Administration Guide for Symantec™ Endpoint Protection and Symantec Network Access Control

Article:DOC2349  |  Created: 2010-08-10  |  Updated: 2014-03-18  |  Article URL http://www.symantec.com/docs/DOC2349
Article Type
Documentation

Product(s)

Description



This guide includes information about how to configure the product and manage Symantec Endpoint Protection clients.
Table of Contents:
1. Introducing Symantec Endpoint Protection
About Symantec Endpoint Protection
About Symantec Network Access Control
Components of Symantec Endpoint Protection and Symantec Network Access Control
Key features of Symantec Endpoint Protection and Symantec Network Access Control
About the types of protection
2. Starting the Symantec Endpoint Protection Manager console
Logging on to the Symantec Endpoint Protection Manager console
What you can do from the console
3. Managing the Symantec Endpoint Protection Manager console with Symantec Protection Center
About Symantec Protection Center
Symantec Protection Center architecture
Logging on to Symantec Protection Center
The Symantec Protection Center Dashboard
About managing Symantec Protection Center accounts
Configuring Symantec Protection Center to manage products
Symantec Protection Center Reports
About Symantec Protection Center documentation
4. Managing groups and clients
Managing computer groups
How you can structure groups
Adding a group
Importing an existing organizational structure
Renaming a group
Moving a group
Viewing a group's properties
Disabling and enabling a group's inheritance
Setting up and managing clients in groups
About user mode and computer mode
Preassigning computers or users to groups before you install the client software
About groups specified in the client installation package
Switching a client between user mode and computer mode
Converting an unmanaged client to a managed client
Blocking clients from being added to groups
Moving clients between groups
Viewing the status of clients and client computers
Filtering which clients you can view on the Clients tab
Restarting client computers
Viewing a client's properties
Searching for information about clients
Configuring a client to detect unknown devices
Running commands on clients from the console
5. Managing a group's locations
Using location awareness with groups
About planning locations
Enabling location awareness for a client
Adding a location with a wizard
Adding a location without a wizard
Changing a default location
Editing the name and description of a group's location
Deleting a group's location
6. Working with policies
Using policies to manage your network security
About shared and non-shared policies
About adding policies
Adding a shared policy
Adding a new non-shared policy in the Clients page
Adding a new non-shared policy from an existing policy in the Clients page
Adding a new non-shared policy from a previously exported policy file in the Clients page
Editing a policy
Assigning a shared policy
Withdrawing a policy
Deleting a policy
Exporting a policy
Importing a policy
About copying policies
Copying a shared policy in the Policy page
Copying a shared or non-shared policy in the Clients page
Pasting a policy
Copying and pasting a group policy
Replacing a policy
Copying a shared policy to convert it to a non-shared policy
Converting a copy of a shared policy to a non-shared policy
About updating policies on the clients
Configuring push mode or pull mode to update client policies and content
Viewing the policy serial number
Performing a manual policy update to check the policy serial number
Monitoring the applications and services that run on client computers
Configuring the management server to collect information about the applications that the client computers run
Searching for information about the applications that the computers run
Saving the results of an application search
7. Working with client installation packages
Using client installation packages
Configuring client installation package options
Configuring client installation package features
Configuring client installation package settings
Collecting user information
Exporting client installation packages
Deploying client software with Find Unmanaged Computers
About adding client installation package updates and upgrading clients
Adding client installation package updates
Upgrading clients in one or more groups
Deleting upgrade packages
8. Updating definitions and content
Managing content for clients
About the types of content
Determining how clients get content
Configuring a site to download content updates
About simultaneous content downloads
About LiveUpdate Policies
About using the content revisions that are not the latest version
Configuring a LiveUpdate Settings policy
Configuring a LiveUpdate Content Policy
Viewing and changing the LiveUpdate Content Policy quickly
Distributing content using Group Update Providers
About the types of Group Update Providers
About configuring rules for multiple Group Update Providers
Configuring a Group Update Provider
Configuring a single Group Update Provider
Configuring multiple Group Update Providers
Searching for the clients that act as Group Update Providers
About the Intelligent Updater
Using the Intelligent Updater to download antivirus content updates for distribution
About the files that are used in third-party distribution of LiveUpdate content
About using third-party distribution tools to distribute content updates to managed clients
Enabling third-party content distribution to managed clients with a LiveUpdate Settings Policy
Distributing content to managed clients with third-party distribution tools
About using third-party distribution tools to distribute content updates to self-managed clients
Running LiveUpdate on a client from the console
9. Displaying features in the client user interface
About access to the client interface
Locking and unlocking managed settings
Changing the user control level
About mixed control
Configuring user interface settings
Password-protecting the client
10. Managing communication between management servers and clients
