Endpoint Protection

I am running a SEP client on a W2k3 server.  This server is located in a group on the SEP Console.  The group's policy inhertiance is OFF.  I have a non shared Antivirus/Antispyware policy applied to that group.  The policy does not have File System Auto protect enabled.  I right clicked the SEP icon on the server and chose to Update Policy.  The SEP client on the server still has Auto Protect enabled.  Also, if I disable Auto protect manually on the SEP client, it will re-enable itself after a couple of minutes.

Any ideas?

Do you have a green dot on the client ?
Does it update the virus definitions ? 
On the client go to Help and Support - Troubleshooting: check if the client is reporting to server or does it say Self-managed or Offline,

Are the other clients updating with policy ?
What version of SEP are you using latest is 11.0.4202.xx ( MR4MP2 )
I think there was a issues somewhat related that making a policy un-shared breaks communicaton or something like that.
So make sure you are using the Latest Version of the software.

Hi,

        I am attaching a screen shot for the above mentioned issue. Please let us know whether it helped.





First of all check whether the client is able to communicate with the SEPM. If yes then check the policy serial number at both ends the SEPM and the Client if they are the same the policy is deployed in case not you need to get the client communicate with the SEPM and the rest would follow. Even if this does not help create a new package and deploy it afresh to the client machine in question. Please revert in case of further help.

Yes there is a Green Dot
Yes updated defs
SEPM Policy ID:  59E3, Client Policy 59E3
Only 1 client in the Group
SEP client 11.0.4000.2295

If the policy is being applied and Auto-Protect is still enabled on this client, go to the advanced tab on the Auto-Protect policy and remove the check mark for "When auto-protect is disabled", "enable after".

Thanks all, it looks like it is working now.

One other question - are there any best practices to installing the SEP client on a 2000/2003 server?  What to install/not to install, what to enable/not to enable, etc?

Depends on what does these servers do..
like is it a DC,Exchange, SQL or database, Webserver,File Server etc.

Still whatever server it is
Network Threat Protection is something you need to be carefull about.
If you really need a firewall on these servers then only go with Network Threat Protection ( Firewall + IPS )and make sure you configure your firewall policies accordingly. For everthing else there are set of exclusions that you need to make for Echange 200/2003 you do not have to worry they are automatically excluded.
Guidelines for choosing antivirus software to run on the computers that are running SQL Server

http://support.microsoft.com/kb/309422

Exclusion for Domain Controller

Antivirus exclusions that should be set on a Microsoft 2000 or 2003 domain controller

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2004063015025548



 

Sorr, I should have been more specific with the servers.

I am familar with exclusions on Exchange/SQL/DCs.  I was unfamilar with if it was best practice to enable the default Intrusion Prevention Policy on any server.  I have the default Firewall Policy disabled

Default IPS works fine with all the servers..Its just that some time you might find False Positive with certain activity..for that you can eithr put exception for that IP or you can exlude that signature and put that signature in Log mode rather than Block mode.

But the defaul IPS works great !!

I agree with Vikram. The default IPS policy works with the servers. You can create exclusions if any of the legitimate traffic is getting blocked by IPS.

Here is a document that explains the IPS policy:


Symantec Endpoint Protection Manager - Intrusion Prevention - Policies explained
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/589bc3406761c16680257412003cd94a?OpenDocument

Cheers,
Aniket