Hello All,
I would like to share the few configuration options which can be setup in the conf.properties file.
Changing Port number in IIS
_______________________________________________________________________
Any time when you decide that you want to change the port number Symantec manager uses in IIS, due to a security concern you may follow this step.
First you need to change the port number in IIS
Stop the "Symantec Endpoint Protection Manager" service.
Open IIS.
Right-click the Web site on which Symantec Endpoint Protection Manager resides.
Click Properties.
Under TCP port, enter the HTTP port number you want to use.
Once this is done, we need to write a line in the conf.properties file.
Go to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tomcat\etc\conf.properties
Check for the following line in the conf.properties file. Add the line to the bottom of the file if it does not already exist.
scm.iis.http.port=8018
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007111212591048
If you want to configure HTTPS for SEPM
Add the following two lines to the bottom of this file:
scm.use_https=1
scm.iis.https.port=443
Symantec Document: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007082314220048
Changing the virus definitions content value
_______________________________________________________________________
Sometimes old virus definitions do not get purged and we need to clean the database in that case, adding this line in the conf file would help you to save some space.
Go to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tomcat\etc\conf.properties
Now add.
scm.lucontentcleanup.threshold=1 (no of revisions)
Cutting down the CPU usage for SEMSRV.exe
_______________________________________________________________________
When new defs are downloaded or during data purge Symantec manager process uses lot of CPU, you can limit the CPU usage by adding this line
scm.delta.cpu.usage=0.5
Decimal number between 0 and 1, where 1 represents 100% usage and 0.5 represents 50% usage.
Symantec Document:http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007121216360648
Changing Radius port
_______________________________________________________________________
The Symantec Endpoint Protection Manager uses Radius communication and requires port 1812 to be available for the Enforcer sometimes you will get error message while installing SEPM like
"Error: "Port 1812 is already in use. Stop your Radius server if you have the Enforcer installed." while installing Symantec Endpoint Protection Manager"
To overcome this you need to add this line.
scm.radius.port=xxxx
Where xxxx is the desired port number
Symantec Document:http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007111411152348
Changing Backup location
_______________________________________________________________________
If SEPM is installed on drive C by default the backup location will be C in case if you are running out of space on C drive, you can use this configuration.
Open conf.properties file.
Change the drive letter
scm.agent.root=C\:\\Program Files\\Symantec\\Symantec Endpoint Protection Manager\\data
If you want on D it would be
scm.agent.root=D\:\\Program Files\\Symantec\\Symantec Endpoint Protection Manager\\data
Now all your backups will be on drive D
Collecting SEPM logs for debugging
_______________________________________________________________________
If you want to generate additional logs for troubleshooting SEPM, you need to set the log level in the conf.properties file
To debug SEPM notifications, add
scm.mail.troubleshoot=1
To create logs
scm.log.loglevel=fine
Detailed log files will now be saved in the folder
C:\Program Files\Symantec\Symantec Policy Manager\tomcat\logs\
Symantec Document: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007133987546098
To change the port number that is used for remote Symantec Endpoint Protection Manager Console
_______________________________________________________________________
Open the conf.properties file from: "tomcat\etc\conf.properties" in Notepad and change the scm.http.port=9090
You need to change the port number in server.xml file too.
Open the file "...\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\server.xml" with WordPad or a similar editor.
In the file you opened, locate the <Service name="SCM"> element.
Locate the <Connector acceptCount> subelement that has the port attribute equal to 9090.
The <Service name="SCM"> element contains more than one <Connector acceptCount> subelement.
Change the 9090 in the port=9090 attribute to the port number you want to use for remote login
Symantec Document:http://service1.symantec.com/support/ent-security.nsf/docid/2008020815241748
Changing tomcat port 8005 in SEPM
_______________________________________________________________________
In case of port conflict with tomcat 8005, SEPM service would not start and you would get Java-1 in the event log.
To change the port number.
Right-click the server.xml file and click edit to modify the file:
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\server.xml)
For conflicts with port 8005, change the port to another unused port:
port="8006"
Symantec Document:http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007100309555748