Managing the connection between management servers and clients
About management servers
Adding a management server list
Specifying a management server list
Changing the order in which management servers connect
Assigning a management server list to a group and location
Viewing the groups and locations to which a management server list is assigned
Replacing a management server list
Copying and pasting a management server list
Exporting and importing a management server list
Viewing the client health state in the management console
Configuring communication settings for a location
Troubleshooting communication problems between the management server and the client
Investigating client problems
Using the ping command to test the connectivity to the management server
Using a browser to test the connectivity to the management server
Using Telnet to test the connectivity to the management server
Checking the debug log on the client computer
Checking the inbox logs on the management server
Checking the IIS logs on the management server
Recovering client communication settings by using the SylinkDrop tool
11. Monitoring endpoint protection
Monitoring endpoint protection
About different methods of accessing the reporting functions
Logging on to reporting from a stand-alone Web browser
Changing the port used to access context-sensitive help for reporting
Associating localhost with the IP address when loopback addresses is disabled
About reporting
About logged events from your network
How reporting uses the logs stored in the database
About the Symantec Endpoint Protection Home page
Configuring the Favorite Reports on the Home page
About using Security Response links
Using the Symantec Network Access Control Home page
Using the Monitors Summary tab
Configuring reporting preferences
About Home and Monitors display options
Configuring security status thresholds
Configuring logs and reports preferences
Eliminating viruses and security risks
Identifying the infected and at risk computers
Changing an action and rescanning the identified computers
Restarting the computers that need a restart to finish remediation
About investigating and cleaning the remaining risks
How to eliminate a suspicious event
Updating definitions and rescanning
Finding the clients that are offline
12. Viewing and configuring reports
About the reports you can run
About the information in the Audit report and log
About the information in the Application Control and Device Control reports and logs
About the information in the Compliance reports and logs
About the information in the Computer Status reports and log
About the information in the Network Threat Protection reports and logs
About the information in the TruScan proactive threat scan reports and logs
About the information in the Risk reports and log
About the information in the Scan reports and log
About the information in the System reports and logs
About viewing reports
About viewing line charts in reports
About viewing bar charts
About viewing the reports in Asian languages
About quick reports
Creating quick reports
Saving and deleting quick report filters
About duplicate filter names
About scheduled reports
Creating and deleting scheduled reports
Editing the filter used for a scheduled report
About using the Past 24 hours filter in reports and logs
About using the filters that search for groups in reports and logs
Printing and saving a copy of a report
About using SSL with the reporting functions
Important points about reporting
13. Viewing and configuring logs and notifications
About logs
About log types
Viewing logs
Displaying event details in logs
Viewing logs from other sites
Saving and deleting filters
About duplicate filter names
Basic filter settings for logs and reports
Advanced filter settings for logs and reports
Running commands and actions from logs
Exporting log data
Exporting log data to a text file
Exporting data to a Syslog server
Exporting log data to a comma-delimited text file
About using notifications
Viewing and filtering administrator notification information
Threshold guidelines for administrator notifications
Creating administrator notifications
About editing existing notifications
14. Managing domains and administrators
Managing domains and administrator accounts
About domains
Adding a domain
Specifying the current domain
About administrators
Adding an administrator account
About access rights
Configuring the access rights for a limited administrator
Switching between an administrator and a limited administrator
Locking an administrator's account after too many logon attempts
Resetting the administrator password to admin
Setting up authentication for administrator accounts
Renaming an administrator account
Changing an administrator's password
15. Managing sites
About site management
About site replication across different company sites
About remote sites
Editing site properties
Backing up a site
Deleting remote sites
16. Managing servers
About server management
About servers and third-party passwords
Starting and stopping the management server service
Granting or denying access to remote Symantec Endpoint Protection Manager consoles
Deleting selected servers
Exporting and importing server settings
17. Managing directory servers
About the management of directory servers
Adding directory servers
Synchronizing user accounts between directory servers and a Symantec Endpoint Protection Manager
About importing user and computer account information from an LDAP directory server
Searching for users on an LDAP directory server
Importing users from an LDAP directory server search results list
About organizational units and the LDAP server
Importing organizational units from an active or LDAP directory server
About synchronizing organizational units
18. Managing email servers
About managing email servers
Establishing communication between Symantec Endpoint Protection Manager and email servers
19. Managing proxy servers
About proxy servers
Setting up a connection between an HTTP proxy server and Symantec Endpoint Protection Manager
