Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP 12.1 RU2 Policies

Created: 13 Dec 2012 | 5 comments

Hi,

We are using the newer version in our manager console 12.1 RU2 which is having a lot of policies and additional features.

The thing is which will be more secured and which policy should be configured?

Please see the below screenshot.

So Please explain each policy so that it will be helpful to configure the policy.

Comments 5 CommentsJump to latest comment

Ambesh_444's picture

Hi Priya,

Please change salect level from 5 to 4 and check...

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

Ashish-Sharma's picture

HI,

Check sep 12.2 Documents

https://www-secure.symantec.com/connect/downloads/downloadable-guides-reference-symantec-endpoint-protection-121-ru2

About Symantec Endpoint Protection 12.1.2 product guide locations

http://www.symantec.com/business/support/index?pag..

Check this thread

https://www-secure.symantec.com/connect/forums/sep-122-document

Customizing Download Insight settings

http://www.symantec.com/docs/HOWTO55253

Why in spite of having Download Insight and Autoprotect enabled in SEP client 12.1, some files are only detect after being downloaded?

http://www.symantec.com/docs/TECH162233

Managing Download Insight detections

http://www.symantec.com/docs/HOWTO55252

“Expected behavior of Download Insight”

http://www.symantec.com/docs/TECH171776

Check this blog

https://www-secure.symantec.com/connect/blogs/download-insight-sep-121

Thanks In Advance

Ashish Sharma

pete_4u2002's picture

it should be decided by you based on your requirement. Are you seeing any false positive becuase of this?

Mithun Sanghavi's picture

Hello,

Insight determines a file's security rating by examining the following characteristics of the file and its context:

  • The source of the file

  • How new the file is

  • How common the file is in the community

  • Other security metrics, such as how the file might be associated with malware

Scanning features in Symantec Endpoint Protection leverage Insight to make decisions about files and applications. Virus and Spyware Protection includes a feature that is called Download Insight. Download Insight relies on reputation information to make detections.

You might want to customize Download Insight settings for the following reasons:

  • Increase or decrease the number of Download Insight detections.

    You can adjust the malicious file sensitivity slider to increase or decrease the number of detections. At lower sensitivity levels, Download Insight detects fewer files as malicious and more files as unproven. Fewer detections are false positive detections.

    At higher sensitivity levels, Download Insight detects more files as malicious and fewer files as unproven. More detections are false positive detections.

  • Change the action for malicious or unproven file detections.

    You can change how Download Insight handles malicious or unproven files. The specified action affects not only the detection but whether or not users can interact with the detection.

    For example, you might change the action for unproven files to Ignore. Then Download Insight always allows unproven files and does not alert the user.

  • Alert users about Download Insight detections.

    When notifications are enabled, the malicious file sensitivity setting affects the number of notifications that users receive. If you increase the sensitivity, you increase the number of user notifications because the total number of detections increases.

    You can turn off notifications so that users do not have a choice when Download Insight makes a detection. If you keep notifications enabled, you can set the action for unproven files to Ignore so that these detections are always allowed and users are not notified.

    Regardless of whether notifications are enabled, when Download Insight detects an unproven file and the action is Prompt, the user can allow or block the file. If the user allows the file, the file runs automatically.

    When notifications are enabled and Download Insight quarantines a file, the user can undo the quarantine action and allow the file.

Note: If users allow a quarantined file, the file does not automatically run. The user can run the file from the temporary Internet folder. Typically the folder location is drive:\\Documents and Settings\username\Local Settings\Temporary Internet Files.

Check these Articles:

How Symantec Endpoint Protection uses reputation data to make decisions about files

http://www.symantec.com/docs/HOWTO55275

What's included in a Reputation Request made by the SEP 12.1 Reputation Engine?

http://www.symantec.com/docs/HOWTO59336

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Chetan Savade's picture

Hi,

You are correct that SEP 12.1 RU2 which is having a lot of policies and additional features.

To understand each policy check this article.

Symantec Endpoint Protection Manager - Overview - Policies explained

http://www.symantec.com/docs/TECH104436

Q. The thing is which will be more secured and which policy should be configured?

--> By default policies are configured and applied when you install SEPM. You have an option to choose Virus & Spyware policy

By default three policies are created.

Virus & Spyware Protection Policy - Balanced

Virus & Spyware Protection Policy - High Security

Virus & Spyware Protection Policy - High Performance

By default Balanced policy is assigned but to increase the level of security you can assign 'High Security' policy.

Also to increase the security you can use Application and Device control policy with more security.

Hardening Symantec Endpoint Protection (SEP) with an Application and Device Control Policy to increase security

http://www.symantec.com/docs/TECH132337

The screen shot you attached is all about new features added in SEP 12.1 like SONAR, Download insight, Early Launch Anti-Malware Driver.

Check this article to know more about it.

What's new in version 12.1

http://www.symantec.com/docs/HOWTO55189

What is new in Symantec Endpoint Protection 12.1?

http://www.symantec.com/docs/TECH163413

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<