Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response recommendations for Symantec Endpoint Protection settings

Updated: 19 Aug 2010 | 11 comments
Hear4U's picture
Hear4U
+3 3 Votes
Login to vote

Hello everyone,

I believe this will help answer many questions our users have regarding their configuration/settings.

Best,

Eric

discussion Filed Under:
,

Comments

bjohn's picture
08
Mar
2010
0 Votes 0
Login to vote
bjohn

The document talks about

The document talks about screenshots. Umm, where are they?

Prachand's picture
08
Mar
2010
0 Votes 0
Login to vote
Prachand
Trusted Advisor

Screen shots

Security Response recommends the following Scan Settings

1.JPG

2.JPG

3.JPG

Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)

Prachand's picture
08
Mar
2010
0 Votes 0
Login to vote
Prachand
Trusted Advisor

Screen shots

Security Response recommends the following setting changes to Truscan for best protection

4.JPG

5.JPG

Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)

bjohn's picture
09
Mar
2010
0 Votes 0
Login to vote
bjohn

Thanks. I made all these

Thanks.
I made all these changes except for the network scan. Now let's see how many fake av programs SEP lets through.
*crossing fingers*

Vikram Kumar-SAV to SEP's picture
09
Mar
2010
0 Votes 0
Login to vote
Vikram Kumar-SAV to SEP
Symantec Employee
Accredited

 If you are looking for

 If you are looking for blocking Fake Av's then you should use ShadowPapa's application control policy.
https://www-secure.symantec.com/connect/articles/how-use-sep-protect-against-rogue-browser-helpers

VMWARE-- SEP 12.1 vs McAfee vs Trend Micro

dimitri limanovski's picture
15
Mar
2010
0 Votes 0
Login to vote
dimitri limanovski

Prachand: while I appreciate

Prachand: while I appreciate the write-up and screenies, I am left to wonder, have you guys tested these settings? In our lab, TruScan in its default configuration caused such performance drawbacks, we actually had to turn it off altogether. Bloodhound detection set to maximum will result in huge number of false positives.

Prachand's picture
16
Mar
2010
0 Votes 0
Login to vote
Prachand
Trusted Advisor

yes , the settings had been

yes , the settings had been tested before putting it for the customer. As far has performance and false postive is concerned ,it would happen at an extent , as with High Security comes a bit of over head.

Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)

MiRzA's picture
15
Mar
2010
0 Votes 0
Login to vote
MiRzA
Accredited

Hi, i have perform a demo

Hi,


i have perform a demo about Security recommendations. so any one guid me and give me security recommendation regardin symantec endpoint protection

thromada's picture
09
Apr
2010
0 Votes 0
Login to vote
thromada

According to the table at

According to the table at http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010020308592948, each and every Auto-Protect action taken for security risks should be Quarantine/Delete.  Is this correct?  Is anybody else doing ALL of this?

snekul's picture
09
Apr
2010
0 Votes 0
Login to vote
snekul

On machines that our admins

On machines that our admins use, I put Hack Tools and Remote Access as quarantine and then leave alone, since I don't want to accidently delete a usuful utility, which sometimes is used for evil as well.  But on high security systems, I leave the delete action as secondary.

Eric C. Lukens IT Security Policy and Risk Assessment Analyst University of Northern Iowa

thomas_m's picture
19
Aug
2010
0 Votes 0
Login to vote
thomas_m
Symantec Employee
Accredited

You should be able to set

You should be able to set centralized exceptions for the specific tools rather than a blanket leave alone statement

Symantec Technical Support Engineer, SEP, SAV for Linux<

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,794