Endpoint Protection

 View Only

  • 1.  Open Draft Letter to the Forums Community for creation of Symantec Endpoint Protection 11.x Policy Templates

    Posted Nov 03, 2009 10:38 PM

    Open Draft Letter to the Forums Community for creation of Symantec Endpoint Protection 11.x Policy Templates

     

    Dear Forum Users,

        I would like to open up a dialog. I would very much like to kickstart a community lead effort to create SEP Policy Templates.

    While working with hundreds of clients in the field, the common thread I've heard is the lack of time customers have to create policies for SEP 11.0 that maximize its potential.

    There are many new features in SEP 11 compared to SAV 10. These new features were added to add protection mechanisms against threats.

    Unfortunately, many of these features are under utilized or not utilized at all. 

     

    There are a number of features in SEP 11 that have policies that may be applied:

     

    1. AntiVirus and AntiSpyware

    2. Scheduled Scans

    3. Firewall

    4. Intrusion Prevention

    5. Application Control

    6. Device Control

    7. Location Awareness

    8. Centralized Exceptions

     

    The idea of this open letter is to solicit a response from the community to demand and participate in the creation of SEP Policy Templates.

    If you are reading this and agree that you would answer the following questions in the positive, please add a comment stating your support.

    If enough people respond to this, I will make sure to capture all respondents and submit to the appropriate folks.

     

    1. Would you like to see Symantec Endpoint Protection 11 contain Template Policies that provide a basic, intermediate, advanced and custom policies for many of the SEP policies?

    2. Would you be likely to download Symantec provided policies in the forums?

    3. Would you be likely to customize these policies for your own use and then upload your changes back to the forums for the community to use? (A-la Open Source)

     

    Some possible Policies:

     

    1. AntiVirus and AntiSpyware

        - Base Policy Focused on Performance

        - Scan Everything Policy

    2. Scheduled Scans

        - Customized Folders or extensions to scan

    3. Firewall

        - Basic FW Policy: Open out rules, minimum ports opened inbound.

        - Medium Policy(#): Create outbound rules: Some blocked outbound ports, followed by some blocked ports inbound (80,21,22 to desktop).

    4. Intrusion Prevention

        -Excluded signatures that are observed to false positive.

    5. Application Control

        - Internet Explorer Lockdown Policy

        - Adobe Reader Lockdown Policy

        - Windows Critical files Lockdown Policy

        - Removable Drive Specific Policies: No-write to USB. No read from USB autorun.inf

    6. Device Control

        - Device ID contributions from the community

    7. Location Awareness

        - Location awareness ideas on how to leverage Location Awareness in combination and assignment of other policies.

    8. Centralized Exceptions

        - Centralized exceptions of popular applications. For example, Oracle on Windows exclusions, SAP or PeopleSoft exclusions. 

     

     

    Why should the individuals in the community re-invent the wheel, lets pool our small individual contributions into a sea of change.

     

    Any takers?

     

    Cheers,
     

    Efrain

     

    BTW, in order to export a policy from the console and make it easy to paste into a website, follow the instructions below:

     

    How to see the contents of an exported Policy

    1. Export the policy to a file sample.dat

    2. rename the sample.dat file to sample.zip

    3. unzip the file. File contains a file named main.xml

    4. Submit to the forums.

     

     

     


  • 2.  RE: Open Draft Letter to the Forums Community for creation of Symantec Endpoint Protection 11.x Policy Templates

    Posted Nov 04, 2009 02:41 AM
    I am behind this idea all the way.  Why re-invent the wheel when we can choose which ones to use?  To encourage the shy ones, maybe there can be xome extra points for each policy uploaded.

    I was going to start the ball rolling by uploading a policy of mine, but I don't know how to export it.  It is not created under the Policy tab, but as a non-shared policy under Clients --> Policy.  I cannot see it under Policy.


  • 3.  RE: Open Draft Letter to the Forums Community for creation of Symantec Endpoint Protection 11.x Policy Templates

    Posted Nov 04, 2009 09:57 AM
    like the Custom Inventory Solution area and the Monitor SOlution Area for Altiris?


