Endpoint Protection

 View Only

  • 1.  12.1 Client Install Package changes from 11

    Posted Jul 21, 2011 11:09 AM

    Can someone please explain the renamed options in the SEPM 12.1 SEP Client Install Package options? 

    Previously I could select which components to install.  Now it's only three options; full protection for clients, full protection for servers, and basic protection for servers.

    I currently have a Citrix PVS 5.6SP1 VDI infrastructure which requires the Sygate firewall (IPS, Truscan, Sonar, whatever it's called now) to NOT be installed because even with exclusions in place this feature eventually blocks Windows 7 access to the streamed hard drive, and the VD PC dies.

    So am I safe in assuming that Basic protection for servers is the option I need to install on my Win7 VDI's to get these components to not install? 

    I have read the admin guides and these too.

    http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/c741ec26fa674b1e8825738a0076abf3?OpenDocument

    http://www.symantec.com/business/support/resources/sites/BUSINESS/content/live/DOCUMENTATION/4000/DOC4328/en_US/Migration_Guide_SEP12.1.pdf



  • 2.  RE: 12.1 Client Install Package changes from 11

    Trusted Advisor
    Posted Jul 21, 2011 01:36 PM

    Hello,

    Please Check this:

     

    Deciding which features to install on the client
     
     
     
    Hope this Helps!!!


  • 3.  RE: 12.1 Client Install Package changes from 11

    Posted Jul 21, 2011 05:22 PM

    So I would install the basic server package on those Win7 PCs for which I want only AV, correct?



  • 4.  RE: 12.1 Client Install Package changes from 11
    Best Answer

    Broadcom Employee
    Posted Jul 22, 2011 06:08 AM

    Hi,

    You are correct, you will have to install with basic protections for server.

    However, you have option to create custom package also through which you have already gone.



  • 5.  RE: 12.1 Client Install Package changes from 11

    Posted Jul 22, 2011 07:51 AM

    Let me start by saying that your environment is yours to do with as you will.

    That being said, please understand that the days of just running AV are long past.  No longer are people as safe as they used to by ensuring that AutoProtect is running and the defs are current.  Blended threats have been around for years...I long ago lost count of how many customers I've helped who got infected because they weren't, for example, running Intrusion Prevention, and they got infected with FakeAV.

    You really, REALLY need to have IPS, SONAR, firewall, and Application and Device Control...running less than that is, honestly, a disaster waiting to happen.



  • 6.  RE: 12.1 Client Install Package changes from 11

    Posted Jul 27, 2011 05:34 PM

    We are talking about VDI:  Virtual Desktops.

    The problem, at least with 11.0.6300, is that those services (IPS, Truscan, firewall) would often detect Citrix PVS traffic as malicous and block said traffic.    When that happens, the computer is dead in the water.  That is because the hard drive is not physical, it is virtual, being streamed over the network through Citrix PVS.   As these are shared pooled images, and a reboot clears the virtual disk cache, there is no way for me to determine what exactly was detected.  I was able to reproduce the problem over and over on multiple machines, and multiple base images.   Removing everything except for the base AV product completely resolves the problem.

    Prior to begining with VDI, I had whitelisted the VDI PVS servers IP addresses. 

    Since 12.1 is said to be made for virtual environements, are there any techinical documents on how to intigrate 12.1 with IPS, SONAR, firewal and Citrix XenDesktop PVS?  What exact steps to take to prevent this lockup issue?



  • 7.  RE: 12.1 Client Install Package changes from 11

    Posted Jul 27, 2011 11:28 PM

    Yes Basic Protection !!!