Video Screencast Help

SEPM in a controlled environment

Created: 27 Mar 2013 | 2 comments

Hello, I need to control USB port access on 3 non-networked machines that currently have SEP 12 installed on them.  It tells me it has the Device Control elements installed, but I see no SEP Manager option.  All I get is the standard Status screen which does not allow me to change Policies. Is the SEPM a seperate module from the standard SEP install? And can I use this on a stand alone machine environment without any networking (ie. classified environment). Thank you for any help or suggestions!

Operating Systems:

Comments 2 CommentsJump to latest comment

Brɨan's picture

if you open the SEP gui, go to Help >> Troubleshooting

What does it show? Self-managed or connect to a SEPM?

Also, the client icon in the task tray will have a green dot on it to indicated connectivity to a SEPM.

The SEPM (Symantec Endpoint Protection Manager) manages all of the SEP clients. From the SEPM you can create policies and assign to clients, push content updates, receive the client logs, etc.

In order to use device control, SEP clients needs to be managed by the SEPM, where you can than create the policy.

The SEPM is a separate install from the SEP client.

The SEPM and SEP clients need to be able to talk to one another on port 8014 (this is the default port used but you can change during the install) so you need some networking between them so they can communicate.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture


When you say "3 non-networked machines", are these 3 machine not connected to the Network. In other words, are these unmanaged SEP clients?

If these clients are not on the network, then you can import the ADC policies by following the steps below:


Steps to export a policy:

  1. Logon to the Symantec Endpoint Protection Manager console.
  2. In the left hand pane, click Policies.
  3. On the Policies page, under View Policies, click the <type of policy> that you want to export. (e.g. LiveUpdate)
  4. On the <type of policy> Policies page in the right hand pane, click the policy that you want to export. (e.g. LiveUpdate Settings policy)
  5. On the same page, under Tasks, click Export the Policy.
  6. In the Export Policy dialog box, locate the folder where you want to export the policy file to, and then click the Export button.

Steps to import policy on the Managed Client:

  1. Logon to the Symantec Endpoint Protection Manager console.
  2. In the left hand pane, click Policies.
  3. On the Policies page, under View Policies, click the <type of policy> that you want to import (e.g. LiveUpdate).
  4. On the same page, under Tasks, click Import a <type of policy> Policy.
  5. In the Import Policy dialog box, browse to the policy file that you want to import (policy files are .datformat), and then click the Import button.

Steps to import policy on the UnManaged Client:

1) Open your unmanged clients interface
2) Click on help and trouble shooting
3) Click on troubleshooting
4) Under the policy profile click on import
5) This will ask for .dat file, select the one you exported in the management console as per the symantec document.

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.