Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Qurantine server solution

Created: 03 Jun 2013 • Updated: 04 Jun 2014 | 10 comments

Hi Team

1.I want a solution on Qurantine server , if a Qurantine server goes down what is the next step in an IT environemnt for directing the virus files.

I have 5000 users , what wil happen if Qurantine server goes down and how  suspicious files are handled .

2.Do we need to test the daily defination updates released from symantec , as the managemnt sys its risk to directly download the updates and distribute them in an IT environemnt, plz provide a solution on this.

Thanks

Operating Systems:

Comments 10 CommentsJump to latest comment

.Brian's picture

Symantec offers the quarantine server and you can set it up to handle quarantined files

Best Practices for using Quarantine Server in a Symantec Endpoint Protection environment

Article:TECH95663  |  Created: 2009-01-20  |  Updated: 2012-03-15  |  Article URL http://www.symantec.com/docs/TECH95663

System requirements for the Central Quarantine Server

Article:TECH182071  |  Created: 2012-02-23  |  Updated: 2013-03-29  |  Article URL http://www.symantec.com/docs/TECH182071

If server goes down, you can modify the AV policy to allow client computers to automatically submit quarantined items to Symantec Security Response.

It's up to you if you want to test. If you have the resources than it is a good idea, although Symantec has been very reliable when it comes to putting out good definitions.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

rathod's picture

Can you send me the link , what AV policy changes need to be done in  SEPM  , so that all 5000 clients submit the qurantined items to symantec security response

.Brian's picture

Edit your AV policy >> on left side, under Advanced Options, click Quarantine. Check the box for "Allow client computers to manually submit quarantined items to Symantec Security Response"

See this KBA on it:

Configuring clients to submit quarantined items to a Central Quarantine Server or Symantec Security Response

Article:HOWTO80953  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO80953

Another helpful reference as well:

How to Manage Quarantined files.

Article:TECH106443  |  Created: 2008-01-03  |  Updated: 2012-02-14  |  Article URL http://www.symantec.com/docs/TECH106443

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

rathod's picture

Thanks Brian,

Once the qurantined file are sent to symantec securty response , what is the SLA for the resolution ? (Process)

Do SEP clients need interntnet access to submit the suspicious file directly to symantec ?

Does Qurantine server need to have internt access to forward the unresolved infected files to Symantec once it recived all infected files from SEP clients?

.Brian's picture

The files are submitted anonymously so I doubt there is any formal process involved.

Yes, you would need internet connectivity for both.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

rathod's picture

SEP clients does not have internet access here in my environemnt , where the qurantine server may have internt access its a new design we have proposed.

So its a risk if the SEP does not have internt access and qurantien server goes down, all the infected files may impact the working environemnt

Plz suggest.

.Brian's picture

The files would be in quarantine so they won't be a risk to the client.

You would need to manaully remove the file from quarantine and submit to Symantec manually

Restoring a false positive from the Symantec Antivirus quarantine

Article:TECH105602  |  Created: 2008-01-12  |  Updated: 2011-01-31  |  Article URL http://www.symantec.com/docs/TECH105602

Symantec has also got a unspported tool called QExtract located under Tools\NoSupport folder of the installation CD if you need to restore the quarantined file for multiple machines. Please follow the QurantineExtract.html file comes with the tool on how to use it.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

rathkim's picture

Hi

For 5000 SEP clients , what is the hardware requirment (Example RAM, CPU etc)

Are there any standard sheet in symantec which says for this much SPE clients this much RAM is required, CPU is required etc.

I have gone through SEPM implementation guide which shows minimum requirments .

I need exact requirment for 5000 SEP clients , pls suggest.

Thanks

.Brian's picture

Check the attached guide for recommendations

AttachmentSize
SizingSizabilityBestPractices_SEP12.1.2.pdf 796.84 KB

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

rathkim's picture

 Hi Brian

Can you hlep in checking on the capabilities of Symantec Endpoint USB device encryption??