Setting up a connection between an FTP proxy server and the Symantec Endpoint Protection Manager
20. Managing RSA servers
About prerequisites for using RSA SecurID with the Symantec Endpoint Protection Manager
Configuring Symantec Endpoint Protection Manager to use RSA SecurID Authentication
Specifying SecurID Authentication for a Symantec Endpoint Protection Manager administrator
Configuring the management server to support HTTPS communication
21. Managing server certificates
About server certificate types
Updating a server certificate
Backing up a server certificate
Locating the keystore password
22. Managing databases
About the management of databases
About database naming conventions
About the Management Server Configuration Wizard and Symantec Database Tools
About database backup
About the reconfiguration of a database
Backing up a Microsoft SQL database
Backing up a Microsoft SQL database
Backing up a Microsoft SQL database with the Database Maintenance Plan wizard
Backing up an embedded database
Scheduling automatic database backups
Restoring a database
Editing the name and description of a database
Reconfiguring a Microsoft SQL database
Reconfiguring an embedded database
About managing log data
About log data and storage
Sweeping log data from the database manually
Log data from legacy clients
Configuring log settings for the servers in a site
About configuring event aggregation
Configuring client log settings
About configuring client log handling options for antivirus and antispyware policies
Backing up the logs for a site
About uploading large amounts of client log data
About managing log events in the database
Configuring database maintenance options for logs
About using the Interactive SQL utility with the embedded database
Changing timeout parameters
About recovering a corrupted client System Log on 64-bit computers
23. Replicating data
About the replication of data
About the impact of replication
About the settings that are replicated
How changes are merged during replication
Adding and disconnecting a replication partner
Disconnecting replication partners
Scheduling automatic and on-demand replication
Replicating data on demand
Changing replication frequencies
Replicating client packages and LiveUpdate content
Replicating logs
24. Managing Tamper Protection
About Tamper Protection
Configuring Tamper Protection
25. Basic Antivirus and Antispyware Policy settings
Basics of Antivirus and Antispyware Protection
About creating a plan to respond to viruses and security risks
About viewing the antivirus and antispyware status of your network
About running commands for Antivirus and Antispyware Protection
About Antivirus and Antispyware Policies
About the preconfigured Antivirus and Antispyware Policies
About locking settings in Antivirus and Antispyware Policies
About Antivirus and Antispyware Policies for legacy clients
About default settings for handling suspicious files
About using policies to manage items in the Quarantine
About working with Antivirus and Antispyware Policies
About viruses and security risks
About scanning
About Auto-Protect scans
About administrator-defined scans
About TruScan proactive threat scans
About scanning after updating definitions files
About scanning selected extensions or folders
About excluding named files and folders
About actions for the viruses and the security risks that scans detect on Windows clients
About actions for the viruses and the security risks that scans detect on Mac clients
Setting up log handling parameters in an Antivirus and Antispyware Policy
About client interaction with antivirus and antispyware options
Changing the password that is required to scan mapped network drives
Configuring Windows Security Center to work with the Symantec Endpoint Protection client
Displaying a warning when definitions are out of date or missing
Specifying a URL to appear in antivirus and antispyware error notifications
Specifying a URL for a browser home page
Configuring the options that apply to antivirus and antispyware scans
Configuring scans of selected file extensions
Configuring the scans of selected folders
About exceptions for security risks
Configuring actions for known virus and security risk detections on Windows clients
Configuring actions for known virus and security risk detections on Mac clients
About notification messages on infected computers
Customizing and displaying notifications on infected computers
Submitting information about scans to Symantec
About submissions throttling
Configuring submissions options
Managing quarantined files
About Quarantine settings
Specifying a local Quarantine directory
Configuring automatic clean-up options
Submitting quarantined items to a central Quarantine Server
Submitting quarantined items to Symantec
Configuring actions to take when new definitions arrive
26. Configuring Auto-Protect
About configuring Auto-Protect
About types of Auto-Protect
Enabling File System Auto-Protect
Configuring File System Auto-Protect for Windows clients
About Auto-Protect security risk scanning and blocking
Configuring advanced scanning and monitoring options
About Risk Tracer
About the file cache
Configuring File System Auto-Protect for Mac clients
Configuring Internet Email Auto-Protect
Configuring Microsoft Outlook Auto-Protect
Configuring Lotus Notes Auto-Protect
Configuring notification options for Auto-Protect
Displaying Auto-Protect results on infected computers
Adding warnings to infected email messages
Notifying senders of infected email messages
Notifying others of infected email messages
Configuring progress notifications for Auto-Protect scans of Internet email
27. Using administrator-defined scans
About using administrator-defined scans
Configuring a scheduled scan for Windows clients
Configuring a scheduled scan for Mac clients
Configuring an on-demand scan for Windows clients
Configuring an on-demand scan for Mac clients
Running on-demand scans
Configuring scan progress options for administrator-defined scans
Setting advanced options for administrator-defined scans
