Endpoint Protection

They originally used the GRC editor delivered by symantec to do this specialized configuration. in SAV 10 is sep 11 they understand they use the skylink.xml they want to know what tool they use to create and manipulate this file on thousands of workstations. Thanks guys 

As of now no tool for sylink editor.
you can create a group inside the manager
once you create a group you can find the sylink for that group under
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent
take the sylink file
use sylink replace tool to distribute this sylink file.

How to move Symantec Endpoint Protection clients to a different group by using the SylinkDrop, or SylinkReplacer, utility and a sylink.xml

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008020615383348


in SAV10 configuration in grc.dat would make changes in registry , everything can be set in registry
however here communication is mainly initated by Sylink
once communication is establed then client will take the policy which is configrued for that group
so replacing sylink file, will enable communication
once communicating only then policy will be taken from the manager.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009022414415348

https://www-secure.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm

Download this tool there is PDF attached with screenshots so it should be easy to use. 

 guys thank you for these answers just found out that these clients are unmanaged. They need to make a change to the skylink and then distibute to unmanaged clients. this would include out of date warnings actions to take when a virus is found live update configuration scanning network drives 

What ever the settings you want to change first you  create a separate group and change for that group in SEPM
Then create a sylink from the SEPM.(For this you can right click on the group which you desired in clients tab,it will give an option for export communication settings this will export sylink file.,) 

 so the issue is they have clients in remote hard to get to locations. these will and stay unmanaged clients. so you are saying that I create a group in sepm and export the sylink file and from there I will have it and be abel to replace on the rmeote workstations with a undetermined method and this will gibe them the correct settings without beeing conected?

If you are worried about virus defs out of date warning check this document

How to install Symantec Endpoint Protection with a single .EXE without the "Virus Defintions out of date" warning in the System Tray.

http://service1.symantec.com/support/ent-security.nsf/docid/2008052215430348?Open&seg=ent
 

I dont think so , when you replace sylink  it will communciate with manager, and then take policy 

if you just want to replace the policy
you can replace the policy.xml file from the particular group
to the clients.remotely

 guys so do I create a group and make that changes and export the sylink file replace on unmanaged clients

or follow the rafeeq link and create a exe?

 so how do i accomplish the task?

If you want you can export unmanaged client also.
If you export a package it will contain the latest policies also.
Or
you can export the policies which is present in the SEPM from policy tab (It will get exported as a dat file) and you can import the same in the client from it's gui (Help and support--->troubleshooting) 

here is what I am trying to accomplish what is teh best course of action thanks guys

There are several configurations that we do in SAV 10 that I am able to duplicate with SEP 11 through policies and applying those policies to an unmanaged client installation package.  Some of those configurations include: out-of-date warnings, actions to take when a virus is found, LiveUpdate configuration, scanning network drives, etc.  I will not include those items in this list because I believe we can configure them as a part of the installation package.

Here are some of the other configurations that we do today in SAV 10 with a GRC.DAT file that we would like to do with SEP 11.

!KEY!=$REGROOT$\storages\filesystem\realtimescan

ExcludedExtensions=SNDF,MDF,LDF,DBF,AFW

ExcludedByExtensions=D1

HaveExceptionDirs=D1

HaveExceptionFiles=D1

!KEY!=$REGROOT$\storages\filesystem\realtimescan\noscandir

""C:\Data""=D1

""C:\Data1""=D1

""D:\Data""=D1

""D:\Data1""=D1

""C:\Temp""=D1

""C:\Temp1""=D1

""D:\Temp""=D1

""D:\Temp1""=D1

""C:\Program Files\IT\IT\Process Portal A\AppLog""=D1

""C:\Program Files\Common Files\IT\MSSQL$EBINSTANCE\Data""=D1

""C:\IT Data""=D1

""C:\HsData""=D1

""C:\oracle\admin""=D1

""C:\oracle\oradata""=D1

""C:\Documents and Settings\All Users\Application Data\company\IM\Archive""=D1

(Note: we would like to be able to replace the first 8 entries with wildcard entries such as "*\Data*" and "*\Temp*" but we're unsure if or how we could do that?)

For our scheduled scans, we update a different GRC.DAT file with some of the following settings:

!KEY!=$REGROOT$\localscans\clientscheduledscan_1

SecondMacroAction=D1

DoCompressed=D0

ZipExts=SARJ,LHA,ZIP,MME,LZH,UUE,CAB,LZ_,RTF,UU,MIM

FirstAction=D5

ScanBootSector=D1

Checksum=D0

DisplayStatusDialog=D1

NeededFreeDiskSpace=D30720000

Types=D6

WantedUtilization=D1

HaveExceptionDirs=D1

FirstMacroAction=D5

ScanMemory=D1

FileType=D0

ScanAllDrives=D0

MessageBox=D1

MessageText=SScan type:  ~L Scan\nEvent:  ~E\n~V\nFile:  ~P\nLocation:  ~C\nComputer:  ~S\nUser:  ~N\nAction taken:  ~A

ZipFile=D1

Logger=D0

ZipDepth=D8

ScanLocked=D0

SecondAction=D1

Exts=S386,ACM,ACV,ADT,AX,BIN,BTM,CLA,COM,CPL,CSC,CSH,DLL,DOC,DOT,DRV,EXE,HLP,HTA,HTM,HTML,HTT,INF,INI,JS,JSE,JTD,MDB,MP?,MSO,OBD,OBT,OCX,OV?,PIF,PL,PM,POT,PPS,PPT,PRC,RAR,RTF,SCR,SH,SHB,SHS,SMM,SYS,VBE,VBS,VSD,VSS,VST,VXD,WBK,WSF,WSH,XL?

