most cases, you accept the default.
Installing Symantec Protection Center Installing the server and the console To install the server and the console 1 Uninstall third-party virus protection software from the computer. See “Preparing your computers for installation” on page 28. 2 Insert and display the product disc. The installation should start automatically. If it does not start, double-click Setup.exe. If you downloaded the product, unzip the folder and extract the entire product disc image to a physical disc, such as a hard disk.
Installing Symantec Protection Center What to do after you install Symantec Protection Center Configuring the server To configure the server, you specify the following information: ■ The password for the default administrator account. ■ The email address that receives important notifications and reports. ■ The email server name and port number. To configure the server 1 In the Administrator Settings panel, specify your company name.
Installing Symantec Protection Center What to do after you install Symantec Protection Center Table 3-5 Post-installation tasks Action Description Learn about the console Become familiar with the features and functions of the Symantec Protection Center console. See “About starting the Symantec Protection Center console” on page 61. Install and migrate clients Install the client software on your unprotected computers if you have not already done so.
Installing Symantec Protection Center Uninstalling Symantec Protection Center Table 3-5 Post-installation tasks (continued) Action Description Set up administrator accounts Installation created a default administrator account. You can create additional accounts for administrators and users who need access to the console. See “About administrator accounts” on page 144. Uninstalling Symantec Protection Center Uninstalling Symantec Protection Center uninstalls the server, console, and database.
Installing Symantec Protection Center Uninstalling Symantec Protection Center
Chapter 4 Preparing for client installation This chapter includes the following topics: ■ Preparing for client installation ■ Configuring firewalls for remote deployment ■ Preparing computers for remote deployment Preparing for client installation Table 4-1 lists the steps to prepare computers for client installation.
Preparing for client installation Configuring firewalls for remote deployment Client computer preparation (continued) Table 4-1 Step Action Description Step 5 Identify computer groups Identify the computer groups to use during client installation. See “About computer groups” on page 81. Configuring firewalls for remote deployment Windows firewalls can interfere with remote client installation and deployment.
Preparing for client installation Preparing computers for remote deployment Table 4-2 Firewall modifications (continued) Configuration Description Modify the firewalls in Windows Vista or Windows Server 2008 Windows Vista and Windows Server 2008 contain a firewall that is enabled by default. If the firewall is enabled, you might not be able to install or deploy the client software remotely. You can temporarily disable the Windows firewall on the clients before you deploy the client software.
Preparing for client installation Preparing computers for remote deployment Table 4-3 Remote deployment actions (continued) Action Description Prepare Windows Vista or Windows Server 2008 computers Windows User Access Control blocks local administrative accounts from remotely accessing remote administrative shares such as C$ and Admin$. To push the client software to computers, you should use a domain administrative account if the client computer is part of an Active Directory domain.
Chapter 5 Installing the Symantec Endpoint Protection Small Business Edition client This chapter includes the following topics: ■ Installing the Symantec Endpoint Protection Small Business Edition client ■ About the client installation settings ■ About deploying clients ■ About reinstalling client protection ■ Installing an unmanaged computer ■ Uninstalling the client Installing the Symantec Endpoint Protection Small Business Edition client You install the Symantec Endpoint Protection Small Bu
Installing the Symantec Endpoint Protection Small Business Edition client Installing the Symantec Endpoint Protection Small Business Edition client Table 5-1 Client installation summary (continued) Step Action Description Step 2 Prepare client computers for installation Uninstall third-party virus protection software from the computers. Identify client installation settings Installation prompts you to specify the computer group names and the protection types.
Installing the Symantec Endpoint Protection Small Business Edition client About the client installation settings Table 5-2 Client computer types (continued) Type Description Unmanaged computer Unmanaged client computers do not use Symantec Protection Center. Unmanaged client computers are self-managed; you or the primary computer users must administer the client computers. In most cases, unmanaged client computers connect to your network intermittently or not at all.
Installing the Symantec Endpoint Protection Small Business Edition client About deploying clients Table 5-3 Client installation settings (continued) Setting Default value Description Protection type The following default The protection technologies that you want to install on the client protection technologies are computers.
Installing the Symantec Endpoint Protection Small Business Edition client About deploying clients ■ Remote Push Installation Remote push installation lets you control the client installation. Remote push installation pushes the client software to the computers that you specify. The installation begins automatically. See “Deploying clients by using Remote Push Installation” on page 50.
Installing the Symantec Endpoint Protection Small Business Edition client About deploying clients 6 In the Client Installation Wizard, specify the email recipients. To specify multiple email recipients, type a comma after each email address. 7 In the Client Installation Wizard, accept the default email subject and body or edit the text, and then click Next. 8 Click Finish. 9 Confirm that the computer users received the email message and installed the client software.
Installing the Symantec Endpoint Protection Small Business Edition client About deploying clients 3 In the Client Installation Wizard, select the group to contain the computers. 4 In the Client Installation Wizard, select the protection types, and then click Next. See “About the client installation settings” on page 47. 5 In the Client Installation Wizard, click Remote Push Installation, and then click Next.
Installing the Symantec Endpoint Protection Small Business Edition client About deploying clients The installation package can comprise one setup.exe file or a collection of files that include a setup.exe file. Computer users often find one setup.exe file easier to use. ■ Save the installation package in the default directory or a directory of your choice. The default directory is as follows: C:\temp\Symantec\ClientPackages You must provide the installation package to the computer users.
