Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Installation features "Proactive Threat Protection"

Created: 10 Jan 2013 • Updated: 10 Jan 2013 | 9 comments
This issue has been solved. See solution.

We select Basic Content installation package, but found there is still "Proactive Threat Protection" installed.

We want to install minimize package on server device, so we uncheck "Proactive Threat Protection" in Client Install Feature Set.

1. May we know if any function will be affected without "Proactive Threat Protection" ? What does "the client software provide reduced protection against threats" mean?

We only need virus detection and clean action on our server. Can SEP work normally without "Proactive Threat Protection" ? We don't want to enable this tech .

2. What about download Insight, we cannot find where to uncheck it from installlation package, but disable it in policy. Warning message displayed on SEP icon, is there anyway to remove this warning from SEP , or not to install this feature ?

Comments 9 CommentsJump to latest comment

Ashish-Sharma's picture

hi,

 

Best practices regarding Intrusion Prevention System technology

http://www.symantec.com/docs/TECH95347

Best Practices for Installing Symantec Endpoint Protection (SEP) on Windows Servers

http://www.symantec.com/docs/TECH92440

check this thread

https://www-secure.symantec.com/connect/forums/sep...

Thanks In Advance

Ashish Sharma

 

 

SebastianZ's picture

Proactive Threat Protection consist of two components:

- SONAR (some documentation to it here:  http://www.symantec.com/docs/HOWTO55215)

- Application and Device Control

 

Application and Device Control may be disabled if required and it does not impact Antivirus Protection at all.

SONAR provides heuristic detection of unknown threats - if disabled this kind of protection will not be available on the client anymore, Antivirus Protection will still be working as previously.

Download Insight will be unistalled by removing the "Advanced Download Protection" from the installation package.

 

 

SOLUTION
pete_4u2002's picture

1. May we know if any function will be affected without "Proactive Threat Protection" ? What does "the client software provide reduced protection against threats" mean?

the threats against zero day and components of SONAR and download insight will not be used.

 

2. We only need virus detection and clean action on our server. Can SEP work normally without "Proactive Threat Protection" ? We don't want to enable this tech .

Yes, you can install only SEP AV/

 

2. What about download Insight, we cannot find where to uncheck it from installlation package, but disable it in policy. Warning message displayed on SEP icon, is there anyway to remove this warning from SEP , or not to install this feature ?

have you restarted the machine?

 

SymQNA's picture

Thank you pete_4u2002 , the warning message will only happen after restart. It won't be seen if SEP client did not restart at first installation

SymQNA's picture

Dear pete_4u2002 and SebastianZ

Pardon me, just found there is Basic Protection for Servers, which not include Advanced Download Protection and Proactive Threat Protection, may I know if this are enough for SEP AV ?

But we need to use Risk Tracer funcion, may I know if I need to select Network Threat Protection? or Firewall under Network Threat Protection is enough, no need to tick "Intrusion Protection" ?

pete_4u2002's picture

NTP is only for active response settings. You can leave it. If the server is busy then suggest to install basic protection.

SymQNA's picture

Hi Pete_4u2002,

do you mean , to enable risk tracer, we don't have to have "Firewall" and "Intrusion Protection" + "Network Threat Protection" installed?

1) may I now if "Network Threat Protection" = "Firewall" and "Intrusion Protection" ?

2) Server is busy, if some feature cannot be installed, we would like to select Basic Installation for server. But we need to use risk tracer function to detect and log the risk source IP, do we have to install a)b)c) (a)"Network Threat Protection" b) "Firewall" c)"Intrusion Protection")on SEP client ?

refer to article https://www-secure.symantec.com/connect/forums/risk-tracer-questions , seems

********quote*********

Conclusion

The Risk Tracer feature in SEPv11 appears to work the same as SAV10. It doesnt require the firewall or IPS active response. I would classify this as reactive/reporting mode since Risk Tracer is only providing source IP in a report and is not actively taking action.

********end quote*************