How to increase the sensitivity of Proactive Threat Protection in Symantec Endpoint Protection 11.x

Article:TECH97855  |  Created: 2009-01-02  |  Updated: 2011-03-30  |  Article URL http://www.symantec.com/docs/TECH97855
Article Type
Technical Solution


Environment

Issue



You are dealing with a virus outbreak and need to increase the sensitivity of the Proactive Threat Protection component of Symantec Endpoint Protection.

 


Solution



The Proactive Threat Protection component of Symantec Endpoint Protection can be used to help prevent the spread of threats to protected machines. To make manual adjustments to the sensitivity of Proactive Threat Protection:

1. Log in to the Symantec Endpoint Protection Manager.
2. Click the Policies tab on the right side.
3. Under the View Policies section, click Antivirus and Antispyware.
4. In the Tasks section, click the Add an Antivirus and Antispyware policy.
5. The Antivirus and Antispyware policy window will open, in the Overview window you can specify a policy name, for example 'Outbreak Policy', and give a description for the policy.
6. Select TruScan Proactive Threat Scans on the right side.
7. In the Scan Details tab of the TruScan Proactive Threat Scans window, uncheck the box 'Use defaults defined by Symantec.
8. At the 'When a trojan or worm is detected within the sensitivity threshold:' pull down menu, select 'Terminate'.
9. Adjust the slider bar for 'Sensitivity' to your desired threshold.

Note: The higher the sensitivity is set, the higher the possibility for a false positive. To determine what sensitivity level you need to mitigate false detections, you should test the policy with the action for 'When a trojan or worm is detected within...' to 'Log Only' and then deploy the policy to a test client and verify the sensitivity meets your needs.

10. Click the OK button in the Antivirus and Antispyware window.
11. You will be prompted to assign the policy. Click the 'No' button.

You can then make a custom client group for a test client, apply the policy to that clients group and use the process outlined in steps 6-9 above to edit the sensitivity.

To assign the policy to a group:

1. Right click on the Outbreak policy and select 'Assign'.
2. Select the group(s) you wish to assign the policy to.
3. Click the Assign button at the bottom of the Assign Antivirus and AntiSpyware Policy window.
4. Confirm the policy assignment by clicking the 'Yes' button.



References
Pages 449-512 of the Administrator's Guide for Symantec Endpoint Protection and Symantec Network Access Control have further detail on TruScan configurations.



 



Legacy ID



2009120214031748


Article URL http://www.symantec.com/docs/TECH97855


Terms of use for this information are found in Legal Notices