Installing the Symantec Endpoint Protection Small Business Edition client About reinstalling client protection 14 Confirm the status of the deployed clients. 15 See “Viewing client inventory” on page 73. About reinstalling client protection Reinstalling client protection lets you change the protection technologies that were deployed on a computer. For example, suppose you deployed Network Threat Protection on a computer and then decided that you did not want the protection.
Installing the Symantec Endpoint Protection Small Business Edition client Uninstalling the client 4 Confirm that the unmanaged computer is selected, and then click Next. This panel appears when you install the client software for the first time on a computer. 5 On the Protection Options panel, select the protection types, and then click Next. See “About the client installation settings” on page 47. 6 On the Ready to Install the Program panel, click Install.
Chapter 6 Migrating to Symantec Endpoint Protection Small Business Edition This chapter includes the following topics: ■ About migrating to Symantec Endpoint Protection Small Business Edition ■ Migrating legacy installations ■ Upgrading Symantec Endpoint Protection Small Business Edition About migrating to Symantec Endpoint Protection Small Business Edition Symantec Endpoint Protection Small Business Edition detects and migrates Symantec legacy virus protection software.
Migrating to Symantec Endpoint Protection Small Business Edition Migrating legacy installations Table 6-1 Supported migrations Product Description Symantec legacy virus protection software You can optionally migrate Symantec legacy virus protection software. Migration detects and migrates installations of the following Symantec legacy virus protection software: ■ Symantec AntiVirus Corporate Edition 9.x and 10.x ■ Symantec Client Security 2.x and 3.
Migrating to Symantec Endpoint Protection Small Business Edition Migrating legacy installations Note: Management servers migrate to clients. Table 6-2 Migration summary Step Action Description 1 Prepare the legacy installation Prepare your legacy installation for migration as follows: ■ ■ ■ ■ ■ ■ Disable scheduled scans. The migration might fail if a scan is running during migration. Disable LiveUpdate. Conflicts might occur if LiveUpdate runs on the client computers during migration.
Migrating to Symantec Endpoint Protection Small Business Edition Migrating legacy installations About migrating computer groups Migration creates a My Company child group for each legacy group. The My Company child group name is a concatenation of each legacy group and its legacy child groups. For example, suppose the legacy group Clients contains the legacy child groups ClientGroup1 and ClientGroup2. The My Company child group names are Clients, Clients.ClientGroup1, and Clients.ClientGroup2.
Migrating to Symantec Endpoint Protection Small Business Edition Upgrading Symantec Endpoint Protection Small Business Edition 5 In the Migration Wizard panel, select one of the following options: Auto-detect Servers This option imports the settings from all the servers. Type the IP address of a computer that runs the Symantec System Center. Add Server This option imports the settings from a single server and the clients that it manages. Type the IP address of a computer that runs a server.
Migrating to Symantec Endpoint Protection Small Business Edition Upgrading Symantec Endpoint Protection Small Business Edition Table 6-3 Upgrade summary (continued) Step Action Description Step 4 Confirm the upgrade You can confirm that the upgrade completed successfully by verifying the version number of the client software that appears in the About dialog box.
Chapter 7 Starting the Symantec Protection Center console This chapter includes the following topics: ■ About starting the Symantec Protection Center console ■ About the console ■ Logging on to the console ■ Logging on to a remote console ■ Resetting a forgotten password ■ What you can do from the console ■ Configuring console preferences About starting the Symantec Protection Center console The first time the console starts after installation, you are presented with a Welcome screen.
Starting the Symantec Protection Center console About the console Table 7-1 Welcome screen options (continued) Option Description Activate your product Register your product license serial number. Your installation of Symantec Endpoint Protection Small Business Edition includes a 30-day trial license. During those 30 days, you have access to all the product features and functions. At the end of the 30 days, you must purchase and register a license.
Starting the Symantec Protection Center console Logging on to a remote console To log on to the console 1 Log on to the computer where Symantec Protection Center is installed. 2 On the desktop, on the Start menu, click All Programs > Symantec Protection Center > Symantec Protection Center console. 3 In the Login dialog box, type your user name and password. If you want the computer to remember your password, check Remember me on this computer.
Starting the Symantec Protection Center console Resetting a forgotten password To log on to a remote console 1 In the Internet Explorer window, in the Address box, type the following identifier for the computer that runs Symantec Protection Center: http://host name:9090 where host name is the host name or IP address of the computer that runs Symantec Protection Center. The console uses the default port 9090.
Starting the Symantec Protection Center console What you can do from the console Table 7-2 Symantec Protection Center console pages Page Description Home Display the security status of your network. You can do the following tasks from the Home page: ■ Obtain a count of detected viruses and other security risks. ■ Obtain a count of unprotected computers in your network. Obtain a count of computers that received virus definition and other content updates. ■ View license status.
Starting the Symantec Protection Center console Configuring console preferences Table 7-2 Symantec Protection Center console pages (continued) Page Description Computers Manage computers and groups. You can do the following tasks from the Computers page: Admin ■ Create and delete groups. ■ Edit group properties. ■ View the security policies that are assigned to groups. ■ Run commands on groups. ■ Deploy the client software to computers in your network.
Starting the Symantec Protection Center console Configuring console preferences To configure console preferences 1 In the console, click Home. 2 On the Home page, click Preferences. The Preferences link is in the top left Security Status pane. 3 Adjust the settings. 4 Click OK.
