Endpoint Protection

We select Basic Content installation package, but found there is still "Proactive Threat Protection" installed.

We want to install minimize package on server device, so we uncheck "Proactive Threat Protection" in Client Install Feature Set.

1. May we know if any function will be affected without "Proactive Threat Protection" ? What does "the client software provide reduced protection against threats" mean?

We only need virus detection and clean action on our server. Can SEP work normally without "Proactive Threat Protection" ? We don't want to enable this tech .

2. What about download Insight, we cannot find where to uncheck it from installlation package, but disable it in policy. Warning message displayed on SEP icon, is there anyway to remove this warning from SEP , or not to install this feature ?

hi,

Best practices regarding Intrusion Prevention System technology

http://www.symantec.com/docs/TECH95347

Best Practices for Installing Symantec Endpoint Protection (SEP) on Windows Servers

http://www.symantec.com/docs/TECH92440

check this thread

https://www-secure.symantec.com/connect/forums/sep-ntp-and-ptp-component-server-2008-r2

Proactive Threat Protection consist of two components:

- SONAR (some documentation to it here:  http://www.symantec.com/docs/HOWTO55215)

- Application and Device Control

Application and Device Control may be disabled if required and it does not impact Antivirus Protection at all.

SONAR provides heuristic detection of unknown threats - if disabled this kind of protection will not be available on the client anymore, Antivirus Protection will still be working as previously.

Download Insight will be unistalled by removing the "Advanced Download Protection" from the installation package.

1. May we know if any function will be affected without "Proactive Threat Protection" ? What does "the client software provide reduced protection against threats" mean?

the threats against zero day and components of SONAR and download insight will not be used.

2. We only need virus detection and clean action on our server. Can SEP work normally without "Proactive Threat Protection" ? We don't want to enable this tech .

Yes, you can install only SEP AV/

2. What about download Insight, we cannot find where to uncheck it from installlation package, but disable it in policy. Warning message displayed on SEP icon, is there anyway to remove this warning from SEP , or not to install this feature ?

have you restarted the machine?

Thank you pete_4u2002 , the warning message will only happen after restart. It won't be seen if SEP client did not restart at first installation

Thank you. SebastianZ

Dear pete_4u2002 and SebastianZ

Pardon me, just found there is Basic Protection for Servers, which not include Advanced Download Protection and Proactive Threat Protection, may I know if this are enough for SEP AV ?

But we need to use Risk Tracer funcion, may I know if I need to select Network Threat Protection? or Firewall under Network Threat Protection is enough, no need to tick "Intrusion Protection" ?

NTP is only for active response settings. You can leave it. If the server is busy then suggest to install basic protection.

Hi Pete_4u2002,

do you mean , to enable risk tracer, we don't have to have "Firewall" and "Intrusion Protection" + "Network Threat Protection" installed?

1) may I now if "Network Threat Protection" = "Firewall" and "Intrusion Protection" ?

2) Server is busy, if some feature cannot be installed, we would like to select Basic Installation for server. But we need to use risk tracer function to detect and log the risk source IP, do we have to install a)b)c) (a)"Network Threat Protection" b) "Firewall" c)"Intrusion Protection")on SEP client ?

refer to article https://www-secure.symantec.com/connect/forums/risk-tracer-questions , seems

********quote*********

Conclusion

********end quote*************

Hi ,any comment, can you please assist?