Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How-To guide for Server 2008 DC endpoint

Created: 10 Jul 2013 | 6 comments

Greetings.

We're new to SEP and need help configuring our domain controllers for endpoint protection.

I've searched the formus for over an hour, but I haven't found a definitive guide for configuring endpoint protection on a Windows 2008 R2 domain controller.

I have the Protection Manager installed on a member server, and I attempted to install EP on a secondary DC, but it caused much havoc and prevented the server from communicating with DNS and other madness.

Thanks in advance for your help.

Operating Systems:

Comments 6 CommentsJump to latest comment

SMLatCST's picture

"Thumbs Up" to Rafeeq above.  It does sound as if the Firewall may have been installed on this DC.  Try again without the FW component.

As an aside, as far as the AV component of SEP goes, it is able to detect if it is being installed to a domain controller and add AD exceptions automatically.  Please see the below article for more information:

http://www.symantec.com/docs/HOWTO55233
Note: This article should also help you determine if the SEP client is correctly excluding the AD files and folders

.Brian's picture

I would only start with AV only on the DC. You can create a FW policy but set everything to Log Only to let traffic pass and give you the ability to see what needs to be allowed.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

I would be glad to answer your query.

When you installed SEP on secondary DC that time you used Windows Firewall or Symantec firewall?

What's the SEP client version? 

Best Practices for Installing Symantec Endpoint Protection (SEP) on Windows Servers

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

AjinBabu's picture

HI,

Keep only Virus and spyware protection on your client.

Also have a look on http://www.symantec.com/docs/TECH92440

Regards
Ajin

 

Mithun Sanghavi's picture

Hello,

You can install the Symantec Endpoint Protection 12.1 on the Domain Controller.

Check this Article:

Best Practices for Installing Symantec Endpoint Protection (SEP) on Windows Servers

http://www.symantec.com/docs/TECH92440

I would always recommend you to install the Latest version of Symantec Endpoint Protection 12.1 on your environment.

The Latest version of Symantec Endpoint Protection 12.1 is version SEP 12.1 RU3.

Latest Symantec Endpoint Protection Released - SEP 12.1.RU3

https://www-secure.symantec.com/connect/blogs/latest-symantec-endpoint-protection-released-sep-121ru3

Best practices for upgrading to Symantec Endpoint Protection 12.1.3

http://www.symantec.com/docs/TECH163700

In case you need an urgent assistance, contact Symantec Technical Support -

How to create a new case in MySupport

http://www.symantec.com/business/support/index?page=content&id=TECH58873

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

United States: 800-342-0652 (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.