Endpoint Protection

As a new user, running SEP V11  I have a few questions that I cannot immediately find the answer to.  I would be very grateful if someone could help me out

1.   Am I right in assuming that the server that SEP is installed on is protected as well?  How do I set up scans etc on the server?

2.  Once I have installed the clients, if I make a change - say for example imposing password protection on their clients, - do I need to reinstall the clients, or will this change get passed out to them automatically?

3.   I notice that there are somoe install packages automatically created for me under Admin > Client Install packages.  Can I simply use these?

Sorry if these questions seem daft!

Thanks in advance

Stratlab

 

1: Am I right in assuming that the server that SEP is installed on is protected as well? How do I set up scans etc on the server?

Ans: Yes, We need SEP on the server as well to keep it protected.If it is managed, you can set up scans from the SEPM>policies>Antivirus and Antispyware policy.And if it is unmanaged you can go in SEP>>scan for threats and create a new scan.


2. Once I have installed the clients, if I make a change - say for example imposing password protection on their clients, - do I need to reinstall the clients, or will this change get passed out to them automatically?

Ans: No,you dont have to reinstall the lcient.Any policy changes that you make will get propogated to the client in short time say 5 mins.


3. I notice that there are somoe install packages automatically created for me under Admin > Client Install packages. Can I simply use these?

Ans: Yes, if you push client install from the SEPM, those packages will be used.


...Barkha

Thanks for replies.  Really helpful.  I am grateful to you.  Can I clear up one last point ...

As for your answers to my Qu No 1 -

SEP is installed on a server - i.e. the management console, the database etc.  

I THINK you are both saying that I now need to install the client on it as well and treat the server as a client.  Is that correct?

Thanks again

1. Am I right in assuming that the server that SEP is installed on is protected as well? How do I set up scans etc on the server?

Do you mean the server that SEPM (symantec end point manager) is installed on?  You need to install the client package on the system.  If you are using a Server OS, portions such as NTP are not supported.  It is recommended, that you only install Anti-Virus and Anti-Spyware on the server. 

2. Once I have installed the clients, if I make a change - say for example imposing password protection on their clients, - do I need to reinstall the clients, or will this change get passed out to them automatically?

Answered above.  However, you can dictate if the server (SEPM) will push the updated to the clients OR if the clients will pull from the Server.  You can also define the interval at which this occurs. 

3. I notice that there are somoe install packages automatically created for me under Admin > Client Install packages. Can I simply use these?

The pre-compiled packages will install default settings.  I.E.  Defaut install locations and so forth on the clients as well as the pre-determined feature sets, such as PTP (Proactive Threat Protection), Firewall, Anti-virus and so on.  As stated above, because of limitation to the Server OS, you may want to compile your own custom package for deployment to servers.  Also, if you have a corporate standard such as installing in a "non standard" location, different partition or path, D:\symantec instead of c:\program files\symantec , you may want to consider creating a custom package. 
Also good to note, that there are 32 and 64 bit packages available by default.  Like the Server OS, the 64 bit OS does not support all the features of a 32 bit client.  Such as PTP and device control, tamper protection.  So you may want to have different limitations for a 64 bit OS, such as removing the "shield from the Task bar or removing the shortcuts from the Start Menu, if you fear tampering of the software.

The Server (SEPM) console is only the console and the Database, etc.

It does not offer protection without installing the Client.

Jason and Barkha,

Thank you both very much indeed.  I do appreciate your clear helpful answers.

Regards to you both

Just a simple addition: for faster policy implementation please go to the clients group and run update content... the ETA might depend on many factors... better do this when its a lull in the workplace so that user would not cancel any activity... thanks..