Video Screencast Help
Symantec Secure Login will be live on Connect starting February 25. Get the details here.

"How to..." Series for Symantec Endpoint Protection - Part 2

Created: 15 Jul 2013 • Updated: 18 Jul 2013 | 4 comments
Language Translations
Mithun Sanghavi's picture
+14 14 Votes
Login to vote


This is Part 2 of the "How to Series...", you can find the Part 1 here.

Here are few popular "How to..." which would be assistance to the Symantec Endpoint Protection Users.

Series 2 contains the following "How to..."

1) How to Deploy the Communication Settings to the SEP 12.1 RU2 clients.

2) How to Enable Anti-MAC spoofing

3) How to export MSI Package to deploy the SEP clients.

4) How to verify what type of database is used for SEPM ?


1) How to ... Deploy the Communication Settings to the SEP 12.1 RU2 clients.

If the client-server communications breaks, you can quickly restore communications by replacing the Sylink.xml file on the client computer. You can replace the sylink.xml file by redeploying a client installation package. Use this method for a large number of computers, for the computers that you cannot physically access easily, or the computers that require administrative access.

Here are the steps:

1)  Login into SEPM console

2)  Go to Clients Tab

3)  Select the Group in which you would like to see the offline clients

4)  Right click on the group and click on “Add Client”

5)  Now please follow the Screenshot as mentioned below:


6)  You will get “Client Deployment Wizard”

7)  Select “ Communication Update Package Deployment” Option

8)  Click Next


9)  Select the group in which you would like to see the client

10) Leave it on “Computer mode”

11) Click Next


12) Select Remote Push

13) Click Next


14) Browse your network and add the computers to the list

15) Click Next


16) Authenticate the User


17) Click Next


18) Click Send


19) Click Finish


20) Please check the SEP client status in the SEPM, it should now show in the SEPM\Clients

Check these Articles:

Restoring client-server communications with Communication Update Package Deployment

SEP 12.1 RU2 and Reset Client Communication


2) How to... Enable Anti-MAC spoofing

1)      Login into SEPM Console.

2)      Go to “Policies”

3)      Edit the Firewall Policy

4)      Go to “Protection and Stealth”

5)      ENABLE  Anti-MAC Spoofing


Enabling anti-MAC spoofing - Allows the inbound and outbound ARP (Address Resolution Protocol) traffic only if an ARP request was made to that specific host. It blocks all other unexpected ARP traffic and logs it in the Security Log. 
Media access control (MAC) addresses are the hardware addresses that identify the computers, the servers, and the routers. Some hackers use MAC spoofing to try to hijack a communication session between two computers. When computer A wants to communicate with computer B, computer A may send an ARP packet to computer B.
Anti-MAC spoofing protects a computer from letting another computer reset a MAC address table. If a computer sends an ARP REQUEST message, the client allows the corresponding ARP RESPOND message within a period of 10 seconds. All client rejects all unsolicited ARP RESPOND messages. 
This option is disabled by default.
Check these Articles:

About firewall rules

Default Symantec Endpoint Protection 12.1 RU1 Firewall Policy explanation


3) How to... export MSI Package to deploy the SEP clients.

Follow the steps provided below to Export client packages with / without latest definitions.  

Note that screens when exporting a SEP for Mac client will appear slightly different.

1) Login into Symantec Endpoint Protection Manager (SEPM).

Click on Home and from Common Tasks, select Install Protection Client to Computers


 2) In the Select the Group and Install Features set window, and under the In the Content Options, select

All Content:  This option will have content version at the time of the deployment.

Basic Content:  This option provides small client deployment packages, the definition (content) are downloaded via LiveUpdate after client installation.


Click Next.

3) Select the preferred installation method.  Example is using Save Package.

Click Next



 4) Select the way it needs to be saved (Single .exe or separate files in .MSI).


 5) Before it is saved, it gives modules/details of the package.

Once confirmed, click Next.


 6) Package is created at the saved location. Click Finish Button This package can be used to push to the clients at Later time.


Click Next.

Check these Articles:

How to export Symantec Endpoint Protection (SEP) client install packages without any definitions or package with Basic Content.

Creating custom client installation packages in the Symantec Endpoint Protection Manager console

Managing client installation packages

Exporting client installation packages

How do I create and configure a custom Symantec Endpoint Protection installation package in version 12.1?


4) How to... verify what type of database is used for SEPM ?

1)      Microsoft SQL Database


2)      Embedded database



Comments 4 CommentsJump to latest comment

OC_gonz's picture

Thank´s Mitun.

Excelent article, very clear and hellpfull.

I wait the 3th part =).

Login to vote
nwranich's picture

awesome article.  Thank you!

Login to vote
John Santana's picture

Mithun in order to enable the Anti-MAC spoofing, isn;t that just a matter of updating the Client Security policy only ?

or do I have to deploy another files to each SEP client ?

Kind regards,

John Santana
IT Professional


The author cannot accept liability for any loss or damage sustained as a result of the content of this post.

Login to vote
Ambesh_444's picture

Grt article mithun. Thumbs up for your awesome article...yes

Thank& Regards,


"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as   solved."

Login to vote