Endpoint Protection

 View Only

  • 1.  How does one monitor a client scan FROM the server???

    Posted Apr 16, 2009 04:51 PM
    Ok probably a simple one I missed here but maybe Symantec likes to go backwards instead of forwards on new versions.

    Previously when running SAV Console, if I ran a scan remotely on a client from the console, I would get to watch the scan take place over on the server side.
    Under SEP, I click 'Scan' and it just says it sent the command. I go over to the clients workstation and its indeed scanning, but how does one view this on the server like it used to??
    Not really any point in having this option if Im sitting across campus and have to run a quick scan and I dont even get results posted to the server to show me whats going on.

    Sending pretty much anything out remotely to a client works like this but as an admin I need to monitor these and need to know whats going on over on the client side..


  • 2.  RE: How does one monitor a client scan FROM the server???

    Posted Apr 16, 2009 05:03 PM
    This is one of the downsides of increasing the clients security.

    With SEP, there are no listening client ports (and with pull mode the client isnt continuously connected either) which unfortunately means a direct connection to a client is not possible at this moment in time.  Its something we are looking into for the future, either that, or getting the client to send back a periodic scan status which is viewable through the console.


  • 3.  RE: How does one monitor a client scan FROM the server???

    Posted Apr 16, 2009 05:30 PM
    So basically the only function of the server nowadays is to push out the client, send commands that you dont know are actually doing anything, and gather reports that never update themselves??
    The management console doesnt seem to have a lot of management functionality anymore.


  • 4.  RE: How does one monitor a client scan FROM the server???

    Posted Apr 16, 2009 05:41 PM
    Thats the way it is at the moment I'm afraid.

    With SAV, the client was constantly connected to the server, with SEP that is no longer the case (unless you use push mode, which isnt recommended for larger deployments)  SEP gives you the ability to tell a client to run a scan and even if it isn't online, as soon as it comes online then it will do so.  If your SAV client wasn't online you had no way of controlling it.  Depending on your heartbeat period, you should get updates to the command status, so you can confirm that the client has indeed started the scan.  You will also see the start event in the Scan Log on the SEPM.  Once complete, that too will update.



  • 5.  RE: How does one monitor a client scan FROM the server???

    Posted Apr 17, 2009 05:41 AM
    Hi Paul,

    Kindly take this into consideration for future builds of SEP as this feature was very usefull in SAV 10.x versions.

    Rgrds,
    SAM


  • 6.  RE: How does one monitor a client scan FROM the server???

    Posted Apr 17, 2009 07:53 AM
    I"m afraid "Monitors" then the command status tab is the only way to know how it went or is going.
    IT shows the status of any command you issued, including scans.
    And that's not live - that's only as the client reports in, like Paul said, based on heartbeat.
    I understand their thing on client security-  you COULD see file names and locations and the constant communication must have taken a toll on traffic.
    I miss the old SAV way, but understand why they did it.
    I'd like to see an "option" like "stay connected for this scan only" sort of thing.