Video Screencast Help

possibilty of notification

Created: 10 Jun 2012 • Updated: 29 Sep 2012 | 7 comments
This issue has been solved. See solution.

Is it possible that when smc service get stopped, notification will be generated?

Comments 7 CommentsJump to latest comment

consoleadmin's picture

Open and login to the SEPM

Click Monitors

Click Notifications

Click Notification Conditions

Click Add

Select "Client Security Alert"

check out the required option under "What settings would you like for this notification?"

 Select the Severity type

Add your email id here.

Then Ok.

Thanks.

Mithun Sanghavi's picture

Hello,

Why wait till SMC service gets stopped? Why not provide a protection to the SMC services?

You can determine the level of interaction that you want users to have on the Symantec Endpoint Protection client. Choose which features are available for users to configure. For example, you can control the number of notifications that appear and limit users' ability to create firewall rules and virus and spyware scans. You can also give users full access to the user interface.

The features that users can customize for the user interface are called managed settings. The user does not have access to all the client features, such as password protection.

To determine the level of user interaction, you can customize the user interface in the following ways:

  • For virus and spyware settings, you can lock or unlock the settings.

  • For firewall settings, intrusion prevention settings, and for some client user interface settings, you can set the user control level and configure the associated settings.

  • You can password-protect the client.

To password-protect the client

  1. In the console, click Clients.

  2. Under Clients, select the group for which you want to set up password protection.

  3. On the Policies tab, under Location-independent Policies and Settings, click General Settings.

  4. Click Security Settings.

  5. On the Security Settings tab, choose any of the following check boxes:

    • Require a password to open the client user interface

    • Require a password to stop the client service

    •  Require a password to import or export a policy

    • Require a password to uninstall the client

  6. In the Password text box, type the password.

    The password is limited to 15 characters or less.

  7. In the Confirm password text box, type the password again.

  8. Click OK.

Check this Article which may helps you with all the Information you are looking for:

How do you lock down SEP client interface so that end users cannot disable components or modify settings.

http://www.symantec.com/docs/TECH136678

How to block a user's ability to disable Symantec Endpoint Protection on Clients

http://www.symantec.com/docs/TECH102822

How to restrict users from making configuration changes to the Symantec Endpoint Protection client.

http://www.symantec.com/docs/TECH102370

Hope this helps!!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
Sumit G's picture

Agree with Mithun, you can set the password the stop/uninstall the symantec. So that no one can have access to stop it without your permission

Regards

Sumit G.

_Brian's picture

You can set this alert if you were using SNAC. You can implement the password suggestion above as well. Also, you can protect the SEP services using an application and device control policy.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

consoleadmin's picture

Agree with Mithun As well, Because if you set the password on service then no one can able to stop it with out permission.

How to block a user's ability to disable Symantec Endpoint Protection on Clients

http://www.symantec.com/docs/TECH102822

Thanks.

happy_blaze's picture

my requirement is that if any engineer stop the service, log/email will generate?

_Brian's picture

If you're using Application and Device Control than yes as you can set an alert for Applicaton Control events. The rule would be related to protecting client files and registry keys.

Otherwise, there is no way to currently do this that I know of.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.