Starting the Symantec Protection Center console Configuring console preferences
Chapter 8 Monitoring endpoint protection This chapter includes the following topics: ■ About monitoring endpoint protection ■ Viewing the Daily Status Report ■ Viewing the Weekly Status Report ■ Viewing system protection ■ Viewing virus and risk activity ■ Viewing client inventory ■ Finding unscanned computers ■ Finding offline computers ■ Viewing risks ■ Viewing attack targets and sources ■ About events and event logs About monitoring endpoint protection The Symantec Protection Cent
Monitoring endpoint protection About monitoring endpoint protection Table 8-1 Endpoint protection monitoring Status Description License You can obtain the following license information: ■ License serial number, seat count, expiration date ■ Number of valid seats ■ Number of deployed seats ■ Number of expired seats ■ Number of over-deployed seats See “Checking license status” on page 105. See “Viewing the Weekly Status Report” on page 71.
Monitoring endpoint protection Viewing the Daily Status Report Table 8-1 Endpoint protection monitoring (continued) Status Description Events Events are the informative, notable, and critical activities that concern Symantec Protection Center and your client computers. The event logs supplement the information is that is contained in the reports. See “Viewing the Computer Status Log” on page 76. See “Viewing the Network Threat Protection Log” on page 76.
Monitoring endpoint protection Viewing system protection To view the Weekly Status Report 1 In the console, click Home. 2 On the Home page, in the Favorite Reports pane, click Symantec Endpoint Protection Weekly Status. Viewing system protection System protection comprises the following information: ■ The number of computers with up-to-date virus definitions. ■ The number of computers with out-of-date virus definitions. ■ The number of computers that are offline.
Monitoring endpoint protection Viewing client inventory Viewing client inventory You can confirm the status of your deployed client computers. To view client inventory 1 In the console, click Reports. 2 On the Quick Reports tab, specify the following information: 3 Report type You select Computer Status. Select a report You select Client Inventory Details. Click Create Report. Finding unscanned computers You can list the computers that need scanning.
Monitoring endpoint protection Viewing risks Viewing risks You can get information about the risks in your network. To view infected and at risk computers 1 In the console, click Reports. 2 On the Quick Reports tab, specify the following information: 3 Report type You select Risk. Selected report You select Infected and At Risk Computers. Click Create Report. To view newly detected risks 1 In the console, click Reports.
Monitoring endpoint protection Viewing attack targets and sources To view the top targets that were attacked 1 In the console, click Reports. 2 On the Quick Reports tab, specify the following information: 3 Report type You select Network Threat Protection. Select a report You select Top Targets Attacked. Click Create Report. To view top attack sources 1 In the console, click Reports.
Monitoring endpoint protection About events and event logs About events and event logs Events are the informative, notable, and critical activities that concern Symantec Protection Center and your client computers. The client computers send the events to the server. The server stores the events in logs. The console lets you view details of the event logs. The Monitors page displays the events that were reported to Symantec Protection Center from your entire managed client computer deployment.
Monitoring endpoint protection About events and event logs 3 On the Logs tab, in the Log content box, select Traffic. 4 Click View Log. To view the Network Threat Protection Log for the intrusion prevention attacks 1 In the console, click Monitors. 2 On the Monitors page, on the Logs tab, in the Log type box, select Network Threat Protection. 3 On the Logs tab, in the Log content box, select Attacks. 4 Click View Log.
Monitoring endpoint protection About events and event logs
Chapter 9 Managing security policies and computer groups This chapter includes the following topics: ■ About managing security policies and computer groups ■ About computer groups ■ About the security policies ■ How policies are assigned to groups ■ How computers get policy updates ■ Assigning a policy to a group ■ Testing a security policy About managing security policies and computer groups In Symantec Protection Center, you manage groups of managed computers as a single unit.
Managing security policies and computer groups About managing security policies and computer groups Table 9-1 Policy and group management Task Description Learn about Symantec security The Symantec security policies define the protection policies technologies that protect your computers from known and unknown threats. Become familiar with the policies. Review the default protection for each policy protection type. See “About the security policies” on page 82.
Managing security policies and computer groups About computer groups See “Converting an unmanaged computer” on page 154. About computer groups You organize computers with similar security needs into groups. For example, you might organize the computers in your accounting department into the Accounting group. The group structure that you define most likely matches the structure of your organization.
Managing security policies and computer groups About the security policies 3 In the Add Group for My Company dialog box, specify the following information: Group Name Type the group name. Click Help for more information about group names. Description 4 Type a description of the group Click OK. Blocking a group Blocking a group prevents client computers from being added to the group. To block a group 1 In the console, click Computers.
Managing security policies and computer groups About the security policies Table 9-2 lists the types of security policies that are included with Symantec Endpoint Protection Small Business Edition. A default policy is provided for each type. Table 9-2 Security policy types Policy type Description Virus and Spyware Policy The Virus and Spyware Policy provides the following protection: Detect, remove, and repair the side effects of known viruses, worms, Trojan horses, and blended threats.
Managing security policies and computer groups About the security policies You can increase or decrease the protection on your computers by modifying the security policies. See “Adjusting a policy” on page 84. You can create copies of the security policies and then customize the copies for your specific needs. You can export the security policies for use at another site that runs Symantec Endpoint Protection Small Business Edition.
Managing security policies and computer groups About the security policies To adjust the default Virus and Spyware Policy 1 In the console, click Policies. 2 On the Policies page, click Virus and Spyware. 3 On the Policies page, select the Virus and Spyware Policy, and then right-click Edit. 4 In the policy, on the File System Auto-Protect pane, on the Scan Details tab, check Scan files on remote computers. 5 Click OK. Creating a policy You can create multiple versions of each type of policy.
