Endpoint Protection

 View Only

  • 1.  SEP 12 - Question about Proactive Threat Protection

    Posted Feb 25, 2013 02:47 PM

    I am currently in the process of rolling out SEP 12 to our test user group. I have turned on Virus, Spyware and Basic Download Protection (including Advanced Download Protection) and Proactive Threat Protection (including SONAR). It looks like the advanced download protection AKA download insight it adding a toolbar to IE. That is causing some issues so I would like to disable it. The downside it that also disables SONAR. I have a couple of qusetions about this:

     

    1) If I disable download insight and SONAR, will that mean I don't have any zero day protection? Will the proactive threat protection provide any protection at all for common zero day exploits? Is there any symantec documentation on this?

     

    2) What is the best way to remove download insigh for the users in the test group? Can I just uncheck download insight and SONAR in the Client Install Feature set? Will that automatically reach out the clients in the group and remove those components? Is there any documentation on how to do that?

     

    Thanks to the community in advance.



  • 2.  RE: SEP 12 - Question about Proactive Threat Protection

    Posted Feb 25, 2013 03:02 PM

    Download Insight should does not add a toolbar to IE. Can you share a screenshot of this? I would be surprised to see something like this happening as I have it deployed in my environments and there is nothing like this in my IE toolbars.

    Please see two KB articles about SONAR

    About SONAR

    Article:HOWTO80968  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO80968

     

    Managing SONAR

    Article:HOWTO80929  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO80929

     

    They will give you a much better perspective on what role SONAR plays.

    See this KB article on disabling the components for troubleshooting:

    About enabling and disabling protection when you need to troubleshoot problems

    Article:HOWTO81195  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO81195

     

    But yes, you can disable the way you described.



  • 3.  RE: SEP 12 - Question about Proactive Threat Protection

    Posted Feb 25, 2013 03:07 PM
      |   view attached

    Hi Brian81, thanks for the quick response. Please see attached screen shot. You are correct that it is not a toolbar but an extension. It gets added to the 'Toolbars and Extensions' section of IE Add ons.



  • 4.  RE: SEP 12 - Question about Proactive Threat Protection

    Posted Feb 25, 2013 03:21 PM

    Brian81, if this add-on is not a part of download insight or SONAR, how do I disbale it in SEPM from being pushed out to client PCs?



  • 5.  RE: SEP 12 - Question about Proactive Threat Protection
    Best Answer

    Posted Feb 25, 2013 03:25 PM

    This is actually the IPS browser add on. See this KB article:

    Expected behavior of Browser Intrusion Prevention

    Article:TECH172174  |  Created: 2011-10-19  |  Updated: 2012-11-14  |  Article URL http://www.symantec.com/docs/TECH172174

     

    You can disable it in the IPS policy following this KB article:

    Enabling or disabling network intrusion prevention or browser intrusion prevention

    Article:HOWTO80887  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO80887

     

    The browser IPS is automatically installed if the IPS component is included. There is no way to remove it from the install, you can only disable from within IE.



  • 6.  RE: SEP 12 - Question about Proactive Threat Protection

    Posted Feb 25, 2013 03:30 PM

    Thanks Brain81!!



  • 7.  RE: SEP 12 - Question about Proactive Threat Protection

    Posted Feb 25, 2013 03:34 PM

    Glad to help.