Endpoint Protection

 View Only
  • 1.  SEP 12.1 RU2 Policies

    Posted Dec 14, 2012 12:35 AM

    Hi,

    We are using the newer version in our manager console 12.1 RU2 which is having a lot of policies and additional features.

    The thing is which will be more secured and which policy should be configured?

    Please see the below screenshot.

     

    So Please explain each policy so that it will be helpful to configure the policy.

     

     



  • 2.  RE: SEP 12.1 RU2 Policies

    Posted Dec 14, 2012 12:37 AM

    Hi Priya,

     

    Please change salect level from 5 to 4 and check...



  • 3.  RE: SEP 12.1 RU2 Policies

    Posted Dec 14, 2012 12:38 AM

    HI,

    Check sep 12.2 Documents

    https://www-secure.symantec.com/connect/downloads/downloadable-guides-reference-symantec-endpoint-protection-121-ru2

    About Symantec Endpoint Protection 12.1.2 product guide locations

    http://www.symantec.com/business/support/index?pag..

    Check this thread

    https://www-secure.symantec.com/connect/forums/sep-122-document

     

    Customizing Download Insight settings

    http://www.symantec.com/docs/HOWTO55253

    Why in spite of having Download Insight and Autoprotect enabled in SEP client 12.1, some files are only detect after being downloaded?

    http://www.symantec.com/docs/TECH162233

    Managing Download Insight detections

    http://www.symantec.com/docs/HOWTO55252

    “Expected behavior of Download Insight”

    http://www.symantec.com/docs/TECH171776

    Check this blog

    https://www-secure.symantec.com/connect/blogs/download-insight-sep-121



  • 4.  RE: SEP 12.1 RU2 Policies

    Broadcom Employee
    Posted Dec 14, 2012 01:43 AM

    it should be decided by you based on your requirement. Are you seeing any false positive becuase of this?



  • 5.  RE: SEP 12.1 RU2 Policies

    Trusted Advisor
    Posted Dec 14, 2012 02:14 AM

    Hello,

    Insight determines a file's security rating by examining the following characteristics of the file and its context:

    • The source of the file

    • How new the file is

    • How common the file is in the community

    • Other security metrics, such as how the file might be associated with malware

    Scanning features in Symantec Endpoint Protection leverage Insight to make decisions about files and applications. Virus and Spyware Protection includes a feature that is called Download Insight. Download Insight relies on reputation information to make detections.

    You might want to customize Download Insight settings for the following reasons:

    • Increase or decrease the number of Download Insight detections.

      You can adjust the malicious file sensitivity slider to increase or decrease the number of detections. At lower sensitivity levels, Download Insight detects fewer files as malicious and more files as unproven. Fewer detections are false positive detections.

      At higher sensitivity levels, Download Insight detects more files as malicious and fewer files as unproven. More detections are false positive detections.

    • Change the action for malicious or unproven file detections.

      You can change how Download Insight handles malicious or unproven files. The specified action affects not only the detection but whether or not users can interact with the detection.

      For example, you might change the action for unproven files to Ignore. Then Download Insight always allows unproven files and does not alert the user.

    • Alert users about Download Insight detections.

      When notifications are enabled, the malicious file sensitivity setting affects the number of notifications that users receive. If you increase the sensitivity, you increase the number of user notifications because the total number of detections increases.

      You can turn off notifications so that users do not have a choice when Download Insight makes a detection. If you keep notifications enabled, you can set the action for unproven files to Ignore so that these detections are always allowed and users are not notified.

      Regardless of whether notifications are enabled, when Download Insight detects an unproven file and the action is Prompt, the user can allow or block the file. If the user allows the file, the file runs automatically.

      When notifications are enabled and Download Insight quarantines a file, the user can undo the quarantine action and allow the file.

    Note: If users allow a quarantined file, the file does not automatically run. The user can run the file from the temporary Internet folder. Typically the folder location is drive:\\Documents and Settings\username\Local Settings\Temporary Internet Files.

    Check these Articles:

    How Symantec Endpoint Protection uses reputation data to make decisions about files

    http://www.symantec.com/docs/HOWTO55275

    What's included in a Reputation Request made by the SEP 12.1 Reputation Engine?

    http://www.symantec.com/docs/HOWTO59336

    Hope that helps!!



  • 6.  RE: SEP 12.1 RU2 Policies

    Broadcom Employee
    Posted Dec 15, 2012 06:31 AM

    Hi,

    You are correct that SEP 12.1 RU2 which is having a lot of policies and additional features.

    To understand each policy check this article.

    Symantec Endpoint Protection Manager - Overview - Policies explained

    http://www.symantec.com/docs/TECH104436

    Q. The thing is which will be more secured and which policy should be configured?

    --> By default policies are configured and applied when you install SEPM. You have an option to choose Virus & Spyware policy

    By default three policies are created.

    Virus & Spyware Protection Policy - Balanced

    Virus & Spyware Protection Policy - High Security

    Virus & Spyware Protection Policy - High Performance

    By default Balanced policy is assigned but to increase the level of security you can assign 'High Security' policy.

    Also to increase the security you can use Application and Device control policy with more security.

    Hardening Symantec Endpoint Protection (SEP) with an Application and Device Control Policy to increase security

    http://www.symantec.com/docs/TECH132337

    The screen shot you attached is all about new features added in SEP 12.1 like SONAR, Download insight, Early Launch Anti-Malware Driver.

    Check this article to know more about it.

    What's new in version 12.1

    http://www.symantec.com/docs/HOWTO55189

    What is new in Symantec Endpoint Protection 12.1?

    http://www.symantec.com/docs/TECH163413