Understanding Endpoint Protection Policies
|Article:HOWTO98471|||||Created: 2014-05-15|||||Updated: 2014-05-15|||||Article URL http://www.symantec.com/docs/HOWTO98471|
When any computer is added as an Endpoint Protection computer, it is immediately added to the default group and the default policy for immediate protection. The default group is only modified when computers are added or deleted; the default policy cannot be modified. The default configuration may serve your organization well, however, you can configure Groups and Policies that are tailored to your needs.
Symantec Endpoint Protection enables you to create and impose policies to protect your computers based on the security requirements of the computers. Four categories of protection that can be used in a policy:
USB Device Control
These categories of protection offer a defense in-depth security solution. Computer Protection features focus on the high risk communications reaching a computer.
Different Agents are installed for Desktops & Laptops than for Servers. The Protection Settings available for servers differ from the Protection Settings available for Desktops & Laptops.
Table: Computer Protection
USB Device Control enables administrators to prevent malicious code injection and intellectual property theft by controlling employee use of USB removable storage devices. USB mice and keyboards are unaffected by USB Device Control because they do not provide data storage.
Table: USB Device Control
Desktops & Laptops
USB device access
The drop-down enables a policy configuration to either Allow or to Block access to a USB device. Blocking events are logged for review and reporting.
Read only access
The check box allows USB device access to be restricted to read-only access.
Enable user notifications
Enables toast messages on the endpoint alerting the user to USB device blocking.
Web Protection defends Internet Explorer and Firefox from attack; presents website safety ratings; and evaluates downloads from the web.
Desktops & Laptops
With increasing Internet use, your web browser is prone to attack by malicious websites. These websites detect and exploit the vulnerability of your web browser to download malware programs to your system without your consent or knowledge. These malware programs are also called drive-by downloads. Norton Internet Security protects your web browser against drive-by downloads from malicious websites.
Norton Internet Security proactively blocks new or unknown malware programs before they attack your computer. By protecting your web browser, Norton Internet Security secures your sensitive information and prevents the attackers from controlling your system remotely.
The Browser Protection feature checks for browser vulnerabilities in the following browsers:
You must turn on theoption to enable this feature.
Download Insight provides information about the reputation of any executable file that you download from the supported portals. The reputation details indicate whether the downloaded file is safe to install. You can use these details to decide the action that you want to take on the file.
Some of the supported portals are:
The reputation levels of the file are safe, unsafe, and unknown. You can install safe files. Norton Internet Security removes the unsafe files. In the case of unknown files, Download Insight prompts you to take a suitable action on the file. You can run the installation of the file, stop the installation, or remove a file from your computer.
When you downloaded a file, Download Insight processes the file for analysis of its reputation level. Auto-Protect analyzes the reputation of the file. Auto-Protect uses the threat signatures that Norton Internet Security receives during definitions updates and other security engines to determine the safety of an executable file. If the file is unsafe, Auto-Protect removes it. Auto-Protect notifies the results of file analysis to Download Insight. Download Insight then triggers notifications to inform you whether the file is safe to install or needs attention. You must take a suitable action on the files that need attention. In case of an unsafe file, Download Insight informs you that Norton Internet Security has removed the file.
Security History logs details of all events that Download Insight processes and notifies. It also contains information about the actions that you take based on the reputation data of the events. You can view these details in the Download Insight category in Security History.
Network Protection defends your computer by detecting and preventing attacks through your network connection and evaluating the safety email attachments.
Desktops & Laptops
Intrusion Prevention scans all the network traffic that enters and exits your computer and compares this information against a set of attack signatures. Attack signatures contain the information that identifies an attacker's attempt to exploit a known operating system or program vulnerability. Intrusion prevention protects your computer against most common Internet attacks.
For more information about the attacks that intrusion prevention blocks, visit:
If the information matches an attack signature, intrusion prevention automatically discards the packet and breaks the connection with the computer that sent the data. This action protects your computer from being affected in any way.
Intrusion prevention relies on an extensive list of attack signatures to detect and block suspicious network activity. You should run LiveUpdate regularly to ensure that your list of attack signatures is up to date.
Email Protection protects your computer against the threats that you might receive through email attachments. It automatically configures your email program for protection against viruses and other security threats.
The Smart Firewall monitors the communications between your computer and other computers on the Internet. It also protects your computer and alerts you to such common security problems as:
A firewall blocks hackers and other unauthorized traffic, while it allows authorized traffic to pass. Turning off Smart Firewall reduces your system protection. Always ensure that the Smart Firewall is turned on.
The Smart Firewall provides two configurable options:
User can disable Firewall - Enables a local computer user to override the Smart Firewall for a certain period of time. This option permits an installation or other administrative function. The firewall can be disabled for:
Report Blocked Events - Uploads blocked firewall events from the computer to your Endpoint Protection account. The blocked events are added to the computer history page and the statistical data that is displayed on the Home page. Blocked events are also available within the Security History page of the local Norton Internet Security interface. No alerts are issued based on this data as they are low risk events.
Firewall rules - Enables administrators to customize firewall rules for their organization.
Program control - Enables administrators to allow or block Internet access for Agent-discovered programs.
Article URL http://www.symantec.com/docs/HOWTO98471