Endpoint Protection

I've been able to find how to disable the Network Threat Protection setting.

What I can't find, even though it's mentioned in these forums, is how to disable access to...

• disable Antivirus and Antispyware Protection
• disable Proactive Threat Protection
• disable SEP from the taskbar

Thanks

Make sure the lock is closed in the AV policy for AutoProtect.

Make sure the lock is closed in the AV policy for SONAR (unable to disable PTP)

To disable SEP in task bar, do this,

Go to Clients page

Select a group you want to remove icon for

Under location specific policies and settings, click + sign Location-specific Settings

Click on Tasks next to Client user Interface Control Settings and select Edit Settings

Select the Customize button

Uncheck "Display the notification area icon"

See these as a reference:

https://www.symantec.com/business/support/index?page=content&id=TECH185903

https://www.symantec.com/business/support/index?page=content&id=TECH136678

That should do it

Disable Antivirus and Antispyware Protection is grayed out in the Symantec Endpoint Protection Client

http://www.symantec.com/business/support/index?page=content&id=TECH95087

How to block a user's ability to disable Symantec Endpoint Protection on Clients

http://www.symantec.com/business/support/index?page=content&id=TECH102822&locale=en_US

Check this thread

http://www.symantec.com/connect/forums/how-disable-disable-symantec-endpoint-protection-option-right-click-menu

http://www.symantec.com/connect/forums/block-users-ability-disable-symantec-endpoint-protection-clients

I've tried all those but if I disable the NTP and PTP I won't have that protection.

Also, I haven't made any changes and there are Security Status messages about Auto-Protect Failures on those computers. Not sure why that is.

Under Monitors and Command Status, the completion status shows 0% for everything. The Details show Not Received for status.

Not sure what you mean by not having that protection if disabling NTP and PTP? You don't want users to disable?

Well, I'll have to say I didn't "get" something at first. The lock symbols are clickable LOL! I thought it had something to do with certain check combinations...wow, I'm done for the day lol.

So it's good now?

Yes :)

I attached a file with the report results.

Security Status messages about Auto-Protect Failures on those computers. Not sure why that is.

Under Monitors and Command Status, the completion status shows 0% for everything. The Details show Not Received for status.

Attachment(s)

report results.docx   16 KB 1 version

Have you verified those PCs are reporting in to the SEPM? Have they been rebooted?

How can I verify?

They have been rebooted a few times. It's odd it shows those computers on the other items even on the home screen, but shows as failed on those couple things.

Also, what would the differences between a GUP and Replication Partner be?

GUP is same like al clients. it wil cache the updates and distribute to clients, they dont need to contact manager or internet for update.

Replication : is what u see in Sepm A, will be same in SEPM B.

You will see the green dot on the client.

GUP provides content updates only to clients. You can setup to SEPMs to be replication partners to replicate logs, policies, etc.

Ok, so GUP is more hierarchical and Rep Partner is more parallel.

I checked and they have green dots.

Also, what would cause the AD sync group to not display the computers that are in it? (they don't have SEP installed yet as I don't see them there) I could them under Find Unmanaged Computers as a workaround.

Set the view to "Default view" when looking at the Client tab on the Clients page

Haha! Thanks again. I think I've been staring at the screen too long lol.

Can you also deploy clients using the Find Unmanaged Computers window? Or is it recommended to use the Migration and Deployment Wizard?

If an x64 client was sent to an XP x86 PC it would/should fail, right?

Yes, you can use Find Unmanaged to install SEP

Yes, it will fail.

Is there a way to find out where the SEP on the client PC received its updates from, such as SEPM or GUP?

Look at the System Log on the client

View Logs >> Client Management >> View Logs >> System Log

You will see "Downloaded new content from..."

This will tell you.

Also, when SEP is deployed, does the AV updates go with it or install at some point later?

Awesome! Thank you very much!

I've seen a flow of how the system works, such as LiveUpdate>SEPM>GUP. So a computer in another octet will pick up only that one, SEPM as x.x.101.20, and GUP as x.xx102.34.

Here's an interesting question which I'm sure will have a simple answer. If the server with GUP has two network cards, one x.x.102.x and the other 10.0.1.x, the clients (on a separated network which cannot access internet at all) will update only from the GUP, right?

If I have a SEPM server and GUP in same net, x.x.101.x, how do I make everything, except what the GUP handles 10.0.1.x, go to the SEPM?

The clients will only go to the GUP for content updates. The client will check in and upload logs, download policy, etc from the SEPM. This is mandatory and can't be changed or handled by the GUP.

The client will be installed with defs however they may be out of date.

You can deploy SEP with latest updates, see this:

https://www.symantec.com/business/support/index?page=content&id=TECH104779

So this would be the way things go...

SiteA (x.x.101.x) has the SEPM

SiteB (x.x.102.x) and SiteC (x.x.103.x) have GUPs

PCs at SiteB will only go through SiteB GUP

PCs at SiteC will only go through SiteC GUP

PCs at SiteA will only go through SiteA SEPM

Yes, you can set it up that way using Location Awareness. It really just depends on what you want.

Setting up Scenario Two location awareness conditions

https://www.symantec.com/business/support/index?page=content&id=HOWTO80747

Usage of Location Awareness and Network Threat Protection with SEP 11 and SEP 12.1

https://www.symantec.com/business/support/index?page=content&id=TECH195231

Back to syncing above, what will happen if one of those computers in the AD sync had to be rebuilt? Will SEPM reinstall the software, or what would need to be done?

It would need to be done manaully, unless you assigned an update package to the group or had a GPO in place.

AD sync just keeps SEPM in sync with AD to manage your PCs. I won't automatically install SEP for you.

Ok.

Do you have a link with more info on assigning update packages?

For GPO, would we use the the MSI from the extracted X:\Symantec EP 11.0.7\SEPWin64\x64 folder, and will the SEPM policies configure the PC?

See this link on auto upgrade:

https://www.symantec.com/business/support/index?page=content&id=TECH166317

You will want to create a custom install package in the SEPM

See this on GPO deployment:

https://www.symantec.com/business/support/index?page=content&id=TECH91330

Thanks Brian.

I've been thinking on the subnets.

ServerA is a SEPM, ServerB is a GUP, and ClientB1 is a PC in a ServerB's subnet.

ServerB has two nics, one for domain network and the other for subnet (10.x.x.x).

ServerB will receive updates from ServerA.

Will ClientB1 receive updates from ServerB (GUP)?

It will if you setup that condition in the location awareness policy. You can set a condition by IP subnet that says if ClientB1 has an IP in this subnet than it should be in Location X. As long as Location X has the LiveUpdate to point it to that GUP than it will get updates from that GUP.

If I make any changes to policies etc, and I have a stand-alone EXE (or non-EXE) package, will I have to re-export those client install packages to export with the changes?

If you want the client to have the latest policy than yes. Otherwise you can wait it checks in after the install and it will get the latest policy. So it may be a few minutes behind...