Understanding Endpoint Protection Policies

Article:HOWTO98471  |  Created: 2014-05-15  |  Updated: 2014-05-15  |  Article URL http://www.symantec.com/docs/HOWTO98471
Article Type
How To


Subject


Understanding Endpoint Protection Policies

When any computer is added as an Endpoint Protection computer, it is immediately added to the default group and the default policy for immediate protection. The default group is only modified when computers are added or deleted; the default policy cannot be modified. The default configuration may serve your organization well, however, you can configure Groups and Policies that are tailored to your needs.

Symantec Endpoint Protection enables you to create and impose policies to protect your computers based on the security requirements of the computers. Four categories of protection that can be used in a policy:

  • Computer Protection

  • USB Device Control

  • Web Protection

  • Network Protection

These categories of protection offer a defense in-depth security solution. Computer Protection features focus on the high risk communications reaching a computer.

Note:

Different Agents are installed for Desktops & Laptops than for Servers. The Protection Settings available for servers differ from the Protection Settings available for Desktops & Laptops.

Table: Computer Protection

Protection Setting

Description

Desktops & Laptops

Servers

Antivirus

Virus and security risk protection features provide comprehensive virus prevention and security risk detection for your computer. Known viruses are automatically detected and repaired. Instant messenger attachments, email message attachments, Internet downloads, and other files are scanned for viruses and other potential risks. In addition, the definition updates that Automatic LiveUpdate downloads when your computer is connected to the Internet keeps you prepared for the latest security risks.

User can disable Antivirus - Enables users to turn off Antivirus protection for:

  • 15 minutes

  • one hour

  • five hours

  • Until the system restarts

Note:

The disable function only works on desktops & laptops.

Exclude Mapped network drives - Prevents scanning of the network drives mapped on Desktops or Laptops. Option not available for Servers.

Exclude Removable Drives - Prevents scanning of the removable media that is attached to Desktops or Laptops. Option not available for Servers.

Custom Exclusions - Enables administrators to exclude specific files, folders, or file types from antivirus scanning.

Note:

LiveUpdate requires adequate disk space to run successfully. Please ensure that your computers have 1 GB of available disk space to avoid LiveUpdate failures.

X

X

SONAR

Symantec Endpoint Protection SONAR, Symantec Online Network for Advanced Response, to provide real-time protection against threats and proactively detects unknown security risks on your computer. SONAR identifies emerging threats based on the behavior of applications. It also identifies threats more quickly than the traditional signature-based threat detection techniques. SONAR detects and protects you against malicious code even before virus definitions are available through LiveUpdate.

SONAR monitors your computer for malicious activities through heuristic detections.

SONAR automatically blocks and removes high-certainty threats. Norton Internet Security notifies you when high-certainty threats are detected and removed. SONAR provides you the greatest control when low-certainty threats are detected.

The View Details link in the notification alert lets you view the summary of the resolved high-certainty threats. You can view the details under Resolved security risks category in the Security History window.

Note:

LiveUpdate requires adequate disk space to run successfully. Please ensure that your computers have 1 GB of available disk space to avoid LiveUpdate failures.

X

X

Antispyware

Antispyware protects your computer against the security risks that can compromise your personal information and privacy.

Symantec Endpoint Protection Antispyware detects these major categories of spyware:

  • Security risk

  • Hacking tool

  • Spyware

  • Trackware

  • Dialer

  • Remote access

  • Adware

  • Joke programs

  • Security assessment tools

  • Misleading Applications

X

X

USB Device Control enables administrators to prevent malicious code injection and intellectual property theft by controlling employee use of USB removable storage devices. USB mice and keyboards are unaffected by USB Device Control because they do not provide data storage.

Table: USB Device Control

Protection Setting

Description

Desktops & Laptops

Servers

USB device access

The drop-down enables a policy configuration to either Allow or to Block access to a USB device. Blocking events are logged for review and reporting.

X

X

Read only access

The check box allows USB device access to be restricted to read-only access.

Note:

This function is not available for servers.

X

Enable user notifications

Enables toast messages on the endpoint alerting the user to USB device blocking.

X

X

Web Protection defends Internet Explorer and Firefox from attack; presents website safety ratings; and evaluates downloads from the web.

Table: Web Protection

Protection Setting

Description

Desktops & Laptops

Servers

Browser Protection

With increasing Internet use, your web browser is prone to attack by malicious websites. These websites detect and exploit the vulnerability of your web browser to download malware programs to your system without your consent or knowledge. These malware programs are also called drive-by downloads. Norton Internet Security protects your web browser against drive-by downloads from malicious websites.

Norton Internet Security proactively blocks new or unknown malware programs before they attack your computer. By protecting your web browser, Norton Internet Security secures your sensitive information and prevents the attackers from controlling your system remotely.

The Browser Protection feature checks for browser vulnerabilities in the following browsers:

  • Internet Explorer 7.0 or later

  • Firefox 10.0 or later

  • Chrome 17.0 or later

You must turn on the Browser Protection option to enable this feature.

