Endpoint Protection

I want to create differnt symantec policies for differnt groups. when i create an policy in symantec to turn off firewal and some other things it will not allow and error message come that inherent policy from my company applies. i create an different policy and uncheck inherent policy but new policy not applying successfully.i create an policy and turn off firewall in that policy and some other things configured in that policy but after apply when i check on client computers, fire wal is on and no effect of policy.Please help me how to create policies for groups and how to implement in a proper manner.thanks

Hi,

try this:

-  in the Clients panel, create the groups you need if not done

- for the new group, select its Policies tab (on the top) and uncheck the inheritance of policies

- select the Policies panel (on the left), select Firewall and create a new firewall policy

- edit the new policy, for example disable the firewall and lock it down (click the small lock close to the changed option)

- assign the new policy to the target group

- wait an heartbeat and check the firewall status on the clients, it should be off

- end

if you don't want to wait for a heartbeat time (by default is set to 30 mins),

you can upgrade the policy at the client side by right click to he SEP icon in the right of task bar.

that will help you test right away your policy works properly.or not.

- for the new group, select its Policies tab (on the top) and uncheck the inheritance of policies

This sounds like your most likely problem. Remember that this needs to be done at the Group level where you are applying the new policy, not at the 'My Company' level.

Is your problem now resolved? If note, please provide some more details about your set up.

when i check on client computers, firewall is on and no effect of policy

How soon do you check the client? As Leo Young stated above, the client needs to receive the new policy first. You can force this by right clicking to he SEP icon in the right of task bar and then choosing 'Update Policy'

Before that however, I check the 'Details' tab(*2) of the group(*1) in the clients section. The Policy Serial Number and Policy Date(*3) must be the date & time of when I made the change to the policy. Only then do I force update the policy on the client. That previously has done the trick for me.

Please note you cannot turn off Symantec Firewall, you might only switch it to passthrough mode by either withdrawing Firewall policy from your client's group or uncheck "Enable this policy" box in the firewall policy.

This will not show SEP Firewall as off in client interface, but would actually allow all incoming/outgoing traffic.

Dear How can i disable usb access to my all clients from symantec.

I want to disable usb mass storage access but usb ports should work for usb keyboards and mouse.

Thanks.

may be these links help

How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.
http://bit.ly/uTVdha

How to block USB flash drives while allowing other USB devices.
http://www.symantec.com/docs/TECH104299

How to block USB devices while excluding mouse and keyboard?
http://www.symantec.com/docs/TECH161779

How to block USB hard drives, but allow reading specific USB drives in the Application and Device Control Policy?
http://www.symantec.com/docs/TECH173724