I have recently moved our Endpoint installation from the SBS 2003 server to a XP workstation and upgraded it from SEP 12.0 to 12.1.
After succesfully moving and upgrading the installation I took some time to review the policy settings and started wondering if some of the hickups we experience frequently might be related to the way SEP checks for virusses and intrusions.
Question 1: Auto-protect
This option is enabled as default and before I had left this as is. Rereading the Implementation guide I do wonder if this is the right way to go. In principal, files running back and forth between our server and the client computers shouldn't be check for virusses, but apparently all of the files will be checked continuously. Only files downloaded by the internet or through the use of digital medium (CD/DVD, USB-stick,...) should be scanned. And this goes for the workstations as well as for the server.
How can I accomplish this without impeding security issues?
Question 2: Internet Email Auto-protect and Microsoft Outlook Auto-protect?
Both of these are enabled on all the clients (workstations and Exchange server). Considering the note in the Implementation guide (see below) I am wondering what the correct procedure is to protect both the server and our clients from malicious attacks. The server already runs an application that removes spam (Spamfighter) so I don't think that we need Symantec Mail Security to be run on our server.
Note: On a Microsoft Exchange Server, you should not install Microsoft
Outlook Auto-Protect. Instead you should install Symantec Mail Security
for Microsoft Exchange.
To conclude:
A: I want both the server and the workstations to check files that are being fed by an external medium (CD/DVD, USB-sticks, Internet, Mail) but refrain from checking checking files that get exchanged between server and workstations on our own network.
B: I would like to use the best (resource-low) procedure to check intrusions and virusses sent by mail.
Can somebody explain this as lucid and concise as possible?