Introduction to Tools included on the CD2 of the SEP 12.1 RU2 installation media. The CD contains several tools for management and troubleshooting not only directly for SEP but as well other related Symantec software. Here are the tools that we get on the CD:
1. CentralQ - Central Quarantine Installation
Consists of Central Quarantine Server and Client Console. In the folder you will find as well Symantec™ Central Quarantine Implementation Guide in .pdf file. The version of the Central Quarantine is 3.6.7180.
The Quarantine Server receives virus and security risk submissions from Symantec Endpoint Protection clients and forwards these submissions to Symantec. The Quarantine Console lets you manage the Quarantine Server and these submissions. If you determine that your network requires a central location for all quarantined files, you can install the Central Quarantine.
Symantec™ Central Quarantine Implementation Guide
Installing and configuring the Central Quarantine
Setting up Symantec Endpoint Protection clients to forward infected files to a Central Quarantine Server.
Tool used to view the devices on a client computer and obtain the class IDs or device IDs. This ID is needed when creating or editing Application and Device Control Policies. Tool comes with a brief instructions in .html format.
DevViewer - a tool for finding hardware device ID for Device Blocking in Symantec Endpoint Protection
3. Integration - SEPM_WebService_SDK -> Symantec Endpoint Protection Remote Monitoring and Management SDK
This folder contains the documentation and examples for working with Symantec Endpoint Protection Manager web services. It includes the following items:
* In the Remote_Management_Integration_Guide subfolder:
- A programmer's guide for how to integrate your remote management solution using Symantec Endpoint Protection web services. Content includes information about how to authenticate your web service calls using Symantec's implementation of the OAuth 2.0 standard, how to create a web service client using the WSDL files that are included with the build, and basic conceptual material about individual web services.
- The entry point filename is index.html. (Open this file to open the programmer's guide in your browser. Only Firefox and Internet Explorer are supported.)
* In the ReferenceGuide subfolder:
- The code documentation for Symantec Endpoint Protection web services. This documentation is generated from the Javadoc comments using doxygen. Included are an extensive overview page and package-level comments, as well as details about each web service method.
- The entry point filename is index.html. (Open this file to open the reference guide in your browser. All popular browsers are supported.)
* In the SampleCode subfolder:
- A set of PowerShell example scripts to help you get started writing your own web service client(s).
* In the WSDL subfolder:
- Static versions of the Web Services Description Language files that you need to build your web services client.
4. ITAnalytics - Altiris IT Analytics Version 7.1.206
Installation comes along with IT Analytics for Symantec Endpoint Protection Read Me in .pdf file.
IT Analytics Solution software complements and expands upon the reporting that is offered in many Symantec solutions. It brings multi-dimensional analysis and robust graphical reporting features to Symantec Management Platform. This functionality allows users to explore data on their own, without advanced knowledge of databases or third-party reporting tools. It empowers users to ask and answer their own questions quickly and easily. IT Analytics may be used as well with Symantec Endpoint Protection.
IT Analytics Solution 7.1 for Symantec™ User Guide
Installing and configuring IT Analytics Solution
5. JAWS - JAWS Scripts for Symantec Endpoint Protection 12.1
Symantec Endpoint Protection 12.1 makes use of the JAWS screen reader (assistive technology) program and a set of scripts to improve reading of menus and dialogs in SEP and provide compliance with Section 508 product accessibility. The JAWS screen reader, available from Freedom Scientific (www.freedomscientific.com) must be installed. The installation can occur anytime before or after SEP is installed. Symantec’s JAWS scripts have been tested with JAWS version 11 and 12.
6. LiveUpdate - Liveupdate Administrator in version 2.3.2 (LUAESD.exe)
Folder contains as well the documentation on .pdf (LiveUpdate Administrator Users Guide.pdf). Liveupdate Administrator is software used for definition distribution for Symantec Security Products. Allows for more detailled configuration and scheduling than the direkt defs distribution from SEPM Server.
