Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Need to look on SEP upgrade

Created: 18 Mar 2010 • Updated: 18 Mar 2010
Ahamed's picture
0 Agree
0 Disagree
0 0 Votes
Login to vote

Hi Every One,

Herewith I'm exposure some suggestions,

1. Settings:

In any one of the network currently running with SAV10.X, Is already current settings happen on SSC(console). Once we done the migration to SEP return we do the same settings on SEP, So the time consumption is taken very huge to do the same settings on SEPM.

Eg: Exclusion list, Schedule scan, Tamper protection disabled,etc.......

Suggestion:
So i would like to suggest you to, At the time of migration it should take the same settings as what were running on SSC.  Or else to develop individual tool to export current settings from SSC and deploy to SEPM. I hope the individual tool is help full to deploy on same network(migration) and separate server if we implement.

2. Firewall Policy:

This query same as related to 1st query but topic is different.

See, In our current network 10.X have firewall policy(.CFP,.XML) this firewall policy capture more than >250 policy included. But in our SEPM there is no provision to deploy same firewall policy (.CFP,.XML).
One more turn we need to spend much more time on this to crete same firewall policy.

Suggestion:
SEP is basically developed by power of java. So easily we can deploy(import) .XML file what we can export from 10.x.

3. Client Remote installation from SEPM console:

In most of antivirus product like trend micro etc... Easily we can perform the installation from console itself eventhough if install other AV product it can uninstall and then perform the installation by own. But the same concept is not available on SEPM. Yes, i know there is a option to perform SMS installation but is a very diffcult concept, Compare to other antivirus product.

Suggestion:
Once we open the console(SEPM) list of machines need to display list of machine's on network . Once we right click the particular machine and to perform the installtion. So the concept is make it on very easily.

4. Reporting Data(Duplication machine's display):

In our SEPM and SCS reporting database, Once you download the computer status logs you can lot of machines with duplication entries. Like repeated machine name, repeated IP address etc...Because of this we can't able to perform to take accurate  report is show huge number of client including duplicate machine and IP, .

Yes, i agree last check in time is different, See mcafee product on EPO the have a option called filter duplicate machine's, once we done this its give accurate report currently running on. Why because IP address keep on changing with use DHCP. And some time the machines have reimaged it shows different name's for single  system.

Suggestion:
Why not add some option called filter duplicate machine's name & IP . Instead using of machine name & IP, you can check the system status with use of  MAC-Address. With use of this we can avoid Data Space.

5. Suspicious File Found:

I would like inform you, Why not add the option(button) called suspicious file found. Is very useful option to cover entire thing, Even though we never missed the any suspicious file. Is recommended option for globe.

Suggestion:
I hope is for small program need to implement on SEP itself, It look like button called FIX on SEP, Live update on SAV & SCS. This is option not for delete the suspicious file. Once click the button suspicious on SEP automatically scan the system master boot record, start-up, Running program etc..... Check the product vendor,version,cert, etc..... copy that file put into some location with use zip. And ask people to submit the sample as per your requirement.

Once analysis done by security team then we come to know weather is malware or not. Based that you can release the RR.

Even though if we are using load point utility is not collecting files is only creating logs..so there is no use for this.

Okie team, Thanks for your time. I hope the suggestion will be implemented on upcoming version 11.x....

Please see the case (411-694-936). If you have any doubt.

Thanks in advance
Ahamed