Endpoint Protection

 View Only
  • 1.  Symantec configuration/test environment

    Posted Aug 01, 2011 10:14 AM

    I need to be able to reconfigure Symantec in order to prevent a bad virus definition from bringing down my entire infrastructure.  In other words, I need a way to create an environment where certain machines can/will download the latest DATs while the bulk of my machines will not get those DATs until they have been tested. What I'm hoping to accomplish is preventing a bad DAT (the kind that nukes critical system files) from bringing my company to its knees.  Currently, we run 1 SEPM and all clients are configured to talk to the SEPM when on the network.  I didn't set this configuration up but it appears to me that there is really only one policy in effect for the entire company.  I would be very interested in input from anyone that has setup such an environment and how they went about it.



  • 2.  RE: Symantec configuration/test environment

    Posted Aug 01, 2011 04:54 PM

    Hi Folk,

     

    I think that you are very worried about "a bad virus definition"! Why ?

    They're all very tested inside symantec!

    Do you know any incident related to this in Symantec ? I dont!

    If you still worried about this, you can first create a new liveupdate policy for the bulk of your machines and then configure a different schedule for that policy as you wish. In this case you will be able to delay the update process in a group were you assign this policy. I'll suggest you to max delay just a day in this case.

    since simantec delivers 3 deffinitions per day, you can schedule this at the policy and just update this machines once a day, or once a week as you wish!

    Remenber: The best practice is to update every 4 hours!

     

    Regards

     

    Leon



  • 3.  RE: Symantec configuration/test environment

    Posted Aug 01, 2011 05:09 PM

    It still happens no matter how much QA is done. Look at McAfee...



  • 4.  RE: Symantec configuration/test environment

    Posted Aug 01, 2011 05:36 PM

    This should help

     

    Security Best Practice Recommendations

    http://www.symantec.com/business/support/index?page=content&id=TECH91705&locale=en_US
     


    Best practices for responding to active threats on a networkhttp://www.symantec.com/business/support/index?page=content&id=TECH122466&locale=en_US



    Security Response recommendations for Symantec Endpoint Protection settings


    http://www.symantec.com/business/support/index?page=content&id=TECH122943&locale=en_US

    Best Practice when Symantec Endpoint Protection or Symantec AntiVirus is Detecting a File that is Believed to be Safe
    http://service1.symantec.com/ent-security.nsf/docid/2010010319585948


    Best practices regarding Intrusion Prevention System technology
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009080314433948



  • 5.  RE: Symantec configuration/test environment

    Posted Aug 01, 2011 08:36 PM

    As of SEP 11 RU6 MP1 (the one we're using), the only way for you to be able to do that is to manually download the definitions yourself and deploying them on the required network.

    Although I haven't heard of a case where Symantec's definitions brought down networks. You have a better chance of getting malwares than bad definitions. As compared to other AVs that are too strict on the definition implementation that they do damage caused by patch incompatibilities. Just my opinion.

    You could try setting up a LiveUpdate server. Its documentation is included in your SEP installation files.



  • 6.  RE: Symantec configuration/test environment

    Posted Aug 02, 2011 01:52 PM

    I wanted to take a minute to thank each of you for taking the time to reply to my post. My experience with online forums like this are not too favorable.

     

    To LeonHomar - you are absolutely correct sir, I AM worried about a bad DAT. Symantec may have never had a problem with it but to Brian's point I would say they just haven't had a problem yet. I was one of the many companies that got bit by the McAfee screw up a couple of years ago. You only have to go PC to PC with a CD to restore critical system files once to learn the lesson.

     

    I will be looking over the resources that each of you provided. I would be interested in knowing any specifics as to how any of you implemented such a thing if you are willing to share.

     

    Thanks again for your time,

    Brant