Managing security policies and computer groups How policies are assigned to groups 4 In the policy, on the Overview pane, specify the following information: Policy Name Type Virus and Spyware for Marketing. Description Type Custom policy for the Marketing department. 5 In the policy, on the File System Auto-Protect pane, check scan files on remote computers. 6 Click OK. Locking and unlocking policy settings You can lock and unlock policy settings.
Managing security policies and computer groups How computers get policy updates How computers get policy updates Computers get security policy updates from Symantec Protection Center. When you update a security policy by using the console, the computers receive the updates immediately. See “About the security policies” on page 82. Assigning a policy to a group You can assign a policy to one or more groups. The policy replaces the currently assigned policy of the same protection type.
Managing security policies and computer groups Testing a security policy
Chapter 10 Managing content updates from LiveUpdate This chapter includes the following topics: ■ About managing content updates from LiveUpdate ■ About LiveUpdate ■ How clients receive content updates ■ About the default LiveUpdate schedules ■ Checking LiveUpdate server activity ■ Viewing LiveUpdate downloads ■ Manually downloading content updates to Symantec Protection Center About managing content updates from LiveUpdate You manage content updates from LiveUpdate on the Policies page and
Managing content updates from LiveUpdate About LiveUpdate Table 10-1 Content update management (continued) Task Description Decide how computers Client computers automatically download virus definitions and get updates other product updates from Symantec Protection Center. You can allow users who travel with portable computers to get updates directly from LiveUpdate by using the Internet. See “How clients receive content updates” on page 90.
Managing content updates from LiveUpdate About the default LiveUpdate schedules See “Enabling LiveUpdate for clients” on page 92. A client computer receives the content updates from LiveUpdate in the following situations: ■ LiveUpdate scheduling is enabled for the client computer. ■ The client computer's virus definitions are old. The client computer is unable to communicate with Symantec Protection Center. ■ The client computer has repeatedly failed to communicate with Symantec Protection Center.
Managing content updates from LiveUpdate About the default LiveUpdate schedules Table 10-3 Default client schedule Setting Description Enable LiveUpdate Scheduling Enabled Frequency Client computers get daily content updates. The content update download begins at 9:55 PM, plus or minus two hours. Retry Window If a client computer is unable to get content updates, the computer keeps trying every hour for 24 hours.
Managing content updates from LiveUpdate Checking LiveUpdate server activity 3 In the LiveUpdate Policy, click Schedule. 4 In the LiveUpdate Policy, check Allow LiveUpdate to run on client computers. 5 In the LiveUpdate Policy, specify the frequency and the retry window. 6 Click OK. To disable LiveUpdate for clients 1 In the console, click Policies. 2 On the Policies page, select the LiveUpdate Policy, and then right-click Edit. 3 In the LiveUpdate Policy, click Schedule.
Managing content updates from LiveUpdate Manually downloading content updates to Symantec Protection Center Manually downloading content updates to Symantec Protection Center You do not have to wait for your scheduled LiveUpdate downloads. You can manually download content updates to Symantec Protection Center. To manually download content updates to Symantec Protection Center 1 In the console, click Admin. 2 On the Admin page, click System. 3 On the Admin page, click Download LiveUpdate Content.
Chapter 11 Managing notifications This chapter includes the following topics: ■ About managing notifications ■ How notifications work ■ About the default notifications ■ Viewing notifications ■ Creating a notification ■ Creating a notification filter About managing notifications Notifications alert administrators and computer users about potential security problems. You manage notifications on the Monitors page.
Managing notifications How notifications work Table 11-1 Notification management (continued) Task Description View unacknowledged notifications View and respond to unacknowledged notifications. Create new notifications Optionally create notifications to remind you and other administrators about important issues. See “Viewing notifications” on page 97. See “Creating a notification” on page 98. Create notification filters Optionally create filters to expand or limit your view of notifications.
Managing notifications Viewing notifications Table 11-2 Default notifications (continued) Notification Description Paid License Issue The notification alerts administrators about expired licenses. Over-Deployment Issue The notification alerts administrators about over-deployed paid licenses. Trialware License Expiration The notification alerts administrators about expired trial licenses. Virus Definitions Out-of-date The notification alerts administrators about out-of-date virus definitions.
Managing notifications Creating a notification To view all notifications 1 In the console, click Monitors. 2 On the Monitors page, on the Notifications tab, in the Use a saved filter box, optionally select a saved filter. See “Creating a notification filter” on page 98. 3 On the Notifications tab, click View Notifications. To view all configured notifications 1 In the console, click Monitors. 2 On the Monitors page, on the Notifications tab, click Notification Conditions.
Managing notifications Creating a notification filter See “Viewing notifications” on page 97. As an example, you can create a filter for unacknowledged risk outbreak notifications. To create a notification filter 1 In the console, click Monitors. 2 On the Monitors page, on the Notifications tab, click Advanced Settings, and then specify the following filter settings: Time range Select Past 24 hours. Acknowledged status Select Not acknowledged. Notification type Select Risk outbreak.
Managing notifications Creating a notification filter
Chapter Managing product licenses This chapter includes the following topics: ■ About managing product licenses ■ About licenses ■ About the Symantec Licensing Portal ■ Checking license status ■ About purchasing a license ■ Registering a serial number ■ Importing a license ■ About upgrading trialware ■ About renewing a license ■ Downloading a license file ■ Backing up your license files About managing product licenses You manage product licenses on the Admin page.
Managing product licenses About managing product licenses Table 12-1 License management Task Description Learn how a license works A license is a vital part of Symantec Endpoint Protection Small Business Edition. It controls your access to the software's features and functions. See “About licenses” on page 103. See “Product license requirements” on page 25.
