Video Screencast Help
Search Video Help Close Back
to help

Servers Scanning

Created: 17 Mar 2013 | 4 comments
Jaredirk's picture
Jaredirk Partner Accredited
0 0 Votes
Login to vote

Hi Guys,

Is there a best practice guide for serves when it comes to settings?

Like scan action recommendations etc.

This is inline with the client that they only want for first action is clean

and the second action is log only.

They just want to ensure no files will be deleted or quarantined (Exchange, Sharepoint, database, Client specific applications) especially during false positives detection.

Thanks,

Mark

Operating Systems:
Discussion Filed Under:
, , , , , , , , , , , , ,
Group Ownership:

Comments 4 CommentsJump to latest comment

Brian81's picture
Brian81 Trusted Advisor
Servers Scanning - Comment:17 Mar 2013 : Link

I'm not finding a best practice for scanning servers other than for performance related reasons.

Chances are you will be fine on those servers as SEP shouldn't remove legit files.

If you are worried about it, set the action to Quarantine so that you can restore if you find a false positive.

 

About the automatic exclusion of files and folders for Microsoft Exchange server and Symantec products

Article:TECH102400  |  Created: 2007-01-02  |  Updated: 2013-01-04  |  Article URL http://www.symantec.com/docs/TECH102400

 

Excluding Microsoft SQL Server files and folders using Centralized Exceptions

Article:TECH105240  |  Created: 2008-01-27  |  Updated: 2012-11-12  |  Article URL http://www.symantec.com/docs/TECH105240

 

Exclusions required to run Symantec Endpoint Protection with Microsoft SharePoint

Article:TECH91287  |  Created: 2008-01-08  |  Updated: 2010-01-23  |  Article URL http://www.symantec.com/docs/TECH91287

 

SEP Knowledge Base

Endpoint SWAT

0
Login to vote
Jaredirk's picture
Jaredirk Partner Accredited
Servers Scanning - Comment:17 Mar 2013 : Link

Their issue is mostly with the client specific applications since they have their own programmers who make their own applications.

Quarantine is okay for 2nd action but their issue is if it quarantines a file and is being used, they can have problems with their applications which are mostly billing/finance related applicataions

0
Login to vote
Brian81's picture
Brian81 Trusted Advisor
Servers Scanning - Comment:17 Mar 2013 : Link

I've rarely seen Auto-Protect identify a false positive in this case. Most of the time false positives may be found with SONAR or Bloodhound. This is usually due to poor programming.

You may want to get a list of "in-house" apps and test them with SEP if you can.

With many in-house apps, you can submit to Symantec so they can review and add to their internal whitelist:

https://submit.symantec.com/whitelist/isv/

You can also submit false positives here:

https://submit.symantec.com/false_positive/

SEP Knowledge Base

Endpoint SWAT

0
Login to vote
pete_4u2002's picture
pete_4u2002 Symantec Employee
Servers Scanning - Comment:17 Mar 2013 : Link

does this helps

Security Response recommendations for Symantec Endpoint Protection settings

http://www.symantec.com/docs/TECH122943

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

0
Login to vote