Getting up and running on Symantec Endpoint Protection for the first time
|Article:HOWTO55274|||||Created: 2011-06-29|||||Updated: 2011-12-17|||||Article URL http://www.symantec.com/docs/HOWTO55274|
You should assess your security requirements and decide if the default settings provide the balance of performance and security you require. Some performance enhancements can be made immediately after you install Symantec Endpoint Protection Manager.
Table: Tasks to install and configure Symantec Endpoint Protection lists the tasks you should perform to install and protect the computers in your network immediately.
Table: Tasks to install and configure Symantec Endpoint Protection
Plan your network architecture
Before you install the product, perform the following tasks:
Install or migrate the management server
Whether you install the product for the first time, upgrade from a previous version, or migrate from another product, you install Symantec Endpoint Protection Manager first.
Increase the time that the console leaves you logged on
The console logs you out after one hour. You can increase this period of time.
Create groups and locations
You can add the groups that contain computers based on the level of security or function the computers perform. For example, you should put computers with a higher level of security in one group, or a group of Mac computers in another group.
Use the following group structure as a basis:
See Adding a group.
You can migrate existing Active Directory groups when you install Symantec Endpoint Protection Manager. If you are running legacy Symantec protection, you usually upgrade policy and group settings from your older version.
You can apply a different level of security to computers based on whether they are inside or outside the company network. To use this method, you create separate locations and apply different security policies to each location. In general, computers connecting to your network from outside of your firewall need to have stronger security than those that are inside your firewall.
You can set up a location that allows the mobile computers that are not in the office to update their definitions automatically from Symantec's servers.
Disable inheritance on special groups
By default, groups inherit the security and the policy settings from the default parent group, "My Company." You must disable inheritance before you can change the security and the policy settings for any new groups you create.
Change communication settings to increase performance
You can improve network performance by changing the client-server communication settings in each group by modifying the following settings:
For more information, see the Symantec Endpoint Protection sizing and scalability white paper.
Modify the Firewall policy for the remote computers group and the servers group
Modify the Virus and Spyware Protection policy
Change the following default scan settings:
Activate the product license
Purchase and activate a license within 60 days of product installation.
Prepare computers for client installation (optional)
Before you install the client software, perform the following tasks, if necessary:
Install the client software with the Client Deployment Wizard
Create a client installation package and deploy it on your client computers.
As a best practice, change the name of the default export package to a name that uniquely identifies the package in your system.
Check that the computers are listed in the groups that you expected and that the client communicates with the management server
In the management console, on the> page:
Make one client computer in each network segment into a detector for unprotected endpoints
For each network segment, enable one client computer to detect when a new computer that is not protected is added to the network. These computers are called unmanaged detectors and the option is.
Configure the content revisions available to clients to reduce bandwidth
Set the number of content revisions that are stored on the server to reduce bandwidth usage for clients.
For more information about calculating storage and bandwidth needs, see the Symantec Endpoint Protection sizing and scalability white paper.
Check the LiveUpdate schedule and adjust if necessary
Make sure that the content updates download to client computers at a time that affects users the least.
Configure Symantec Endpoint Protection Manager to send email alerts
Alerts and notifications are critical to maintaining a secure environment and can also save you time.
Configure notifications for a single risk outbreak and when a new risk is detected
Create a notification for aand modify the notification for .
For these notifications, do the following:
Table: Tasks to perform two weeks after you install displays the tasks to perform after you install and configure the product to assess whether the client computers have the correct level of protection.
Table: Tasks to perform two weeks after you install
Exclude applications and files from being scanned
You can increase performance so that the client does not scan certain folders and files. For example, the client scans the mail server every time a scheduled scan runs.
You can improve performance by excluding the folders and files that are known to cause problems if they are scanned. For example, Symantec Endpoint Protection should not scan the proprietary Microsoft SQL Server files. To enhance performance and avoid any chance of corruption or files being locked when the Microsoft SQL Server must use them, you should create exceptions to prevent scanning of the folders that contain these database files.
For more information, see the knowledge base article, How to exclude MS SQL files and folders using Centralized Exceptions.
You can also exclude files by extension for Auto-Protect scans.
Run a quick report and scheduled report after the scheduled scan
Run the quick reports and scheduled reports to see whether the client computers have the correct level of security.
Check to ensure that scheduled scans have been successful and clients operate as expected
Review monitors, logs, and the status of client computers to make sure that you have the correct level of protection for each group.
Article URL http://www.symantec.com/docs/HOWTO55274