Endpoint Protection

It is my understanding that Linux does not have a SEP version. We have to use SAV FL.

Is there a management console for this?

We may have to manage a bunch of servers, if there is no management servers, what is the best way to manage them?

Thanks in advance for your suggestions.

Hello,

You're right there's no Endpoint Protection for Linux, SEP just supporting Windows and MacOSX systems currently. You can use SAV for Linux as you said also. However there are no management console's for managing SAV for Linux. But you can configure SAV for Linux to send their events to SEP Manager then you can monitor and report some data for Linux machines.

Regards,

Oykun

thumbs up to above advice!

SEP Linux reporting to SEPM
http://www.symantec.com/business/support/index?page=content&id=DOC3474

if not for AV, for Host IDS you can use SCSP , Linux clients can be managed by the SCSP manager
 

Hello,

You can update the linux clients by configuring Liveupdate Administrator

Please check out the below link,

https://www-secure.symantec.com/connect/forums/does-sep-121-supports-linux

https://www-secure.symantec.com/connect/forums/sav-linux-0

Thank you Oykun. I will check that.

Pete, is there anything that gives more info on Linux reporter?

How does SEPM show these report? Is it shown similar to the Windows clients?

Thanks.

Hi Nraj,

The logs forwarded to the SEPM from the SAVFL Reporter are listed right along all the other log sthat the SEPM has from Windows and Mac clients.  Threat detections, for example, appear in the risk reports, can trigger notifications, etc etc.

The Linux clients themselves do not appear in the SEPM Clients list.

How many Linux clients are you planning to deploy?  There is a way to create and drop a config file on them, though it is a little tricky.  If you have a lot of Linux clients it can be useful, but it if is just a couple you are probably better off manually scheduling scans, exclusions, etc on them.

Hope this helps! 

Thanks Mick,

So, we cannot actually see 'em but can pull reports.

Initially it would be something around 30 servers. It would be helpful if you can let me know the way to drop the config file. Thanks again.

Management of Symantec AntiVirus (SAV) for Linux
Article: TECH102587   |  Created: 2007-01-05   |  Updated: 2012-02-01   | 
Article URL http://www.symantec.com/docs/TECH102587
 

I never knew confEd can be used for Linux :o I will cehck this and let you know. As for this this seems to answer my queries. Thanks a lot.

Could you please mark the apropriate comment as Solution , If the above information  was helpful.

Sure. I just need to check a couple of things & i will as soon as possible.

Hi NRaj,

Just wondering if you have any additional observations/experiences that you would like to add to this thread.  Any advice you may give would be of benefit to future admins who have the same SAVFL questions.

Or, if tere are any additional outstanding queries you have, please do feel free to add them to thi sthread!

With thanks and best regards,

Mick

Hi Mick,

Sorry for the delay. I was a little occupied with other testing and could not test this. But ConfigEd was really helpful. I cannot let the thread hang for any longer. I will open another when i test Linux. Thank you.

Hi Pete,

Thank you for the suggestion.If you could give me some info about the linux management from SCS, it would be great. 

Thank you all for the suggestions.

Here is a new enhancement request for the tool used to create those SAVFL configuration files:

Update Configuration Editor (ConfigEd) Tool for SAVFL
https://www-secure.symantec.com/connect/ideas/update-configuration-editor-configed-tool-savfl

Please do vote in support of this tool, if you agree!  &: )

Thank you Mick.