Endpoint Protection

 View Only

  • 1.  Endpoint Status monitor.

    Posted Feb 07, 2013 03:06 PM

    In the SEPM Endpoint Status monitor, it is showing that I have 75 disabled clients, I have not verified all but some of them work perfectly fine. Why are there clients listed here when they are working fine and are up to date?

    SEP 12

    OS Windows 7 64 bit clients and Windows 2003 32 bit servers and Windows 2008 server 64 bit



  • 2.  RE: Endpoint Status monitor.

    Posted Feb 07, 2013 03:20 PM

    This is a little misleading. Disabled doesn't necessarily mean SEP is OFF completely. It could mean one of the components is disabled.

    If you click on Disabled, a new window will open with more details. From here, you can see exactly what is disabled. It may just be tamper protection or Insight.

    If you scroll over, it will give you all the details.



  • 3.  RE: Endpoint Status monitor.

    Posted Feb 07, 2013 03:24 PM

    Tamper protection is off for ALL clients, how do I get that to not be logged into the disabled?



  • 4.  RE: Endpoint Status monitor.

    Posted Feb 07, 2013 03:25 PM

    You can't. This is by design.



  • 5.  RE: Endpoint Status monitor.

    Posted Feb 07, 2013 03:26 PM

    OK, I have Tamper protection off all across the board. Why is it only picking up 75 clients when there are over 500? None of which has tamper protection enabled.



  • 6.  RE: Endpoint Status monitor.

    Posted Feb 07, 2013 03:31 PM

    Not sure, maybe a bug. Or maybe tamper protection is actually on for them cheeky



  • 7.  RE: Endpoint Status monitor.

    Posted Feb 07, 2013 03:48 PM

    I can't even remember why I disabled Tamper protection across the board. Can you think of reasons?

    Do I want to turn it back on?



  • 8.  RE: Endpoint Status monitor.

    Posted Feb 07, 2013 03:56 PM

    In the past, I've seen minor issues such as print drivers not installing...but nothing major.

    Personally I would recommend it. It stops threats from disabling SEP. But sometimes legitimate programs may try to tinker with it as well...it's really up to you. I would turn it on and if something comes up than deal with.

    Just leave the lock open in case someone is troubleshooting and needs to turn it off quickly. That's how I have it.



  • 9.  RE: Endpoint Status monitor.

    Broadcom Employee
    Posted Feb 07, 2013 04:08 PM

    Hi,

    I would recommend to enable tamper protection if you are not sure why you have disabled it.

    Follow these steps to enable it.

    1. Double-click shield icon to bring up SEP client UI.

    2. Click Change Settings > Client management > Configure Settings

    3. Switch to the Tamper Protection tab, and either change the action to Log the event only or uncheck the option Protect Symantec security software from being tampered with or shut down.

    4. Click OK.

    5. After completing task requiring tamper protection to be disabled, restore tamper protection to the previous setting.