Endpoint Protection

 View Only

  • 1.  Install SEP Without NAC

    Posted Jul 18, 2011 03:55 PM

    How can I create an install package to install SEP 11.0.6 WITHOUT Network Access Control?  I basically dont want to use this feature and it is taking up memory that other programs could use.

     

    Is there a way to not install it in version 12.x as well?  I imagine we will be moving to that version soon.



  • 2.  RE: Install SEP Without NAC

    Posted Jul 18, 2011 04:08 PM

    NAC comes on all clients to my knowledge, however you need another license to activate it in order for it to be used. Do you have the NAC piece available on your SEPM?



  • 3.  RE: Install SEP Without NAC

    Posted Jul 18, 2011 05:23 PM

    NAC isn't a seperate software module - instead it actually used SEP's firewall/IPS to enforce securiy policies.  



  • 4.  RE: Install SEP Without NAC

    Posted Jul 19, 2011 01:45 AM

    You may see Symantec Nwtwork Access Control in the list of services after installing SEP(Though we do not manually add that in SEP or SEPM.)

    However if you go for a Licence for SNAC, then if you assign the policy and work on it, it will be active and functional. Until then, it will be just included or it will not be consuming resources. Please do not worry about that.

    Good Luck!



  • 5.  RE: Install SEP Without NAC

    Posted Jul 19, 2011 08:53 AM

    No, NAC doesnt show up in SEPM and I dont have a seperate license for it.  It does consume memory thought, thats why I was hoping that you could stop it from installing all together so SEP would look like previous versions and only have 3 options installable.  Oh well.  Thanks for the info.



  • 6.  RE: Install SEP Without NAC

    Posted Jul 19, 2011 09:19 AM

    So it shows up in your task manager (SNAC.exe)?

    I've never seen it cause any problem. Is it disabled under services?



  • 7.  RE: Install SEP Without NAC

    Posted Jul 19, 2011 11:50 PM

    In SEPM under policies, is Host Integrity listed?

    If so select that.   Do any Host Integrity policies have a location use count greater than zero? 
    If so, find the policy with a Host Integrity Policy and withdraw the host integrity policy.

    If you dont have Host Integrity listed, first try running the SEPM install again.    I'm not sure that will work. (didn't think to try it).     In my case support sent me a trial copy of snac12.1exe.   It has sepm, sncac and the dhcp plugin.   When I ran the sepm from that package it upgraded my sepm adding the nac pieces.   Only after I did that did I see the Host Integrity policies.

    After I withdrew the host integrity policies, everything is back to normal.   No nac licensing errors, no nac listing in the gui.   The SNAC service is now disabled.  I'll have to test if the SNAC service is installed at all on a new system or if it goes away after reboot.   Pretty sure I'll need to rebuild my install packages since they would have the old host integrity phantom policy in them.

    hope that helps.