Endpoint Protection

Hi,

We want to install SEP 11 to our laptop users, as of the moment, we do not have SEPM installed in our environment. We will use a third-party software distributing tool such as SCCM to deploy the package to our laptop users.

We have 3 requirements:

1. Change the default settings of SEP (such as enabling mac-spoofing in Network Threat Protection and other things)
2. Prevent user from disabling SEP Auto Protect.
3. User will be prompted for uninstall password.

Is it possible to do these if we don't have SEPM? Is there a workaround? Something like "copying a "configuration file" from a fully configured stand-alone SEP client"?

please let me know if there's a way to deploy unmanaged SEP with the above requirements. Thanks!

If we have a SEPM installed , then we have a better control over the policy.
When we have a SEPM we can create a client install package as per the settings and features preffred, and we can configure the policy  accordingly.

Copying a configuration file will not help, Either you can create a custom install package from the SEPM with the policy required or we  can do some tweaking to the registry in order to achieve the 2 and 3 requirement. I need to check that.

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security\UseVPUninstallPassword IF YOU make it 1 it will have an uinstallation password enabled.

Thanks Prachand,

Does this mean that we really have to install SEPM to achieve the following requirements.. 

I can only see no. 3 requirement as achievable by altering the registry.. if you have other ideas let me know.

Try this article also see its comments 

Symantec Endpoint Protection –Few Registry Tweaks..

https://www-secure.symantec.com/connect/articles/symantec-endpoint-protection-few-registry-tweaks

 

You can use the link mentioned by Aravind.. Create a registry file.. Import it after the install...
 

I just want to ask if why dont you have an SEPM server?

To answer you Mr. Peterpan,

We are a company with large and complex environment. It's our roadmap to upgrade from SAV 10 to SEP 11 but we must first deal with stand-alone machines (non-domain member) with outdated SAV versions (sav. 8, 10).  We're still using Symantec System Center.

Once we finished upgrading those clients then we can proceed with preparing our resources for SEP 11. 

As per compliance requirements, we have an immediate request to deploy SEP 11 with firewall to our laptop users. Since we don't have an avalaible server to install SEPM we cannot manage and control SEP 11 clients.

Hope this answer your question..

 The easiet way would be to install SEPM on a test computer.
Apply the policy on a group for
Password requirement 
Anti Mac spoofing
Lock the policy for file system auto-protect
Liveupdate-edit the policy so that Liveupdate button is enabled and they can update themselves.

Then go Admin install package and export and Unmanaged package and select the group you have applied all the policies to
it will export a package for
Which you can push it your way..
Once you have exported the package you can remove SEPM

Thanks Vikram, I've thought about this, you are right I think this is the best way to deploy SEP along with those settings.

 Vikram is correct... With SEPM we can export packages with few policies.....