Note:

This feature applies only to desktops and laptops.

X

Download Intelligence

Download Insight provides information about the reputation of any executable file that you download from the supported portals. The reputation details indicate whether the downloaded file is safe to install. You can use these details to decide the action that you want to take on the file.

Some of the supported portals are:

  • Internet Explorer (Browser)

  • Opera (Browser)

  • Firefox (Browser)

  • Chrome (Browser)

  • AOL (Browser)

  • Safari (Browser)

  • Yahoo (Browser)

  • MSN Explorer (Browser, email & Chat)

  • QQ (Chat)

  • ICQ (Chat)

  • Skype (Chat)

  • MSN Messenger (Chat)

  • Yahoo Messenger (Chat)

  • Limewire (P2P)

  • BitTorrent (P2P)

  • Thunder (P2P)

  • Vuze (P2P)

  • Bitcomet (P2P)

  • uTorrent (P2P)

  • Outlook (email)

  • Thunderbird (email)

  • Windows Mail (email)

  • Outlook Express (email)

  • FileZilla (File Manager)

  • UseNext (Download Manager)

  • FDM (Download Manager)

  • Adobe Acrobat Reader (PDF viewer)

The reputation levels of the file are safe, unsafe, and unknown. You can install safe files. Norton Internet Security removes the unsafe files. In the case of unknown files, Download Insight prompts you to take a suitable action on the file. You can run the installation of the file, stop the installation, or remove a file from your computer.

When you downloaded a file, Download Insight processes the file for analysis of its reputation level. Auto-Protect analyzes the reputation of the file. Auto-Protect uses the threat signatures that Norton Internet Security receives during definitions updates and other security engines to determine the safety of an executable file. If the file is unsafe, Auto-Protect removes it. Auto-Protect notifies the results of file analysis to Download Insight. Download Insight then triggers notifications to inform you whether the file is safe to install or needs attention. You must take a suitable action on the files that need attention. In case of an unsafe file, Download Insight informs you that Norton Internet Security has removed the file.

Security History logs details of all events that Download Insight processes and notifies. It also contains information about the actions that you take based on the reputation data of the events. You can view these details in the Download Insight category in Security History.

X

Network Protection defends your computer by detecting and preventing attacks through your network connection and evaluating the safety email attachments.

Table: Network Protection

Protection Setting

Description

Desktops & Laptops

Servers

Intrusion prevention

Intrusion Prevention scans all the network traffic that enters and exits your computer and compares this information against a set of attack signatures. Attack signatures contain the information that identifies an attacker's attempt to exploit a known operating system or program vulnerability. Intrusion prevention protects your computer against most common Internet attacks.

For more information about the attacks that intrusion prevention blocks, visit:

http://www.symantec.com/business/security_response/attacksignatures

If the information matches an attack signature, intrusion prevention automatically discards the packet and breaks the connection with the computer that sent the data. This action protects your computer from being affected in any way.

Intrusion prevention relies on an extensive list of attack signatures to detect and block suspicious network activity. You should run LiveUpdate regularly to ensure that your list of attack signatures is up to date.

Note:

LiveUpdate requires adequate disk space to run successfully. Please ensure that your computers have 1 GB of available disk space to avoid LiveUpdate failures.

X

Email Protection

Email Protection protects your computer against the threats that you might receive through email attachments. It automatically configures your email program for protection against viruses and other security threats.

Note:

This feature applies only to desktops and laptops.

X

Smart Firewall

The Smart Firewall monitors the communications between your computer and other computers on the Internet. It also protects your computer and alerts you to such common security problems as:

  • Improper connection attempts from other computers and of attempts by programs on your computer to connect to other computers

  • Port scans by unauthorized computers

  • Intrusions by detecting and blocking malicious traffic and other attempts by outside users to attack your computer

A firewall blocks hackers and other unauthorized traffic, while it allows authorized traffic to pass. Turning off Smart Firewall reduces your system protection. Always ensure that the Smart Firewall is turned on.

The Smart Firewall provides two configurable options:

User can disable Firewall - Enables a local computer user to override the Smart Firewall for a certain period of time. This option permits an installation or other administrative function. The firewall can be disabled for:

  • 15 minutes

  • one hour

  • five hours

  • Until the system restarts

Report Blocked Events - Uploads blocked firewall events from the computer to your Endpoint Protection account. The blocked events are added to the computer history page and the statistical data that is displayed on the Home page. Blocked events are also available within the Security History page of the local Norton Internet Security interface. No alerts are issued based on this data as they are low risk events.

Firewall rules - Enables administrators to customize firewall rules for their organization.

Program control - Enables administrators to allow or block Internet access for Agent-discovered programs.

Note:

This feature applies only to desktops and laptops.

X


Legacy ID



id-SF9V0286197_v98916675


Article URL http://www.symantec.com/docs/HOWTO98471


Terms of use for this information are found in Legal Notices