Which services do I really need?
Updated: 29 Mar 2011 | 12 comments
This issue has been solved. See solution.
I'm looking at the different protections, antivirus-spyware, firewall, intrusion, application and device control, and liveupdate. At this time we only need anti-virus, and live update. Do I just go to the top level policy and uncheck enable this policy for the ones I don't want? We are a school district so I'm not sure I need intrusion since our intruders are our users so to speak and already have a computer account.
Discussion Filed Under:
Comments
hi
Yes, make sure you dont have that component installed as well
when you export the packages, export only AV and ASpyware component and then run the install..u dont need other components
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
You are joking right? If you
You are joking right? If you do not use all the protection technologies the client provides, you are leaving yourself wide open for a full on, site wide infection. Symantec never reccommends not installing all features of the product unless they specifically conflict with something in your environment.
Please see the document below:
Security Best Practices for Protecting a Business Environment from Common Threats
http://www.symantec.com/business/support/index?pag...
In a school environment some
In a school environment some features may not be needed, however I want all features installed but not enabled. As I test out these I will add to that. I do not want to just install 4500 clients only to find out that the firewall blocks everyone from talking to the network for example-I don't know if it will do that or not. Whenever I see firewall protection that throws up a red flag. Again I may use it but not until I have tested it thoroughly. Right now I just want to make sure the anti virus and the heuristics are working first.
Read my blog on dedupe https://www-secure.symantec.com/connect/blogs/garys-dedupe-experiences
Suggestion
You may want some of the other feature enabled as a virus can come from anywhere. Are they able to plug usb devices? I'd either create a device and application policy to disable things being put into the machines.
Or if you need them to plug usb devices maybe enable PTP also.
Better safe than sorry
Review my idea for GUP reporting please vote with a yes if you think it's a good idea.
https://www-secure.symantec.com/connect/ideas/gup-report-program
I see the TruActive
I see the TruActive Proactive. Is that part of the anti-virus (heuristics?).?
Read my blog on dedupe https://www-secure.symantec.com/connect/blogs/garys-dedupe-experiences
Yes that will try to disable
Yes that will try to disable a pottential virus or attack if launched locally from the machine or device attached to the machine.
Review my idea for GUP reporting please vote with a yes if you think it's a good idea.
https://www-secure.symantec.com/connect/ideas/gup-report-program
Please understand.
Hello,
It is important to understand each feature and then decide what features are necessary as per your requirements.
Antivirus and Antispyware scan for both viruses and for security risks. Some examples of security risks are spyware, adware, and other files that can put a computer or a network at risk.
The Symantec Endpoint Protection firewall provides a barrier between the computer and the Internet. The firewall prevents unauthorized users from accessing the computers and the networks that connect to the Internet. It detects possible hacker attacks, protects personal information, and eliminates unwanted sources of network traffic.
The intrusion prevention system (IPS) is the Symantec Endpoint Protection client's second layer of defense after the firewall. The intrusion prevention system is a network-based system. If a known attack is detected, one or more intrusion prevention technologies can automatically block it.
Proactive threat scanning uses heuristics to detect unknown threats. Heuristic process scanning analyzes the behavior of an application or process to determine if it exhibits characteristics of threats, such as Trojan horses, worms, or keyloggers. This type of protection is sometimes referred to as zero-day protection.
Device-level control is implemented using rule sets that block or allow access from devices, such as USB, infrared, FireWire, SCSI, serial ports, and parallel ports. Application-level control is implemented using rule sets that block or allow the applications that try to access system resources.
Now in case if you feel, any of these above features are not required. You simple do not install them.
Question arises, how to not install these features to your machines?
When Creating a Package, simply do not select the Features and they woul dnot be installed.
You can check the Symantec Knowledgebase articles below on how to create custom Packages.
Creating custom Client Installation packages in the Symantec Endpoint Protection Manager Console
http://www.symantec.com/business/support/index?pag...
How to Deploy Symantec Endpoint Protection to your client machines using the Migration and Deployment Wizard.
http://www.symantec.com/business/support/index?pag...
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
Wouldn't it better to install
Wouldn't it better to install all the components then just have the console turn them off to the client? If I decided later it would already be there.
Read my blog on dedupe https://www-secure.symantec.com/connect/blogs/garys-dedupe-experiences
Nice Explanation Mithun..
Nice Explanation Mithun..
Hi, About SEPM policies i.e
Hi,
About SEPM policies i.e Antivirus and Antispyware , firewall, IPS etc.I would suggest don't uncheck any policy for security reason & if you don't want any policy you can uncheck as well.
Thanks and Regards,
Chetan Savade
Technical Support Analyst,
End Point Security, Enterprise Technical Support
Yes Mithun very nice as
Yes Mithun very nice as always. It looks like if a client is already installed you can control and disable from the console after the fact?
I know these are basic questions but I'm trying to relate to McAfee from which I am converting and so far it is a matter of what you call it and where to look.
Read my blog on dedupe https://www-secure.symantec.com/connect/blogs/garys-dedupe-experiences
You remember my words.
Hello,
Exactly.
Well, you remember my words. Excellent.
I highly appreciate it.
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
Would you like to reply?
Login or Register to post your comment.