Endpoint Protection

 View Only

  • 1.  how SEP protect its own file

    Posted Sep 06, 2010 03:43 AM
    How does Symantec Endpoint Protection protect its own file?


  • 2.  RE: how SEP protect its own file

    Posted Sep 06, 2010 03:51 AM
    it uses tamper protection to protect its own files
    http://service1.symantec.com/support/ent-security.nsf/docid/2009120709215048?Open&seg=ent


  • 3.  RE: how SEP protect its own file

    Posted Sep 06, 2010 03:54 AM
    It uses Tamper Protection for this purpose. Tamper Protection provides real-time protection for Symantec applications. It prevents Symantec processes from being attacked or affected by non-Symantec processes, such as worms, Trojans, viruses, and security risks.


  • 4.  RE: how SEP protect its own file

    Posted Sep 06, 2010 05:47 AM
      |   view attached
    SEP also offers an out-of-the-box application and device control policy that protects its own files, registry keys, etc.
    I found 2 ways in which a user (or a script) can disable SEP (even though it is password protected).
    However, when I enabled the rule, these methods of disabling SEP didnt work.

    The rule is called "Protect client files and registry keys" and is disabled, and set to Test(Log only) by default. All you need to do is go on your app&dev policy, enable it and set it to production.

    I usually prefer testing the policy on a test PC prior to pushing the policy throughout all of the clients.

    I have attached a screenshot of the policy just FYI.


  • 5.  RE: how SEP protect its own file

    Broadcom Employee
    Posted Sep 06, 2010 06:02 AM
    tamper protection along with the application and device control policy will provide protection on the SEP files .