Video Screencast Help

Reworking the SEP documentation

Created: 13 Aug 2013 • Updated: 02 Jun 2014 | 14 comments
Paul Murgatroyd's picture
Hi all,
We are just about to start a project internally to look at how the SEP documentation is delivered.  One thought that we had was to focus it on "jobs" that our customers are trying to achieve, an example of this might be "How do I give different access levels to different administrators in my organization, and in my customers' organizations" which would result in a walkthrough of conifguring administrators, domains, domain admins, limited admins, etc.
What are your thoughts to this?  Can you think of any questions or queries like this that you have had in your time working with SEP that might help others if we were to build documentation around them?
Some more examples:
How do I keep my employees safe and secure at remote offices:
Over high bandwidth network
Over low bandwidth network
How do I keep my offices safe, and comply with European Union privacy regulations
How can I use a single SEP server to manage multiple groups of users, or multiple customers, while keeping their data segmented and allowing group or customer administrators to see and manage their own machines.
Operating Systems:

Comments 14 CommentsJump to latest comment

AjinBabu's picture


1. Configuring client server communication via external certificates



Paul Murgatroyd's picture

Thanks Ajin,  but that wasn't my question :)

Does anyone else have any thoughts on the most common questions you have had when using SEP?

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed:

Rafeeq's picture

These were some of the common questions I faced.

1) Is it possible to or How to add third party certificate for communication between SEPM and SEP?

2)Available configuration in Conf file.

3) How to schedule liveupdate from Client to Server ( I know its on hearbeat but Customers need Symantec document)

4) How to do remote uninstall SEP from SEPM Console?

Paul Murgatroyd's picture

thanks Rafeeq, thats the kind of things we are looking for!

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed:

sep_tx's picture

Less of a specific task based question.  More of a how does it work question.

My biggest complaint with so much of the vendor supplied documention is that it usually ends up being a GUI intro with specific task instructions.  Add new user, click here, enter name, click there, enter email, click this set permission......etc.  Any one with any experience under thier belt can roughly figure out a typical "windows" GUI if it was designed nicely.  Not saying this information isn't needed, but it is not where most of my question end up.

Personally I would like to see more explainations of how the application or it's components function. 

Anti-Malware Exceptions, don't just tell me where the menu selections are and how to enter a known file path.  Tell me explicitly what the SEP variables match up with in relation toWindows system variables in XP, 7, 8 and Server 2003, 2008, and 2012.  (I went through this on the phone with support and they never did give me an exact directory listing).  Tell me how the use of system varibles may affect my exceptions.  How SEP handles those variables and how I can reduce the number of entries in my exception list and why that is a good thing.

Explain how 'Learned Applications' actually identifies executable code.  Is it looking at processes, simply searching for .exe files, etc.

In short, kind of like give me a fish vs teach me to fish.  The better an admin understands how the system functions and not just where to navigate menus the better they can mature their operation.

Brɨan's picture

This is a great point.

Along the same lines, I feel the same way in regards to SONAR.

What is considered a high risk detection (or how is it calculated)?
What is considered a low risk detection (or how is it calculated)?
What exactly is aggressive mode (or how is it determined)?

If it's proprietary info than no worries, I understand. But it's hard to justify using to management when you can't explain what exactly they are.

I'm 99.99% sure I didn't miss something in the knowledge base but if I did, please let me know.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

idaman22's picture

Would love to see how to open up firewall in NTP with pictures, tutorials and videos of the creating the rules to allow or block for specific normal network activity in Windows networks.

Brɨan's picture

I've tried to do this with a couple articles:

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Subhani's picture

@Paul , I am glad that you asked this Quesiton . I have been using Symantec since last 4 Years but before that I used Mcafee ePO for More than Eight years so you can get an idea about my experience type . My Suggestion is that Symantec should Provide following type of documentation

a) White Papers or Tech. Notes on New Features ,how they work and how to make the best use of them such as SONAR ,Download Protection , Insight etc. 

b) How to documents , for the routine Tasks and new  assignments i.e

  1. How to Monitor a Rouge Application
  2. How to Allow/Block a particular Hardware device
  3. How to create/Monitor GUPs  ( I know there are many documents about creation so this is just an example)
  4. How to Push Updates to a particular machine
  5. How to Stop Updates (If SEP Manager is pushing updates during day time over a WAN link and causing Problem for the branch site) .This is a situation which we face if a person in branch turns on his PC after a long vacation .
  6. How to create Firewall Rule to block or allow Certain Application
  7. How to analyze SEP Manager logs e.g If I want to see when a particular GUP was updated OR why a particular GUP is not updating .which Log I should refer to .
azasadny's picture

The question I'm being asked by my mgmt is "What components are part of what technology?". In other words, "SONAR is implemented by these dll's and registry entries, AutoProtect is implemented by these dll's and these registry entries. disabling this technology affects these other components"... Mapping between the SEP components on the SEPM and what is on the clients would also be very helpful. Thanks!

SteveTanti's picture


Yes, the current documentation (1000+ pages!!) is quite daunting to begin slogging through. Although it is one of the most detailed pieces of documentation for a product suite I've seen, it seems to miss the mark at an operational level. As such, I'm glad you're starting to address this rather than just tell us to go on the two week security course Symantec offers.

SEP is a huge and complex product and it can easily suck your whole day away if you aren't specific about what you do in the SEPM console. Everyone's time poor and all the products we manage are getting so much more complex.

I'd like to see some guidelines on what daily/weekly tasks should we do at an operational level in the SEPM console? There's so many logs to look at, knowing what are the important ones and the ones that you can just set up a report on weekly for a quick scan would be very helpful.

Which logs/reports should we look at regularly and set up email reports for?

What steps should we take when we see different types of events (malware/virus etc)?

Unmanaged detections are cruital, but a huge noise generator when first set up. Something for that would be nice.

Tamper protection: something on how to manage the alerts. Everyone seems to just say to put in an exception and they ignore the possiblity that it's actually malicious!

Vendors always like saying to set up an exclusion on their whole application folder... some better guidelines around this.


skevans's picture

Managing clients day to day, & managing unmanaged clients.

Day to day things that should be checked.

Disaster recovery. What the heck do I do if some super virus takes over??! Or if our symantec server crashes for some reason.

Why some clients that I know are on and working are saying client version unavailable and showing offline under Health State (like my PC is now).

When I go to remotely push a client update it will not go through.

Pretty much I was just handed Symantec and said here learn this.
I need a Symantec book for dummies haha

Brɨan's picture

Not to get away from the point of this thread but check SEP support page for a wealth of info on SEP:

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

dsmith1954's picture

As someone above said - what policy settings in SEPM correspond to SEP client settings. It would be even better if the naming conventions were the same, but until that happens...

Maybe what's needed is a beginner's admin guide with all the how-to's, and an advanced admin guide for those of us that have been doing this for years and want to know the technical details.

An installation guide that has best practices for all types of situations. Might help to have a beginner's installation guide and an advanced installation guide that might be more suited to consultants/architects.

Best practices for beginners (simple installations - one site, one SEPM, one location maybe two) and advanced users (more complex installation - multiple sites, multiple SEPMs, multiple SEPM domains, multiple locations, GUPs, etc).