28. Basic Network Threat Protection settings
About Network Threat Protection and network attacks
How Symantec Endpoint Protection protects computers against network attacks
About the firewall
About working with Firewall Policies
About firewall rules
About the elements of a firewall rule
About the rule processing order
About stateful inspection
Adding blank rules
Adding rules with a wizard
Adding inherited rules from a parent group
Importing and exporting rules
Copying and pasting rules
Changing the order of rules
Enabling and disabling rules
Enabling Smart traffic filtering
Enabling traffic and stealth settings
Configuring peer-to-peer authentication
29. Configuring intrusion prevention
About the intrusion prevention system
About the Symantec IPS signatures
About custom IPS signatures
Configuring intrusion prevention
About working with Intrusion Prevention Policies
Enabling intrusion prevention settings
Changing the behavior of Symantec IPS signatures
Blocking an attacking computer
Setting up a list of excluded computers
Creating custom IPS signatures
Assigning multiple custom IPS libraries to a group
Changing the order of signatures
Copying and pasting signatures
Defining variables for signatures
30. Customizing Network Threat Protection
Enabling and disabling Network Threat Protection
Configuring Network Threat Protection settings for mixed control
Adding hosts and host groups
Editing and deleting host groups
Adding hosts and host groups to a rule
Adding network services
Editing and deleting custom network services
Adding network services to a rule
Enabling network file and printer sharing
Adding network adapters
Adding network adapters to a rule
Editing and deleting custom network adapters
Adding applications to a rule
Adding schedules to a rule
Configuring notifications for Network Threat Protection
Configuring email messages for traffic events
Setting up network application monitoring
31. Configuring TruScan proactive threat scans
About TruScan proactive threat scans
About using the Symantec default settings
About the processes that TruScan proactive threat scans detect
About managing false positives detected by TruScan proactive threat scans
About the processes that TruScan proactive threat scans ignore
How TruScan proactive threat scans work with Quarantine
How TruScan proactive threat scans work with centralized exceptions
Understanding TruScan proactive threat detections
Specifying the types of processes that TruScan proactive threat scans detect
Specifying the actions and sensitivity levels for detecting Trojan horses, worms, and keyloggers
Specifying actions for commercial application detections
Configuring the TruScan proactive threat scan frequency
Configuring notifications for TruScan proactive threat scans
32. Configuring application and device control
About application and device control
About the structure of an Application and Device Control Policy
About application control
About Test mode
About application control rule sets and rules
About device control
About working with Application and Device Control
Enabling a default application control rule set
Creating an Application and Device Control Policy
Configuring application control for an Application and Device Control Policy
Creating a new application control rule set and adding a new rule to the set
Adding conditions to a rule
Configuring condition properties for a rule
Configuring the actions to take when a condition is met
Applying a rule to specific applications and excluding applications from a rule
Changing the order in which application control rule sets are applied
Disabling application control rule sets and individual rules in an Application and Device Control Policy
Changing the mode of an application control rule set
Configuring device control for an Application and Device Control Policy
33. Customizing Application and Device Control Policies
About hardware devices
About class IDs
About device IDs
Obtaining a class ID or device ID
Adding a hardware device to the Hardware Devices list
Editing a hardware device in the Hardware Devices list
About authorizing the use of applications, patches, and utilities
About creating and importing a file fingerprint list
Creating a file fingerprint list
Editing a file fingerprint list in Symantec Endpoint Protection Manager
Importing a file fingerprint list into Symantec Endpoint Protection Manager
Merging file fingerprint lists in Symantec Endpoint Protection Manager
Deleting a file fingerprint list
About system lockdown
System lockdown prerequisites
Setting up system lockdown
34. Configuring Centralized Exceptions Policies
About Centralized Exceptions Policies
About working with Centralized Exceptions Policies
About centralized exceptions for antivirus and antispyware scans
About centralized exceptions for TruScan proactive threat scans
About centralized exceptions for Tamper Protection
About client interaction with centralized exceptions
Configuring a Centralized Exceptions Policy
Configuring a centralized exception for antivirus and antispyware scans on Windows clients
Configuring a centralized exception for files or folders on Mac clients
Configuring a centralized exception for TruScan proactive threat scans
Configuring a centralized exception for Tamper Protection
Configuring client restrictions for centralized exceptions
Creating centralized exceptions from log events
Adding a centralized exception for risk events
Adding a centralized exception for TruScan proactive threat scan events
Adding a centralized exception for Tamper Protection events
Windows commands for the client service
Error codes
Typing a parameter if the client is password-protected
About client and server communication settings
Management features by platform
Client protection features by platform
Antivirus and Antispyware policy settings available for Windows and Mac
LiveUpdate policy settings available for Windows and Mac

Attachments

Administration_Guide_SEP11.0.6.pdf (6 MBytes)

Article URL http://www.symantec.com/docs/DOC2349


Terms of use for this information are found in Legal Notices