Use layered protection at the endpoint
Enabling the full-protection stack is the first step in defending against web-based attacks,
unpatched vulnerabilities, drive-by downloads, mutating malware, and suspicious file behavior. For maximum effectiveness and
efficiency, activate Network Threat Protection, the Intrusion Prevention System (IPS), Firewall, Antivirus, Insight and SONAR.
Symantec Security Response has recommendations on enabling high-security vs. high performance vs balanced settings in our tech
write-up: Security Response recommendations for
Symantec Endpoint Protection 12.1 settings
Reduce the attack surface
Learn more about
Reduce the possible points of infection by restricting the applications allowed to run, the
devices allowed to connect, and the actions a system can perform. Highly-sensitive or single-use endpoints (eg. point-of-sale, ATM
or embedded) can significantly reduce the risk exposure by enabling policies that effectively reduce the attack surface. Learn more
about running SEP on single-use endpoints.
Improve default Symantec Endpoint Protection settings
Read the tech brief: Best Practices for Running Symantec Endpoint Protection 12.1 on Point-of-Sale Devices
Get the most out of your Symantec Endpoint Protection product by improving its default settings.
Only a few setting changes can make a big improvement to your security. Protect Against Advanced Persistent Threats: Configuration Guidelines
Keep browser plugins patched
Attacks have moved to the browser . It’s critical that attackers not be able to use Microsoft®
Internet Explorer, or Adobe® Reader/Acrobat/Flash vulnerabilities to get on a system. Use each vendor’s auto update or
software distribution tools to install patches as soon as they become available.
Block P2P usage
The simplest method for distributing malware is hidden inside files being shared on peer-to-peer
(P2P) networks. Create and enforce a no-P2P policy, including home usage of a company machine. Enforce the policy at the gateway and,
using SEP’s optional Application and Device Control (ADC) component, at the desktop.
Turn off AutoRun
Learn more about using Symantec Endpoint Protection’s Application
Control to block P2P at the desktop
Stop Conficker/Downadup and other network based worms from jumping from USB keys and network
drives without changing company polices on Open Shares. Learn more
Ensure all OS patches are applied
Vendors like Microsoft and Apple periodically release hotfixes, service packs and security patches to correct known defects in
their operating systems. Many threats function by exploiting known vulnerabilities for which patches are available. Computers with
all manufacturer patches applied are invulnerable to these threats.