Endpoint Protection Small Business Edition

We are using Symantec Endpoint Protection Small Business Edition 2013, and while it uses the same scan engine as the 12.1 series there is no separate best practices guide for the cases where 12.1 documentation is not applicable.

Currently we are having trouble with our installation on Terminal Services/Citrix, folders are being created in the Users AppData which is causing the profile logouts to hang and old profile folders to not get cleaned up. This is a similar issue to http://www.symantec.com/connect/forums/logs-appdata-under-user-profiles

The solution seems to be to set LaunchSMCGui from 1 to 0. I've run into issues with the tamper protection when trying to edit the registry entry and I can't figure out how to disable it on the server (2008 R2). On a desktop I have the ability to run "AVAgent.exe -SHOW_UI" which will show the option for tamper protection, but on a server installation the AVAgent.exe does not exist. There does not seem to be a method to modify this setting from any other location as it is not present in the web management console.

I have also tried copying the AVAgent.exe to the same location on the server, but that did not produce any results likely due to different scan engines used between server and desktop versions.

Does anyone know how I can disable tamper protection on this system to enable editing of the required registry keys?

-edit-

1)  Changed the title to be a more accurate representation of my question.

This KBA applies to 12.1as well

Best Practices for Symantec Endpoint Protection on Citrix and Terminal Servers

Article:TECH91070

|

Created: 2008-01-24

|

Updated: 2012-12-20

|

Article URL http://www.symantec.com/docs/TECH91070

 

Hi Brian81, thanks for the quick response. I was actually looking at both of those documents earlier. I can't make those changes without disabling Tamper Protection, and there doesn't seem to be a way to do that in SEP SBE 2013. The instructions say to disable it in SEPM, but SBE 2013 uses a web console instead of SEPM. The web console does not contain a configuration option for Tamper Protection. It can be disabled on desktops via a hidden console, but the same console doesn't exist on servers.

I opened a ticket with Symantec for clarification on how to disable Tamper Protection on Windows Server 2008 R2 when using SEP SBE 2013.  There is a bit more work involved, but it is a quick operation:

 

1)  Make a backup of profile.xml located in C:\Program Files\Symantec.cloud\AntiVirus

2)  Edit the backuped up profile.xml and change the following items to reflect the settings below:

<SilentModeEx Enable="0"/>
<UserInterface HideSystemTrayIcon="0">

3)  From the command prompt, navigate to C:\Program Files\Symantec.cloud\EndpointProtectionAgent\ and run the following command:

smc -importconfig <path to modified profile.xml>

4)  If the SMC GUI icon does not load in the system tray, log off and back in.

5)  From the GUI navigate to Change Settings -> Client Management (configure settings) -> Tamper Protection

6)  Uncheck the box to disable Tamper Protection and click OK.

 

At this point it should be possible to modify the LaunchSMCGui registry entry. To re-enable tamper protection just import the original profile.xml.

Thanks for updating status. Very helpful.