Managing product licenses About licenses Table 12-1 License management (continued) Task Description Review the default license notifications License notifications alert administrators about expired licenses and other license issues. See “About the default notifications” on page 96. Check license status You can obtain the status for each license that you imported into the console. See “Checking license status” on page 105.
Managing product licenses About the Symantec Licensing Portal your Symantec sales team. You must purchase enough seats so that your license covers all your deployed computers. After you purchase a license, you obtain the .slf license file from the Symantec Licensing Portal Web site, your Symantec partner, or your Symantec sales team. About the Symantec Licensing Portal You use the Symantec Licensing Portal to register and manage product licenses.
Managing product licenses Checking license status 5 On the Symantec Licensing Portal Web site, click the Licensing Portal Home Page option to display the Symantec Licensing Portal Home page. From the Home page, you can manage your account, register serial numbers, and download license files. 6 Click Logout to log off the Symantec Licensing Portal Web site. Checking license status You can obtain the status for each paid license that you imported into the console. See “Importing a license” on page 107.
Managing product licenses Registering a serial number Contact your Symantec partner to purchase a license. Registering a serial number Registering your product serial number activates the license. You need to register your product serial number in the following situations: ■ You purchased the boxed software. ■ You purchased the product disc image. ■ You purchased a license to upgrade your trialware installation. ■ You purchased a renewal license.
Managing product licenses Importing a license 8 On the License Registration Verification page, verify your information, and then click Complete Registration. Your serial number and license key appear on the License Key Confirmation page. 9 On the License Key Confirmation page, click the license key file name link to download the license file to your computer. See “Downloading a license file” on page 108. 10 In the Save dialog box, save the license file in a directory of your choice.
Managing product licenses About upgrading trialware About upgrading trialware If you installed trialware, you must purchase a license. You do not need to reinstall the software. Contact your Symantec partner to purchase a license. See “About trialware” on page 24. About renewing a license Renewing a license purchases a renewal license for an expired license. Contact your Symantec partner to renew a license.
Managing product licenses Backing up your license files 9 Back up the license file. See “Backing up your license files” on page 109. 10 Verify the status of the license file. See “Checking license status” on page 105. Backing up your license files Symantec recommends that you back up your license files. Backing up the license files preserves the license files in case the database or the console computer's hard disk is damaged. Your license files are located in the directory where you saved the files.
Managing product licenses Backing up your license files
Chapter 13 Managing protection scans This chapter includes the following topics: ■ About managing protection scans ■ How protection scans work ■ About the default protection scan settings ■ Enabling File System Auto-Protect ■ Scheduling an administrator-defined scan ■ Scanning computers ■ Updating virus definitions on computers ■ About managing quarantined files ■ Enabling or disabling TruScan proactive threat scans ■ About adjusting the protection scans ■ About exceptions About mana
Managing protection scans About managing protection scans ■ Virus and Spyware High Performance Policy Table 13-1 lists suggestions for managing protection scans. Table 13-1 Protection scan management Task Description Keep virus definitions current Make sure the latest virus definitions are installed on the client computers. See “About managing content updates from LiveUpdate” on page 89. Scan computers Regularly scan computers for viruses and security risks.
Managing protection scans How protection scans work Table 13-1 Protection scan management (continued) Task Description Adjust scan settings In most cases, the default scan settings provide adequate protection for computers. If necessary, you can increase or decrease protection as follows: Prevent the computer users from changing scan settings. ■ Change the time that a scan is scheduled to run. ■ Change the repair actions that occur when a virus is detected.
Managing protection scans How protection scans work Figure 13-1 Other computers, network file shares Virus and Spyware Protection USB flash drive Internet Viruses, malware, and security risks Email, Instant Messaging Viruses, malware, and security risks Viruses, malware, and security risks Client computer Table 13-2 lists the known viruses and security risks that protection scans detect.
Managing protection scans How protection scans work Table 13-2 Known viruses and security risks (continued) Risk Description Adware A program that secretly gathers personal information through the Internet and relays it back to another computer. An adware program is unknowingly downloaded from a Web site. It can arrive through an email message or instant messenger program.
Managing protection scans How protection scans work Table 13-3 Scan types Scan type Description Auto-Protect scans Auto-Protect scans continuously inspect files and email data as they are written to or read from a computer. Auto-Protect scans automatically neutralize or eliminate detected viruses and security risks. The Auto-Protect scans are as follows: File System Auto-Protect File System Auto-Protect loads at computer startup.
Managing protection scans About the default protection scan settings Table 13-3 Scan types (continued) Scan type Description TruScan proactive threat TruScan proactive threat scan analyzes application behavior scans and process behavior. TruScan proactive threat scan determines if an application or process exhibits characteristics of known threats. This type of protection is often called protection from zero-day attacks.
Managing protection scans About the default protection scan settings Table 13-4 Virus and Spyware Policy settings (continued) Setting Description Auto-Protect scans File System Auto-Protect provides the following protection: ■ Scans all files for viruses and security risks. ■ Blocks the security risks from being installed. Cleans the virus-infected files. Backs up the files before it repairs them. Quarantines the files that cannot be cleaned. ■ Quarantines the files with security risks.
Managing protection scans About the default protection scan settings Table 13-4 Setting Virus and Spyware Policy settings (continued) Description Administrator-defined The scheduled scan provides the following protection: scans ■ Performs a full scan every Monday at 8:00 PM. ■ ■ ■ ■ ■ Scans all files and folders, including the files that are contained in compressed files. Scans memory, common infection locations, and known virus and security risk locations. Cleans the virus-infected files.