Installing and Configuring LiveUpdate Administrator (LUA)
When to use LiveUpdate Administrator
Best Practices for LiveUpdate Administrator (LUA) 2.x
LiveUpdate Administrator 2.3: What's New
7. Mac - Macintosh Symantec Uninstaller
The Uninstaller is intended for all Symantec products on the Mac, not just SEP. Please refer the below documentation for usage.
Symantec Endpoint Protection for Macintosh Frequently Asked Questions
How to uninstall Symantec Endpoint Protection for Macintosh
8. NoSupport - a couple of unsupported Symantec tools.
* MoveClient - MoveClient Script version 3.0. Comes with usage guide in .pdf file.
MoveClient.vbs is a Visual Basic script which, when properly configured, will move one or more clients from a SEPM group to another group of your choice based on the hostname, username, IP address or operating system of the client. It also has the ability to switch client mode from user mode to computer mode or visa versa.
How to use the MoveClient Utility to switch multiple machines between computer and user mode.
* Qextract - The Quarantine Extract command line tool extracts and restores files from the Quarantine of the Symantec Endpoint Protection client. Tool provided with brief usage guide in .html format.
Tool may be needed if the Symantec Endpoint Protection client quarantines a file that you determine is a false positive. The tool uses the QEXTRACT command. The command includes different options to target a file or groups of files for restoration. The targeted file is always restored to the directory path from which it was initially quarantined.
* SEPprep - Tool in version 1.0.9 for removing installation of 3rd party AV products. Comes with guide in a .pdf file.
SEPprep is a unsupported tool that is designed to uninstall any competitive product automatically. This tool can also launch another application before or after removing all competitive products. Therefore you can configure this tool to first remove all competitive products (including Norton products) and then launch the SEP installer automatically and silently.
SEPprep competitive product uninstall tool
9. OfflineImageScanner - Symantec Offline Image Scanner (SOIS.exe) Version 220.127.116.11
Tool used for scanning offline VMware virtual system images.
* SOIS scans and detects threats in offline VMware virtual disks (.vmdk files)
* SOIS has been developed for users of Symantec Endpoint Protection (SEP) which
does not have support for scanning VMware virtual disks. You need to have a
valid license of SEP before you can use SOIS. Please see the EULA for details.
* This product does not ship with AntiVirus (AV) definitions nor does it download
them from Symantec's servers. If you have SEP/SAV installed on your computer,
SOIS uses those definitions.
* SOIS is compatible with AV definitions of SEP (versions 11 and 12) and SAV (version 10)
only. Other versions of SEP/SAV are not supported.
* SOIS scans FAT32 and NTFS file-systems on Windows .vmdk files. Linux .vmdk files
are not supported.
* SOIS has a command-line interface as well so that it may be used from within scripts.
About the Symantec Offline Image Scanner tool
How to use the Symantec Offline Image Scanner tool (SOIS)
10. PushDeploymentWizard - Push Deployment Wizard
Tool helps to deploy the clients software by pushing the installer to remote computers and automatically installing it. It has options for deploying SEP full install packages or patches as well as self-installing executables.
Overview of Push Deployment Wizard in Symantec Endpoint Protection 12.1
Deploying client software with the Push Deployment Wizard
Deploying client software with the Push Deployment Wizard
11. SEPIntegrationComponent - Altiris Symantec Endpoint Protection Integration Component (SEPIC) version 7.1.72.
The installer comes along with the Altiris Symantec™ Endpoint Protection Integration Component 7.1 SP1 Release Notes in .pdf file
The Symantec Endpoint Protection Integration Component helps facilitate migration to Symantec Endpoint Protection through robust software delivery mechanisms. The software provides detailed reporting, broad deployment views (dashboards), bandwidth throttling, and advanced discovery. This free component can scale for both local and remote endpoints. The Symantec Endpoint Integration Component combines Symantec Endpoint Protection with your other Symantec Management Platform Solutions. You can Inventory computers, update patches, deliver software, and deploy new computers. You can also back up and restore your systems and data, manage DLP agents, manage Symantec Endpoint Protection clients. You can do this work from a single, Web-based Symantec Management Console.
