Endpoint Protection Small Business Edition

Dear community.

Some time ago, about two weeks, I installed Symantec Endpoint Protection (Small Business Edition, version 12+). I have created some custom policies which server(s) will be using (critical servers like Exchange, Management and File server(s)). 

However, the issue right now is:

Whenever a remediation action has occured the system must be rebooted. I can only postpone the action and not cancel it. Also, if I perform no action on the notification the dialog tells me that the server will be rebooted automatically on the next day. 

How can I disable this feature? With over 120 employee's I can't afford the Exhange and File server being rebooted, automatically..

Any help regarding this issue/challenge will be greatly appreciated.

Dear regards,

Glenn van Cauter

It will say in that it needs a reboot to remidiate but it will not reboot it automatically.

check the remediation option

http://www.symantec.com/business/support/index?page=content&id=TECH104430

In order to finish the remediation, a reboot is necessary.

SEP won't reboot automatically, it will only alert you that it needs to be rebooted

Dear _Brian,

At this very moment, I have a prompt messages which says:

A security risk remediation or a new content download requires this computer to restart. If you choose not to manually restart this computer, it will restart automatically on thursday 30 januari 2014 01:07.

@Rafeeq:

Thanks for the link, but I checked that FAQ but it didn't really gave me any clues..

Dear regards,

Glenn van Cauter

I've checked the various settings in the policy and cannot find anything for this.

Looks like you're on SBE and I don't access to one at the moment so I cannot test his.

Thanks _Brian.

Anyone else who has the same issue?

Dear regards,

Glenn van Cauter

Can you try this?

When the console was put in place, was this a migration from a previous version (upgrade) or was this a Fresh Install?

If this was a migration from 11.x to 12.0.x - to 12.1.x policies are migrated and not 'upgraded'

Now, I am still not 100% on SBE migrations and their default settings - but I know with Enterprise Edition, there was some issues that I had with threat remmidations that came with the default policies (all real-time, scheduled scans, and on-demand scans). Specifically, under the actions tab - there should be three checkboxes, one about backup files, next about terminating processes, and the last is stop services automatically - for whatever reason, those bottom two were unchecked by default and if a threat was loaded and tied into a process - SEP would flag the system for a reboot (much like what you are dealing with) and would not have the 'teeth' to kill a threat

Furthermore, any 'good' malware coder would do their best to insert their process before any AV is running, so the running theory is that it is possible that you would be caught in a remmidation loop (similar again to what is happening) while it leaves the threat free to do whatever it likes...say if it were something like cryptolocker, then the damage that can be done is immense.

What I would look at is on the other end - before we start digging in registry or start doing other things, start with your policies under the AV section - make sure that all three of those checkboxes are selected, if they aren't, then do it and give SEP the bite it needs to deal with what's out there, if it is - then we can start poking at the registry (make sure that you disable tamper protection temporarly before you start poking at the SEP reg keys and then turn it back on as soon as you are done - only downside is, whatever next policy change you make on the SEPM, will push down back down onto the client and if it is broadcasting that auto restart...well, then we have a problem.

Now here is the other thing, please do not take me as some slimy sales guy - I acutally work in Tech Support, the last thing I want to even discuss is that pocket-book but from what you are describing to me - I honestly beleive your requirements for control are much greater than what the Small Business Edition has to offer - I would honestly look into possibly moving towards the Enterprise Edition for sake of the granulatiry of the control you have over the envrionment. If this was an environment of 5-10 people and a single server, maybe this could skate by, but if you are running multiple servers and over 50 people, my experience and gut tells me Enterprise Edition is the way to go...just food for thought but we are all here to help