Managing protection scans Enabling File System Auto-Protect Table 13-5 Setting Virus and Spyware High Security Policy settings (continued) Description Administrator-defined Same as Virus and Spyware Policy scans An active scan runs when new virus definitions arrive. The on-demand scan inspects the known virus and security risk locations. The default Virus and Spyware High Performance Policy provides high-level performance. The policy includes many of the settings from the Virus and Spyware Policy.
Managing protection scans Scheduling an administrator-defined scan To enable File System Auto-Protect 1 In the console, click Computers. 2 On the Computers page, on the Computers tab, select a group, right-click Run Command on Group, and then click Enable Auto-Protect. Scheduling an administrator-defined scan You can schedule scans to automatically run on the client computers at designated times. See “About the types of protection scans” on page 115.
Managing protection scans Scanning computers To schedule a startup scan 1 In the console, click Policies. 2 On the Policies page, select the Virus and Spyware Policy, and then right-click Edit. 3 In the policy, click Administrator-defined Scans. 4 In the policy, on the Advanced tab, check Run startup scans when users log on. 5 In the policy, on the Advanced tab, optionally check Allow users to modify startup scans. 6 Click OK.
Managing protection scans Updating virus definitions on computers To scan a selected computer 1 In the console, click Computers. 2 On the Computers page, on the Computers tab, select a group. 3 On the Computers tab, in the selected group, select a computer, right-click Run Command on Clients, and then click Scan. Updating virus definitions on computers You can update the virus definitions on a selected computer. You can update the virus definitions, and scan a selected computer.
Managing protection scans Enabling or disabling TruScan proactive threat scans Enabling or disabling TruScan proactive threat scans You can disable TruScan proactive threat scans. You can lock the setting so that users cannot change it. To enable or disable TruScan proactive threat scans 1 In the console, click Policies. 2 On the Policies page, select the Virus and Spyware Policy, and then right-click Edit.
Managing protection scans About exceptions About exceptions Exceptions are known security risks and processes you want to exclude from the protection scans. In some cases, exceptions can reduce scan time and increase system performance. You specify exceptions in the Centralized Exceptions Policy. Click Help for more information about configuring exceptions. Table 13-7 lists the types of exceptions that you can exclude from the protection scans.
Managing protection scans About exceptions ■ TruScan proactive threat scan Configuring an exception Exceptions are the known security risks and processes that you want to exclude from the protection scans. To configure an exception 1 In the console, click Policies. 2 On the Policies page, select the Centralized Exceptions policy, and then right-click Edit. 3 In the policy, click Centralized Exceptions. 4 In the policy, click Add > Security Risk Exceptions > Known Risks.
Chapter 14 Managing firewall protection This chapter includes the following topics: ■ About managing firewall protection ■ How the firewall works ■ About the default firewall protection ■ Enabling firewall protection ■ Adjusting the firewall security level ■ Configuring a firewall notification ■ About adjusting firewall protection About managing firewall protection You manage firewall protection on the Policies page.
Managing firewall protection How the firewall works Table 14-1 Firewall protection management (continued) Task Description Enable firewall protection You can enable the default firewall protection or the custom firewall protection. See “About the default firewall protection” on page 133. See “Enabling firewall protection” on page 134. See “Adjusting the firewall security level” on page 134. Monitor firewall protection Regularly check the firewall protection status on your computers.
Managing firewall protection How the firewall works you of connection attempts by the applications on your computer that connect to other computers. Internet The firewall allows or blocks network traffic The firewall monitors access attempts from the Internet Client computer Firewall protection uses firewall rules to allow or block network traffic. See “How the firewall rules work” on page 129.
Managing firewall protection How the firewall works When a computer attempts to connect to another computer, the firewall compares the connection type with the firewall rules. The firewall automatically checks all the inbound traffic packets and outbound traffic packets against the rules. The firewall allows or blocks the packets according to the rules. Firewall rules are processed sequentially, from highest to lowest priority (from top to bottom in the rules list).
Managing firewall protection How the firewall works Table 14-2 Firewall rule parameters (continued) Parameter Description Application The applications that trigger the rule. When an application is the only trigger in an allow traffic rule, the firewall allows the application to perform any network operation. The application is the significant value, not the network operation that the application performs. For example, suppose you allow Internet Explorer, and define no other triggers.
Managing firewall protection How the firewall works Table 14-2 Firewall rule parameters (continued) Parameter Description Service The network services that trigger a rule. A network service is a collection of the protocols and the port numbers that are grouped under one name. The network services list contains commonly used network services. For example, HTTP Server is the name for the HTTP server traffic that uses TCP local ports 80 and 443.
Managing firewall protection About the default firewall protection 23), HTTP (port 80), and HTTPS (port 443). The client computers initiate this outbound traffic; you create a rule that permits the outbound traffic for these protocols. Stateful inspection automatically permits the return traffic that responds to the outbound traffic. Stateful inspection supports all rules that direct TCP traffic. Stateful inspection does not support the rules that filter ICMP traffic.
Managing firewall protection Enabling firewall protection ■ 172.16.0.0/16 ■ 169.254.0.0/16 ■ 192.168.0.0/16 Table 14-4 lists the default Symantec Firewall Policy settings. Table 14-4 Default Firewall Policy settings Setting Description Enable this Firewall Policy Check this box to enable the default firewall protection.
