Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

scsp Agent on exchange server 2010

Created: 29 Jul 2013 • Updated: 29 Jul 2013 | 3 comments
ramling p's picture

Hi,

I am going to apply scsp agent on exchange server. what is best  pratiest applying detection and prevention policy.

what i need to monitor ? before prevention enabled. any kb artical for this? 

Operating Systems:

Comments 3 CommentsJump to latest comment

pete_4u2002's picture

first it will be in learn mode i.e. detect, based on that you can set the prevention policy.

Chuck Edson's picture

Globally disable the policy you are going to use (I suggest Strict).  Then apply the policy to a test machine, and monitor the events that come into the console (or use the agent based Event Viewer, after you enable its use in the policy) and look for any events that are in BLUE.

When you globally disable a policy (or disable any individual process sets), any event in blue is what would have been blocked if the policy or individual process set was in enforce mode.

Note that Symantec has already configured a process set (PSET) for Exchange in the out of the box Core, Strict and Limited Execution policies, so you should not have to do any tuning for Exchange.

That being said, always place Prevention polices in Disable mode when you first deploy them, just to be sure you don't block something that you need.

If a post helps you, please mark it as the solution to your issue.