Open Draft Letter to the Forums Community for creation of Symantec Endpoint Protection 11.x Policy Templates
Dear Forum Users,
I would like to open up a dialog. I would very much like to kickstart a community lead effort to create SEP Policy Templates.
While working with hundreds of clients in the field, the common thread I've heard is the lack of time customers have to create policies for SEP 11.0 that maximize its potential.
There are many new features in SEP 11 compared to SAV 10. These new features were added to add protection mechanisms against threats.
Unfortunately, many of these features are under utilized or not utilized at all.
There are a number of features in SEP 11 that have policies that may be applied:
1. AntiVirus and AntiSpyware
2. Scheduled Scans
3. Firewall
4. Intrusion Prevention
5. Application Control
6. Device Control
7. Location Awareness
8. Centralized Exceptions
The idea of this open letter is to solicit a response from the community to demand and participate in the creation of SEP Policy Templates.
If you are reading this and agree that you would answer the following questions in the positive, please add a comment stating your support.
If enough people respond to this, I will make sure to capture all respondents and submit to the appropriate folks.
1. Would you like to see Symantec Endpoint Protection 11 contain Template Policies that provide a basic, intermediate, advanced and custom policies for many of the SEP policies?
2. Would you be likely to download Symantec provided policies in the forums?
3. Would you be likely to customize these policies for your own use and then upload your changes back to the forums for the community to use? (A-la Open Source)
Some possible Policies:
1. AntiVirus and AntiSpyware
- Base Policy Focused on Performance
- Scan Everything Policy
2. Scheduled Scans
- Customized Folders or extensions to scan
3. Firewall
- Basic FW Policy: Open out rules, minimum ports opened inbound.
- Medium Policy(#): Create outbound rules: Some blocked outbound ports, followed by some blocked ports inbound (80,21,22 to desktop).
4. Intrusion Prevention
-Excluded signatures that are observed to false positive.
5. Application Control
- Internet Explorer Lockdown Policy
- Adobe Reader Lockdown Policy
- Windows Critical files Lockdown Policy
- Removable Drive Specific Policies: No-write to USB. No read from USB autorun.inf
6. Device Control
- Device ID contributions from the community
7. Location Awareness
- Location awareness ideas on how to leverage Location Awareness in combination and assignment of other policies.
8. Centralized Exceptions
- Centralized exceptions of popular applications. For example, Oracle on Windows exclusions, SAP or PeopleSoft exclusions.
Why should the individuals in the community re-invent the wheel, lets pool our small individual contributions into a sea of change.
Any takers?
Cheers,
Efrain
BTW, in order to export a policy from the console and make it easy to paste into a website, follow the instructions below:
How to see the contents of an exported Policy
1. Export the policy to a file sample.dat
2. rename the sample.dat file to sample.zip
3. unzip the file. File contains a file named main.xml
4. Submit to the forums.