Endpoint Protection

 View Only

  • 1.  System lockdown in unmanaged environment

    Posted Jul 06, 2016 06:12 AM

    We're using SEP 12 and I need to configure system lockdown on unmanaged clients and can't find anything regarding it.

    On SEPM I configured system lockdown as whitelisting based on a checksum file.

    How do I deploy this policy to an unmanaged client?

    - Which policies do I have to export from SEPM?

    - Which files do I have to import on the client?

    - Do I need to create a new installation package?

    Thank you!



  • 2.  RE: System lockdown in unmanaged environment

    Trusted Advisor
    Posted Jul 06, 2016 07:45 AM

    System lockdown is only available to a managed client as whitelisting and everything is done via the SEPM

    What is System Lockdown
    https://www.symantec.com/connect/articles/what-system-lockdown-what-stages-do-i-implement-system-lockdown-symantec-endpoint-protectio

     



  • 3.  RE: System lockdown in unmanaged environment

    Posted Jul 06, 2016 08:03 AM

    System lockdown won't work/isn't configurable for unmanaged clients.

    Since you have it setup on the SEPM, you could create a custom "unmanaged" group and export it using the policy you built but this is going to be a big pain to manage every time something changes and you need to update the policy.



  • 4.  RE: System lockdown in unmanaged environment

    Posted Jul 06, 2016 08:29 AM

    Thanks for your anwser. Would you explain this a bit more detailed?

    I tried to do that: created a group with the policies I want to use. How do i export it into files I can then transfer to the client manually?



  • 5.  RE: System lockdown in unmanaged environment

    Trusted Advisor
    Posted Jul 06, 2016 08:51 AM

    If you've built a group you can export them while creating the package. Either using the "Install protections client to computers" wizard from the home page, or using a package export (admin > Install packages > right click on desired package > export). While creating the package select the group you want to export the policies from and select the export unmanged client box. This will export an unmanged client but with the policies specifically from that group created. 



  • 6.  RE: System lockdown in unmanaged environment

    Posted Jul 06, 2016 09:31 AM

    When you export your package you have the option to 'Export packages with policies from the following groups:'

    Just pick the group that you created and policy that was assigned to that group. When you export, it will contain the configuration of that group.



  • 7.  RE: System lockdown in unmanaged environment

    Posted Jul 12, 2016 08:49 AM

    Hi Brian, thanks for the description.

    I did exactly as described: Created an unmanaged group, created the policies on the group exactly as I want them to be.

    I exported this for an unmanaged client.

    When I try to run the setup.exe on my unmanaged client the installation starts but the installation window shuts down after 20% without further notice. In the installation log files it states that the installation had been successful though.

    1. Could that be due to the fact that I already have SEP installed on that machine?

    2. If I try to run the application I blacklisted it starts anyhow. There is no event in the log files. Obviously something must be wrong.

    How do I solve this?

     



  • 8.  RE: System lockdown in unmanaged environment

    Posted Jul 12, 2016 08:51 AM

    Did you try to upgrade the client with a newer version?