Endpoint Protection

 View Only

  • 1.  Recomended SEP settings on clients ?

    Posted May 19, 2011 07:28 AM

    We have sep 11.0.6300.803 on our clients

    what are the best settings for our clients

    is this article from 2010-11-16 that the one to use ?

    http://www.symantec.com/business/support/index?page=content&id=TECH122943&locale=en_US

    Security Response recommendations for Symantec Endpoint Protection settings

    Article: TECH122943  |  Created: 2010-01-03  |  Updated: 2010-11-16
     

    Problem

    You would like to know what settings Security Response recommends for Symantec Endpoint Protection and how to set those settings using the Symantec Endpoint Protection Manager.
     

    Cause

    The default behavior for Symantec Endpoint Protection does not fully utilize the protection offered by Symantec Endpoint Protection and can be modified to more aggressively scan and protect in the cases of a detection. This document explains the ways in which you can modify the relevant settings.

    Solution

    Security Response recommends the following Scan Settings
     

    Antivirus Security Setting Default Setting High Security Policy Security Response Recommendation
    Lock settings Some Some All
    Remediation: terminate processes No No Yes
    Remediation: terminate services No No Yes
    Auto-Protect action taken for security risks Quarantine/Log Quarantine/Log Quarantine/Delete
    Network Auto-Protect Disabled Enabled Enabled
    Bloodhound Level Default (2) Default (2) Default (3)
    SEP Startup System Start System Start System Start
    Auto-Protect Scan Modify and access Modify and access Modify and access


    To make changes to these settings, do the following:

    1. Navigate to the Policies tab in the Symantec Endpoint Protection Manager
    2. Select the policy you would like to modify
    3. Right click that policy and chose the Edit option
    4. Once in the Antivirus and Antispyware policy, select "File System Auto-Protect" from the list on the left.
    5. Select the "Scan Details" tab
    6. Lock all options. Any option not locked is configurable at the client.
    7. Enable network scanning by clicking on the box next to the "Network Settings" until it shows a check mark.
    8. Click on the "Advanced Scanning and Monitoring" button
    9. Lock all options.
    10. Click on the box next to "Enable Bloodhound(TM) heuristic virus detection so that it shows a check mark.
    11. Select the drop down next to "Level of protection to use". Select "Maximum".
    12. Click the button labeled "OK".
    13. Select the "Actions" tab.
    14. Lock all options.
    15. Select "Security Risks" under the Detection heading.
    16. Select the drop down for First Action and change it to "Quarantine risk".
    17. Select the drop down for If first action fails and change it to "Delete Risk".
    18. Click on the box next to "Terminate processes automatically" so that it shows a check mark.
    19. Click on the box next to 'Stop services automatically" so that it shows a check mark.
    20. Click "OK" to save your changes.


    Security Response recommends the following setting changes to Truscan for best protection
     

    Truscan Default Setting Security Response Recommendation
    Scan Sensitivity 9/Low 100
    Action on Detection Log Terminate
    Scan Frequency 1:00 00:15



    To make the recommended changes

    1. Navigate to the Policies tab in the Symantec Endpoint Protection Manager.
    2. Select the policy you would like to modify.
    3. Right click that policy and choose the Edit option.
    4. Once in the Antivirus and Antispyware policy, select TruScan Proactive Threat Scans from the list on the left
    5. Select the Scan Details tab.
    6. Lock the options for the following by clicking the lock icon so that the icon shows a closed lock: Scan for trojans and worms, use defaults defined by Symantec, When a trojan or worm is detected within the sensitivity threshold, Sensitivity.
    7. Click on the check box for "Use defaults defined by Symantec" so that the box is empty as shown.
    8. Select the dropdown for "When a trojan or worm is detected" and click Terminate to change it from its default of Log as shown in the above screenshot.
    9. Slide the sensitivity slider to the far right to set it to 100, as shown in the above screenshot.
    10. Select the Scan Frequency tab
    11. Lock all three options by clicking the lock icon so that the icon shows a closed lock.
    12. Reduce the "Scan processes every" value to 15 minutes.


    Symantec recommends testing any changes made before deploying to production machines as many of the ones suggested in this document have the potential to affect machine and network performance.
     

    Article URL http://www.symantec.com/docs/TECH122943


     


  • 2.  RE: Recomended SEP settings on clients ?
    Best Answer

    Trusted Advisor
    Posted May 19, 2011 07:57 AM

     

    Hello,

    These are the Recommended Settings and The Article Stands Good.

    Again, I would also like to Highlight the Below Article:

    Hardening Symantec Endpoint Protection with an Application and Device Control Policy to increase security