Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Admin's Daily Routine for SEPM

  • 1.  Admin's Daily Routine for SEPM

    Posted Apr 28, 2014 12:39 AM

    Dear Team,

    Can anybody guide me for the steps of daily task/routine for SEPM server so our administrator can check on daily basis.

    Thanks.

    S2S



  • 2.  RE: Admin's Daily Routine for SEPM

    Posted Apr 28, 2014 12:44 AM

    We have check the daily defintion on clients are updated.

    Policy review.

    SEPM up to Date.

    Virus report to clean the virus.



  • 3.  RE: Admin's Daily Routine for SEPM

    Posted Apr 28, 2014 12:52 AM

    But tell me one thing about to check the virus activity what to check or monitor.

    e.g. only left alone acion or all action failled actions?



  • 4.  RE: Admin's Daily Routine for SEPM
    Best Answer

    Posted Apr 28, 2014 12:56 AM

    It's depend what's roles and responsibility do you have provided by admin.

    1) Check SEPM are updated or not latest defination.

    2) How many system are updated latest defination.

    3) Checked SEPM Database ,Logs,event,risk analysis etc.

    Please see below articles.

    SEP Daily Management Reporting Template

    https://www-secure.symantec.com/connect/articles/sep-daily-management-reporting-template



  • 5.  RE: Admin's Daily Routine for SEPM

    Posted Apr 28, 2014 01:08 AM

    For risk prospective what would need to be checked?



  • 6.  RE: Admin's Daily Routine for SEPM

    Posted Apr 28, 2014 01:10 AM

     

    We have create the email task which can send the old date defintion report so we can track and update.

    Check the virus log to clean it from network.

    Policies review and applied on my system to confirm all is fine.

    I have check both the virus report and scan according to it.



  • 7.  RE: Admin's Daily Routine for SEPM

    Posted Apr 28, 2014 01:11 AM

    As per my understanding we need to check/monitor the following's on daily basis.

    -- Virus Definition of SEPM

    -- Top source of attack.

    -- Free Disk space of SEPM drive.

    -- Left Alone Risk.

    -- All action Failed risk.

    -- AV Engine Off / Autoprotect off clients.

    -- Outdated SEP Clients.

    -- Configured Unmanaged Detector and notification as well for the same.

     

    Please suggest.



  • 8.  RE: Admin's Daily Routine for SEPM

    Broadcom Employee
    Posted Apr 28, 2014 01:13 AM

    checking the risk log and the action taken against on the risk should be captured.

    Also check the top source of infection and check for the security status of those systems.

    Enable the policy where in user should not be able to disable the antivirus.



  • 9.  RE: Admin's Daily Routine for SEPM

    Posted Apr 28, 2014 01:26 AM

    But here little confused. Need to check for left alone action or all failed action?



  • 10.  RE: Admin's Daily Routine for SEPM

    Broadcom Employee
    Posted Apr 28, 2014 01:36 AM

    i would suggest both , as appropriate actions needs to be formulated. Actions like restart of the system, scanning in safe mode has to be suggested.

     



  • 11.  RE: Admin's Daily Routine for SEPM

    Posted Apr 28, 2014 06:34 AM

    You obviously want to check both those actions as it means SEP couldn't remove the virus, it will only block access to it. Those two actions indiciate it needs to manually be acted upon