Endpoint Protection Small Business Edition

 View Only
  • 1.  Simplest Policies for Software Developers on Intranet

    Posted Jun 04, 2014 03:53 PM

    I am running Symantec Endpoint Protection Manager on a small intranetwork used by software developers.We have no Internet access, in fact, we are completely self contained.  I update the antivirus definitions weekly by downloading the .jdb file to external media and loading it onto the server.  I am not really worried about anything other than the ability for the clients to initiate/cancel virus scans.  The big problem is that the default policies are so intrusive that every time a developer changes a file in his application, it takes forever to launch it; presumably because the endpoint protection client is rescanning everything anytime a change is made.  I guess to put it simply, I have a Cadillac and I need a Yugo.  Can I limit the invasiveness enough via policy to make the SEPM activities more "transparent" to the user.  If so, how?  All I really want to do is be able to run a scheduled scan once a day at midnight and allow the users to scan at will.  I really don't care about all of the other functionality.  What can I turn off and how do I do it?



  • 2.  RE: Simplest Policies for Software Developers on Intranet

    Posted Jun 04, 2014 04:02 PM

    Do you have Auto-Protect enabled? If so, this is the "real time" scanning mechanism within SEP and provides protection against malware.

    First off my disclaimer because I don't want everyone yelling me: Best practice is to always have real-time scanning enabled. However, you know your environment and certainly without Inet access, your risk portfolio is smaller. I don't endorse turning off auto-protect but that is the most drastic way to cut down on bad performance.

    So you can do this via the AV policy. Another option in the Auto-Protect >> Advanced Scanning and Monitoring section is to change the setting for "Scan Files When" You may want to set this to "Scan when a file is modified"

    Also, what components are you using? AV only or do you have PTP and NTP enabled?



  • 3.  RE: Simplest Policies for Software Developers on Intranet

    Posted Jun 09, 2014 04:57 PM

    In the past, we have always used unmanaged clients so building the policy/policies is still pretty challenging.

    I only want to use AV.  As far as turning off the Auto-Protect, I tried to do that but the cliebnts kept displaying a fault saying Auto-protect has been turned off.

    Without trying to show my ignorance, how does my symantec policy affect PTP (Precision Time Protocol?) and NTP (Network Time Protocol?)?  I didn't see anything regarding these protocols when I was trying to build a policy.

    In the AV policy, I am not sure what to do with things like Download Protection, SONAR, and Early launch Anti-Malware driver.

    I want to dumb this thing down as much as possible and add more security features as we feel we need them.

    Are there any policy templates out there that shiow a very basic AV solution only?



  • 4.  RE: Simplest Policies for Software Developers on Intranet

    Posted Jun 13, 2014 10:00 PM

    No templates that I'm aware of.

    PTP is Proactive Threat Protection, NTP is Network Threat Protection (IPS and firewall)

    If you only want to use AV, you can uncheck the boxes to disable Download Protection, SONAR (PTP) and ELAM.

    Make sure the lock is closed in the AV policy, this will stop the message from being displayed about AP being turned off.