  • 4.  RE: Open Draft Letter to the Forums Community for creation of Symantec Endpoint Protection 11.x Policy Templates

    Posted Nov 04, 2009 10:22 AM

    1. Would you like to see Symantec Endpoint Protection 11 contain Template Policies that provide a basic, intermediate, advanced and custom policies for many of the SEP policies?

    YES - Word and Excel each contain templates, some pretty powerful. Want to run an amort schedule for your mortgage? Excel has a template for that...........

    2. Would you be likely to download Symantec provided policies in the forums?

    Yes - same as Microsoft does for their WEB design products, Office products, etc.

    3. Would you be likely to customize these policies for your own use and then upload your changes back to the forums for the community to use? (A-la Open Source)

    Works for me.

    More than that, however, Symantec needs to make POLICIES to be MODULAR. Right now, we have a firewall policy, but if I make a single change, say I add or change a rule, I can't share that with anyone else, NOR can I share that SINGLE change with another group HERE at work because it will overwrite the WHOLE policy, not simply ADD or MODIFY the one rule in that policy.
    Same for the other policies - I've had folks send me exclusion policies, firewall policies, you name it, but I can't use them because then it overwrites the WHOLE policy. I'd like to see policies consist of LINE ITEMS that you can export or import!
    Say you create a GREAT firewall policy and want to share it. I can't use it if I've got some very special rules in our policy here as your policy will totally overwrite MY policy, removing MY line items.............



  • 5.  RE: Open Draft Letter to the Forums Community for creation of Symantec Endpoint Protection 11.x Policy Templates

    Posted Nov 04, 2009 03:48 PM
    PKH,
         You can export a non-shared policy by following the steps below:

    1. Go to Clients(Blue Ribbon) View Client > "My Company\GroupName"
    2. Switch to the Policies Tab for that specific group
    3. Go to your selected location and click on the "Tasks" link and choose export.

    This will allow you to export your policy as a policy.dat file. If you rename the dat file to zip and extract you will be able to see the main.xml file embedded within.

    Thanks for the feedback.


  • 6.  RE: Open Draft Letter to the Forums Community for creation of Symantec Endpoint Protection 11.x Policy Templates

    Posted Nov 04, 2009 11:01 PM
    Below is a policy for the machines in my Laptops group to get their updates from LiveUpdate when they are out of office.

    =================================

    <?xml version="1.0" encoding="UTF-8"?>
    <SchemaContainer NameSpace="">
      <LuPolicy Creator="admin" Description="Allow laptops to connect to Liveupdate when out of office" Enable="1" Id="C5C31D27C0A8081200177E34052DA9C3" Name="Update settings when out of office" NameSpace="schema" _d="false" _i="D493E61AC0A8081201455CF0C6EA0384" _t="1236657682977" _v="8">
        <LuContentSourceInfo Enabled3rdPartyManagement="0" UseLiveUpdateServer="1" UseManagementServer="0" _d="false" _i="E8D21E7EC0A8081201455CF0A604844A" _t="1236657682977" _v="17">
          <LuHttpProxy Host="" Mode="NONE" Port="" _d="false" _i="0C763F06C0A8081201455CF0D6C0D70E" _t="1236657682977" _v="8"/>
          <LuFtpProxy Host="" Mode="NONE" Port="" _d="false" _i="4137F018C0A8081201455CF0A06CF84D" _t="1236657682977" _v="5"/>
        </LuContentSourceInfo>
        <LuDownloadSchedule AllowRetry="1" DayOfWeek="SUNDAY" Enabled="1" Frequency="HOURLY" FrequencyInterval="360" RetryWindow="60" StartTime="78900" _d="false" _i="06DEA0DDC0A8081201455CF031882624" _t="1236657682977" _v="23">
          <LuDownloadRandomness RandomizeTime="120" _d="false" _i="FA9F9580C0A8081201455CF0D9B9F21C" _t="1236657682977" _v="8"/>
        </LuDownloadSchedule>
        <LuGeneralConfig AllowManualLiveUpdate="1" _d="false" _i="E33E17FDC0A8081201455CF03B80A47E" _t="1236657682977" _v="11"/>
        <Metadata ChechSum="6D2D51B76F8E828EC55D50B5FF12D665" Owner="DD956E74C0A8081201A1F8130D6616E9"/>
      </LuPolicy>
    </SchemaContainer>