Softmice=D1

ExcludedByExtensions=D1

ExcludedExtensions=SNDF,MDF,LDF,DBF

PrescanExclude=D1

BackupToQuarantine=D1

CloseScan=D1

EnableDelay=D1

NoRecallTimeWindow=D30

NoRecallTimeWindowType=D0

CustomHSMVendorFlag1=D0

DoOffline=D8388608

HaveExceptionFiles=D1

ScanWhenIdle=D1

ScanWhenNotIdle=D1

ThrottleNetWare=D0

ScanWhenIdlePriority=D3

ScanWhenNotIdlePriority=D3

ThrottleNetWareTargetLoad=D40

ScanThreadCount=D2

ScanThreadsPerCPU=D1

StatusDialogTitle=SDPA Built-In Scan

TransmanStatusDialogTitle=Built-In Scan

!KEY!=$REGROOT$\localscans\clientscheduledscan_1\checksumconfig

FirstAction=D4

SecondAction=D4

!KEY!=$REGROOT$\localscans\clientscheduledscan_1\directories

""C:\Data""=D1

""C:\Data1""=D1

""D:\Data""=D1

""D:\Data1""=D1

""C:\Temp""=D1

""C:\Temp1""=D1

""D:\Temp""=D1

""D:\Temp1""=D1

""C:\Program Files\IT\Operate IT\Process Portal A\AppLog""=D1

""C:\Program Files\Common Files\IT\MSSQL$EBINSTANCE\Data""=D1

""C:\IT Data""=D1

""C:\HsData""=D1

""C:\oracle\admin""=D1

""C:\oracle\oradata""=D1

""C:\Documents and Settings\All Users\Application Data\company\IM\Archive""=D1

!KEY!=$REGROOT$\localscans\clientscheduledscan_1\fileexceptions

!KEY!=$REGROOT$\localscans\clientscheduledscan_1\files

!KEY!=$REGROOT$\localscans\clientscheduledscan_1\noscandir

!KEY!=$REGROOT$\localscans\clientscheduledscan_1\schedule

Type=D1

Enabled=D1

DayOfMonth=D0

DayOfWeek=D0

MinOfDay=(Dynamically created)

MissedEventEnabled=D0

TimeWindowDaily=D1

Created=D1046645095

SkipEvent=D0

Name=SDPA Built-In Scan

Since the only data that changes with the scheduled scans is the time of day, we were thinking that we could build the scheduled scan as a policy and include it in the client install package.  After the install has been completed, we could then just modify the MinOfDay entry on each machine to give it a unique schedule.  Would that work?  Is there a better way?

Also, in SAV 10, we create unique LiveUpdate schedules for each client by running VPDN_LU.EXE from the Windows Scheduled Tasks.  How do we accomplish this with SEP 11?

for everygroup you create inside manager you will have a corresponding folder in

C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\
you wil have numbered folder
create group, assing policy, make settings whatever you like
click on the group in sepm
click on details on right hand side
note down the policy serial number
go to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\
look for the noted down number
open that folder
take the policy .xml file
go to the client
open sep interface, click on help and support
on the policy select import.
put this policy.xml file
all policies are set.
 

 rafeeq thank you for that explination that makes sense for the polocies but looks like and I could be wrong there are other things they are tryingto change that they did in grc.dat how woudl I accomlish the above posting that I did with info from client thanks

you have all those in the policy tab
go throught the antivirus and antispyware policy carefully, u will get all those options.
if you find anthing difficult let me know.
exclusions come under centralized excepitons
you first need to set all these under policy and then export the policy.xml file for the group, should work as champ.

Symantec Endpoint Protection Manager reference guide for Symantec System Center users
http://service1.symantec.com/support/ent-security.nsf/docid/2007021509381848

 ok about to have call with client so I follow what you said create a policy export it and then import it on the client with help and support and they do not need to contavt the manager correct?

Keep them as unmanged no problem, we are just making the policy change,
to make it managed u need to use sylink

Sylink ---> to communcate
Policy.xml - > for policy

 awsome as always thanks rafeeq

 rafeeq so i am clear I would have to visit every machine if tere is 1,000 clients is tehre a automated way to acomplish this

unlike sylink.xml this file is not present on the machine
its read one time and necessary changes are made it the registry and after that its destroyed
its same like previous grc.dat once replaced u wont find it on clients ( if i remember correct)
it gets purged
do u really have 1000 machines?

 so what is teh automated way not going through help and support to import th epolicy changes?

 This is too complicated!

Just make your SEPM available on the Internet, and publish it via NAT.  This way you can manage the clients regardless of their location, and policy updates can be handled with ease through the SEPM!  Managing an XML file or policy files is just inefficient.

Symantec in their KB, has an article on NAT and the SEPM.  Search for keyword, "NAT."

what ever you find is easy

How to allow Symantec Endpoint Protection clients in a remote location to be managed by a Symantec Endpoint Protection Manager that's behind a NAT device
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/40542f09324e61fdca257582007472c5?OpenDocument

If you are wanting to change the policy of an unmanaged client, I believe the best way has already been stated above with regards to creating a group with your policy you want to drop on the clients and then importing the policy.xml file.

If you are wanting a way to centrally manage the clients at the remote location, then perhaps you could install a sepm there?