Video Screencast Help

"How to..." Series for Symantec Endpoint Protection - Part 2

Created: 15 Jul 2013 • Updated: 18 Jul 2013 | 4 comments
Language Translations
Mithun Sanghavi's picture
+14 14 Votes
Login to vote

Hello,

This is Part 2 of the "How to Series...", you can find the Part 1 here.

Here are few popular "How to..." which would be assistance to the Symantec Endpoint Protection Users.

Series 2 contains the following "How to..."

1) How to Deploy the Communication Settings to the SEP 12.1 RU2 clients.

2) How to Enable Anti-MAC spoofing

3) How to export MSI Package to deploy the SEP clients.

4) How to verify what type of database is used for SEPM ?

 

=========================================================================================================

1) How to ... Deploy the Communication Settings to the SEP 12.1 RU2 clients.

If the client-server communications breaks, you can quickly restore communications by replacing the Sylink.xml file on the client computer. You can replace the sylink.xml file by redeploying a client installation package. Use this method for a large number of computers, for the computers that you cannot physically access easily, or the computers that require administrative access.

Here are the steps:

1)  Login into SEPM console

2)  Go to Clients Tab

3)  Select the Group in which you would like to see the offline clients

4)  Right click on the group and click on “Add Client”

5)  Now please follow the Screenshot as mentioned below:

Deploy_Comm1.JPG

6)  You will get “Client Deployment Wizard”

7)  Select “ Communication Update Package Deployment” Option

8)  Click Next

Deploy_Comm2.JPG

 

9)  Select the group in which you would like to see the client

10) Leave it on “Computer mode”

11) Click Next

Deploy_Comm3.JPG

 

12) Select Remote Push

13) Click Next

Deploy_Comm4.JPG

14) Browse your network and add the computers to the list

15) Click Next

Deploy_Comm5.JPG

 

16) Authenticate the User

Deploy_Comm6.JPG

17) Click Next

Deploy_Comm7.JPG

18) Click Send

Deploy_Comm8.JPG

19) Click Finish

Deploy_Comm9.JPG

20) Please check the SEP client status in the SEPM, it should now show in the SEPM\Clients

 

Check these Articles:

Restoring client-server communications with Communication Update Package Deployment

http://www.symantec.com/docs/HOWTO81109

SEP 12.1 RU2 and Reset Client Communication

https://www-secure.symantec.com/connect/articles/sep-121-ru2-and-reset-client-communication

=========================================================================================================

2) How to... Enable Anti-MAC spoofing

1)      Login into SEPM Console.

2)      Go to “Policies”

3)      Edit the Firewall Policy

4)      Go to “Protection and Stealth”

5)      ENABLE  Anti-MAC Spoofing

Anti-Mac.JPG

 

 
Enabling anti-MAC spoofing - Allows the inbound and outbound ARP (Address Resolution Protocol) traffic only if an ARP request was made to that specific host. It blocks all other unexpected ARP traffic and logs it in the Security Log. 
 
Media access control (MAC) addresses are the hardware addresses that identify the computers, the servers, and the routers. Some hackers use MAC spoofing to try to hijack a communication session between two computers. When computer A wants to communicate with computer B, computer A may send an ARP packet to computer B.
 
Anti-MAC spoofing protects a computer from letting another computer reset a MAC address table. If a computer sends an ARP REQUEST message, the client allows the corresponding ARP RESPOND message within a period of 10 seconds. All client rejects all unsolicited ARP RESPOND messages. 
 
This option is disabled by default.
 
Check these Articles:

About firewall rules

http://www.symantec.com/docs/HOWTO55261

Default Symantec Endpoint Protection 12.1 RU1 Firewall Policy explanation

http://www.symantec.com/docs/TECH180569

=========================================================================================================

3) How to... export MSI Package to deploy the SEP clients.

Follow the steps provided below to Export client packages with / without latest definitions.  

Note that screens when exporting a SEP for Mac client will appear slightly different.

1) Login into Symantec Endpoint Protection Manager (SEPM).

Click on Home and from Common Tasks, select Install Protection Client to Computers

package1.JPG

 2) In the Select the Group and Install Features set window, and under the In the Content Options, select

All Content:  This option will have content version at the time of the deployment.

Basic Content:  This option provides small client deployment packages, the definition (content) are downloaded via LiveUpdate after client installation.
 

package2.JPG

 

Click Next.

3) Select the preferred installation method.  Example is using Save Package.

Click Next

package3.JPG

 

 4) Select the way it needs to be saved (Single .exe or separate files in .MSI).

package4.JPG

 5) Before it is saved, it gives modules/details of the package.

Once confirmed, click Next.

package5.JPG

 6) Package is created at the saved location. Click Finish Button This package can be used to push to the clients at Later time.

package6.JPG

Click Next.

Check these Articles:

How to export Symantec Endpoint Protection (SEP) client install packages without any definitions or package with Basic Content.

http://www.symantec.com/docs/TECH178698

Creating custom client installation packages in the Symantec Endpoint Protection Manager console

www.symantec.com/business/support/index?page=content&id=TECH102817

Managing client installation packages

www.symantec.com/business/support/index?page=content&id=HOWTO55410

Exporting client installation packages

www.symantec.com/business/support/index?page=content&id=HOWTO55412

How do I create and configure a custom Symantec Endpoint Protection installation package in version 12.1?

https://www-secure.symantec.com/connect/articles/how-do-i-create-and-configure-custom-symantec-endpoint-protection-installation-package-vers

=========================================================================================================

4) How to... verify what type of database is used for SEPM ?

1)      Microsoft SQL Database

SQL.JPG

 

2)      Embedded database

EmbeddedDB.JPG

 

====================================================================================

Comments 4 CommentsJump to latest comment

OC_gonz's picture

Thank´s Mitun.

Excelent article, very clear and hellpfull.

I wait the 3th part =).

0
Login to vote
nwranich's picture

awesome article.  Thank you!

0
Login to vote
John Santana's picture

Mithun in order to enable the Anti-MAC spoofing, isn;t that just a matter of updating the Client Security policy only ?

or do I have to deploy another files to each SEP client ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

0
Login to vote
Ambesh_444's picture

Grt article mithun. Thumbs up for your awesome article...yes

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

0
Login to vote