Managing firewall protection Configuring a firewall notification See “About the firewall security levels” on page 133. To adjust the security level 1 In the console, click Policies. 2 On the Policies page, select the Firewall Policy, and then right-click Edit. 3 In the policy, click Firewall Rules. 4 In the policy, check Enable this Firewall Policy, and then select Customize the default settings. 5 In the policy, select the security level setting. 6 Click OK.
Managing firewall protection About adjusting firewall protection Table 14-5 Firewall protection adjustments Setting Description Default or custom Changing from default to custom lets you modify the security level and the firewall rules. See “Enabling firewall protection” on page 134. Firewall rules You can modify the default firewall rules. You can create new rules. Adjusting the firewall rules requires advanced knowledge of firewalls and firewall rules.
Chapter 15 Managing intrusion prevention protection This chapter includes the following topics: ■ About managing Intrusion Prevention protection ■ How Intrusion Prevention protection works ■ About the default Intrusion Prevention settings ■ Enabling Intrusion Prevention ■ Blocking an attacking computer ■ Specifying Intrusion Prevention exceptions About managing Intrusion Prevention protection You manage Intrusion Prevention protection on the Policies page.
Managing intrusion prevention protection How Intrusion Prevention protection works Table 15-1 Intrusion Prevention management (continued) Task Description Monitor Intrusion Prevention protection Regularly check that Intrusion Prevention is enabled on your computers. See “About monitoring endpoint protection” on page 69. Specify signature exceptions Specify the signatures that have different detection responses. See “Specifying Intrusion Prevention exceptions” on page 140.
Managing intrusion prevention protection About the default Intrusion Prevention settings Figure 15-1 Intrusion Prevention protection Attacker Client computer About the default Intrusion Prevention settings The Intrusion Prevention Policy defines the default Intrusion Prevention settings.
Managing intrusion prevention protection Blocking an attacking computer To enable Intrusion Prevention 1 In the console, click Policies. 2 On the Policies page, select the Intrusion Prevention Policy, and then right-click Edit. 3 In the policy, click Settings. 4 In the policy, click Enable Intrusion Prevention. 5 Click OK. Blocking an attacking computer Intrusion Prevention protection automatically blocks all communication to and from an attacking computer for a specified period of time.
Managing intrusion prevention protection Specifying Intrusion Prevention exceptions To specify Intrusion Prevention exceptions 1 In the console, click Policies. 2 On the Policies page, select the Intrusion Prevention Policy, and then right-click Edit. 3 In the policy, click Exceptions. 4 In the policy, click Add. 5 In the Add Intrusion Prevention Exceptions dialog box, select an exception, and then click Next. 6 In the Signature Action dialog box, specify the following options.
Managing intrusion prevention protection Specifying Intrusion Prevention exceptions
Chapter 16 Managing administrator accounts This chapter includes the following topics: ■ About managing administrator accounts ■ About administrator accounts ■ Creating an administrator account ■ Editing an administrator account ■ Enabling forgotten passwords About managing administrator accounts You manage administrator accounts on the Admin page. Table 16-1 Account administration Task Description Decide who needs an account Decide who needs to access Symantec Protection Center.
Managing administrator accounts About administrator accounts Table 16-1 Account administration (continued) Task Description Enable forgotten passwords You can allow the administrators and the users to reset forgotten passwords. See “Enabling forgotten passwords” on page 145. About administrator accounts Administrator accounts provide secure access to the Symantec Protection Center console. Roles are assigned to the administrator accounts.
Managing administrator accounts Creating an administrator account Creating an administrator account You can create an account for administrators and users who need to access the Symantec Protection Center console. To create an administrator account 1 In the console, click Admin. 2 On the Admin page, under Tasks, click Add Administrator. 3 In the Add Administrator dialog box, specify the account information. Click Help for more information. 4 Click OK.
Managing administrator accounts Enabling forgotten passwords
Chapter 17 Managing disaster recovery This chapter includes the following topics: ■ Managing disaster recovery ■ About preparing for disaster recovery ■ Backing up the database ■ Moving the server ■ Reinstalling Symantec Protection Center ■ Restoring the database ■ Loading a disaster recovery file Managing disaster recovery Disaster recovery restores Symantec Protection Center and allows it to resume communicating with the client computers.
Managing disaster recovery About preparing for disaster recovery Table 17-1 Disaster recovery steps (continued) Step Action Description Step 2 Recover the server Recovering the server reinstalls the server software and allows it to resume communicating with client computers. Select one of the following server recovery methods: Uninstall and then reinstall Symantec Protection Center on the same computer. See “Reinstalling Symantec Protection Center” on page 150.
Managing disaster recovery Backing up the database Table 17-2 Disaster recovery preparation (continued) Task Description Back up database Back up the database at least weekly. The database stores important data such as security policies, events, and groups. See “Backing up the database” on page 149. Backing up the database Symantec recommends that you back up the database at least weekly. You should store the backup file on another computer.
Managing disaster recovery Reinstalling Symantec Protection Center See “About preparing for disaster recovery” on page 148. To move the server 1 On the computer where you want to move Symantec Protection Center, create the following directory: C:\Program Files\Symantec\Symantec Protection Center 2 Copy your backup of the Server Private Key Backup folder and its contents to the directory. 3 Install the server software.
Managing disaster recovery Restoring the database 3 Install the server software. See “Installing the server and the console” on page 35. 4 If you do not restore the database, log on to the console, and then import your license files. See “Importing a license” on page 107. If you restore the database, the license files are restored with the database. See “Restoring the database” on page 151.