How to use Symantec Endpoint Protection Integration Component in conjunction with Symantec Endpoint Protection
Altiris Symantec™ Endpoint Protection Integration Component 7.1 SP2 User Guide
How to create and deploy a Symantec Endpoint Protection install package using the Altiris Symantec Endpoint Protection Integration Component
Ttool used for replacing the communication settings (sylink.xml file) on SEP client. Available versions for PC and Macintosh. Another tool that may be used to achieve the same goal would be Sylink Replacer - this on is not available on the CD2 of SEP installation.
SylinkDrop or SylinkReplacer fails to assign Symantec Endpoint Protection clients to a new Client Group
Using the "SylinkReplacer" Utility
13. SymHelp - Symantec Help Tool
Tool used for both SEP client and SEPM Server troubleshooting but not exlusively. The complete list of Symantec products it is used for consist of:
Symhelp is a new version (designed for SEP 12.1 RU2) that replaces the old Symantec Support Tool.
The SymHelp on CD is in the version: 18.104.22.168. The latest available version from Symantec is 22.214.171.124. The revision of the SymHelp tool are updated constantly - if possible use the latest available from Symantec. SymHelp may be downloaded as well directly from the SEP GUI - by going into Help -> Download Support tool -> this redirects directly to the Symantec Article mentioned below in the reference.
Symantec Help (SymHelp)
14. Virtualization - contains of the following tools:
* SecurityVirtualAppliance - A Symantec Security Virtual Appliance that contains the vShield-enabled Shared Insight Cache for VMware vShield infrastructures.
The Symantec Endpoint Protection Security Virtual Appliance is a Linux-based virtual appliance that you install on a VMware ESX/ESXi server. The Security Virtual Appliance integrates with VMware's vShield Endpoint. The Shared Insight Cache runs in the appliance and lets Windows-based Guest Virtual Machines (GVMs) share scan results. Identical files are trusted and therefore skipped across all of the GVMs on the ESX/ESXi host. Shared Insight Cache improves full scan performance by reducing disk I/O and CPU usage.
About the Symantec Endpoint Protection Security Virtual Appliance
VMware software requirements to install a Symantec Security Virtual Appliance
Installing a Symantec Endpoint Protection Security Virtual Appliance
Configuring the Symantec Endpoint Protection Security Virtual Appliance installation settings file
* SharedInsightCache - Network-based Shared Insight Cache, for use in any virtual infrastructure.
The Shared Insight Cache tool improves scan performance in virtualized environments by not scanning files that a Symantec Endpoint Protection client has determined are clean. When the client scans a file for threats and determines it is clean, the client submits information about the file to Shared Insight Cache. When any another client subsequently attempts to scan the same file, that client can query Shared Insight Cache to determine if the file is clean. If the file is clean, the client does not scan that particular file. If the file is not clean, the client scans the file for viruses and submits those results to Shared Insight Cache.
About the Symantec Endpoint Protection Shared Insight Cache tool
How Shared Insight Cache works
Network-based Shared Insight Cache - Best Practices and Sizing guide
Installation and Configuration of SEP Shared Insight Cache
* VirtualImageException - Virtual Image Exception tool.
The Virtual Image Exception (VIE) tool is designed specifically for environments leveraging virtualization technologies where a single baseline image is used to deploy many identical or nearly identical Virtual Desktop Infrastructure (VDI) clients. The VIE tool is used to add a new Extended File Attribute (EFA) value to all existing files on a machine before imaging. The EFA value remains valid until the file is modified. The Symantec Endpoint Protection (SEP) 12.1 client checks for this attribute before scanning files and skips scanning any files that are marked as "known good" by the VIE tool. Scans on VDI clients created with images processed by the VIE tool will experience lower I/O load, CPU usage, and network bandwidth usage during scheduled and manual scans.
About the Symantec Virtual Image Exception tool
Using the Virtual Image Exception tool on a base image