Endpoint Protection

 View Only

  • 1.  Latest SEP on virtual (Openstack) RDS Windows 2012 servers

    Posted May 25, 2016 06:41 AM

    Hi there,

    Are there any best practices for configuring SEP on virtual RDS servers Window 2012?

    I know about: shared insight cache server config, randomization for updates and scans.
    However im reading this: https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/SOLUTIONS/91000/TECH91070/en_US/SEP_Citrix-Terminal_Servers.pdf?__gda__=1464316151_d4263b2c588fc15a0dc00db782654c9a

    And i wonder if its still necessary to change register values for the latest SEP clients and a multi-user RDS enviroments so the SEP processes wont run for each logt in user.

    Thanks,

    Levd



  • 2.  RE: Latest SEP on virtual (Openstack) RDS Windows 2012 servers

    Posted May 25, 2016 06:49 AM
    Yes that does still apply


  • 3.  RE: Latest SEP on virtual (Openstack) RDS Windows 2012 servers

    Posted May 25, 2016 07:15 AM

    Hi Brian,

    So if im reading correctly, for 64 bits W2K12 RDS servers running the latest SEP this will be enough: (for disabling multiple processes per user)

    1 Logon to the server you wish to configure with an administrator account 

    2 Click Start, Run and type “regedit” then click OK 

    3 Browse to HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC 

    4 Find the entry LaunchSmcGui and change it from DWORD 1 to DWORD 0 

     

    1 login as admin

    2 Click Start, Run and type “regedit” then click OK

    3

    Browse to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    (for 64bit servers this is

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run)

    4 Find the entry ccApp and delete it



  • 4.  RE: Latest SEP on virtual (Openstack) RDS Windows 2012 servers

    Posted May 25, 2016 07:25 AM

    The doc mentions SEP 11.x but it should still apply, here is a newer link with additional info as well:

    http://www.symantec.com/docs/TECH91070



  • 5.  RE: Latest SEP on virtual (Openstack) RDS Windows 2012 servers

    Posted May 25, 2016 07:48 AM

    Brian thanks,

    Another question about configuring SEP on virtual machines.

    After reading this document: https://support.symantec.com/en_US/article.TECH173650.html

    "Scheduled scans can be configured as either Active scans (scanning currently running processes and critical Windows files/folders), or full scans (scanning all physical drives on the client). The increased security capabilities of SEP 12.1 make it possible to utilize Active Scans instead of full scans with minimal impact on security. This reduces the amount and duration of I/O load generated from scheduled scans compared to full scans. Scheduled full scans are not required to secure SEP 12.1 clients."

    Im not so sure building a Shared Insight Cache server is still necessary and our new enviroment will be secure enough with scheduled active scans.

    Am i right with this assumption?

     



  • 6.  RE: Latest SEP on virtual (Openstack) RDS Windows 2012 servers

    Posted May 25, 2016 07:54 AM

    If you're required to run full scans then you can do a SIC. If not, active scanning will suffice.



  • 7.  RE: Latest SEP on virtual (Openstack) RDS Windows 2012 servers

    Posted May 25, 2016 08:24 AM

    Ok, thanks!



  • 8.  RE: Latest SEP on virtual (Openstack) RDS Windows 2012 servers

    Posted May 25, 2016 08:28 AM

    You're welcome.