Managing disaster recovery Loading a disaster recovery file 11 In the Services window, click Symantec Protection Center, and then click Start. 12 Close the Services window. 13 On the Start menu, click All Programs > Symantec Protection Center > Symantec Protection Center Console to start the console. The client computers connect to the server within 30 minutes. To restore the database on a different computer 1 Follow steps 1-10 from the previous procedure.
Appendix A Maintaining and troubleshooting Symantec Endpoint Protection Small Business Edition This appendix includes the following topics: ■ Restarting client computers ■ Finding managed computers ■ Converting an unmanaged computer ■ Finding the server host name and IP address ■ Modifying email server settings ■ Modifying the server installation settings ■ Investigating client problems ■ Troubleshooting Symantec Protection Center communication problems ■ Troubleshooting content update pr
Maintaining and troubleshooting Symantec Endpoint Protection Small Business Edition Finding managed computers To restart a selected client computer 1 In the console, click Computers. 2 On the Computers page, on the Computers tab, select a group. 3 On the Computers tab, select a computer, right-click Run Command on Group, and then click Restart Client Computers. To restart the client computers in a selected group 1 In the console, click Computers.
Maintaining and troubleshooting Symantec Endpoint Protection Small Business Edition Converting an unmanaged computer This method converts an unmanaged computer to a managed computer by reinstalling the client software. See “Installing the Symantec Endpoint Protection Small Business Edition client” on page 45. ■ Import the server communications settings. This method converts an unmanaged computer to a managed computer by importing the server communications settings.
Maintaining and troubleshooting Symantec Endpoint Protection Small Business Edition Finding the server host name and IP address Finding the server host name and IP address You can locate the Symantec Protection Center server host name and IP address. To find the server host name and IP address 1 In the console, click Admin. 2 On the Admin page, click System. The Server Name box shows the Symantec Protection Center server host name. The Address box shows the IP address.
Maintaining and troubleshooting Symantec Endpoint Protection Small Business Edition Investigating client problems To modify the Symantec Protection Center installation settings 1 On the console computer, on the Start menu, click All Programs > Symantec ProtectionCenter>SymantecProtectionCenterTools>ManagementServer Configuration Wizard. 2 In the wizard, click Reconfigure the management server, and then click Next.
Maintaining and troubleshooting Symantec Endpoint Protection Small Business Edition Troubleshooting content update problems Troubleshooting content update problems Instructions and suggestions for troubleshooting content update problems are available in the Symantec Knowledge Base article, Troubleshooting content update problems. Providing information for Symantec Support You can gather detailed information for Symantec Support.
Appendix B Managing mobile clients and remote clients This appendix includes the following topics: ■ About mobile clients and remote clients ■ About setting up groups for remote clients ■ About strengthening your security policies for remote clients ■ About client notifications ■ About monitoring remote clients About mobile clients and remote clients Today's workforce is no longer tied to a single location, because employees increasingly work remotely or from multiple locations.
Managing mobile clients and remote clients About setting up groups for remote clients the safety of your corporate defenses. The management of these clients places an extra burden on administrators to maintain the safety of the network and its data. You might have mobile clients and remote clients in your network for a number of different reasons, and they might exhibit different patterns of usage.
Managing mobile clients and remote clients About strengthening your security policies for remote clients For example, virus and spyware, firewall, LiveUpdate, and intrusion protection each have a separate policy. Only one policy for each type of protection can be applied to any given group. Therefore, to establish more than one level of restrictions, separate groups must be created and then assigned the appropriate protection policies.
Managing mobile clients and remote clients About client notifications ■ Leave as-is the rule that blocks all other traffic. As a best practice for the Firewall policies for the groups where users log on through Ethernet or wireless connections, use your default Firewall Policy. For the wireless connection, ensure that the rule to allow wireless EAPOL is enabled. 802.1x uses the Extensible Authentication Protocol over LAN (EAPOL) for connection authentication.
Managing mobile clients and remote clients About monitoring remote clients and that your network is not currently under attack. If your network is under attack, then you want to find out who is behind the attack and how they attacked.
Managing mobile clients and remote clients About monitoring remote clients
Index A administrator account about 143–144 creating 145 default 37 email address 145 enabling forgotten password 145 password 64, 145 user name 145 Auto-Protect. See protection scan B block traffic firewall rules 130 C centralized exception.
Index disaster recovery (continued) server 149 E email server settings modifying 156 endpoint protection configuring preferences 66 events 76–77 monitoring 69, 71, 73–74 out-of-the-box 15 status 72–73 types of 14 event log Computer Status 76 Network Threat Protection 76 size 66 TruScan Proactive Threat Scan 77 F firewall about 127–129 adjusting 135 default settings 133 enabling 134 notification 135 rules 129, 135 security level 133–134 stateful inspection 132 G group about 79, 81 blocking 82 comput
Index Network Threat Protection about 15 event log 76 notification about 95–96 acknowledging 97 creating 98 creating filters 98 default 96 types 96 viewing 97 P policies updating for remote clients 161–162 policy about 79, 82 adjusting 84 creating 85 exceptions 82 Firewall 82, 133 group assignment 84, 86–87 Intrusion Prevention 82 LiveUpdate 82, 91–92 testing 87 user locks 86 Virus and Spyware 82, 117 port number 33 portable computer 24 Proactive Threat Protection about 14 product about 13 components 17 k
Index spyware. See protection scan Symantec Licensing Portal. See license T trialware installation 24 license 25, 105 troubleshooting client problems 157 converting an unmanaged computer 154 email server settings 156 finding managed computers 154 restarting client computers 153 server host name and IP address 156 server installation settings 156 Support Tool 158 TruScan proactive threat scans event log 77 V virus.
