Endpoint Protection

 View Only
Back to Library

What's new in SEPM 12.1 RU5 & User interface (differences) - Part 2 

Sep 19, 2014 06:12 AM

Continue from Part-1

https://www-secure.symantec.com/connect/articles/whats-new-sepm-121-ru5-user-interface-differences

Mac deployment through the SEPM console:

Now it's possible to deploy the SEP client to remote Mac clients. You can deploy a Client Install Package, or a Communication Update Package from the SEPM. Browsing for Mac clients can be done via Bonjour (if it’s installed on the SEPM), or by IPv4. IPv4 browsing is done by specifying an IP range, address or computer name. You can also provide a list of IP addresses in a text file.

10th_0.jpg

Replication Status on Home Page:

Replication succeeded/failed status is displayed on home page.

It gives easy understanding on replication status instead of navigate through admin tab.

 Replication.jpg

 Replication-1.jpg

Admin Lockout time

SEPM admin account is locked out, the amount of time the account is locked out for will double. So the initial lockout would be for 15 minutes. After the 15 minutes, if you keep typing in the wrong password and lock the account out again, the account would then be locked out for 30 minutes. The lockout time will continue to double over a 24 hour period

11th_0.jpg

Symantec Protection Center v1 Removed from the web console access:  

It contains only three options now.

1) Symantec Endpoint Protection Manager Web Console 

2) Symantec Endpoint Protection Manager Console

3) Symantec Endpoint Protection Manager Certificate

12th_0.jpg

 

 "Allow never expiring passwords' removed as a default option.

13th_0.jpg

 '0’ days option removed for client log retention

My Company --> Clients -->  Policies --> Client log settings --> Minimum you can change it to 1 days.

14th_0.jpg

Symantec Endpoint Protection Launcher Service: 

Introduction of Symantec Endpoint Protection Launcher service

Under services.msc you will find additonal Symantec service.

This service will run under the Local System account and will be used to launch processes that require elevated privileges.  (LiveUpdate, ClientRemote, etc.)  

15th_0.jpg

Client control passwords: 

Client control passwords have been made more visible with a link on the welcome screen. The link will show for domain and system admins on the Enterprise edition and system admins for Small Business Edition.

SEPM welcome page:

16th_0.jpg

If accessed from the welcome screen, settings will be applied in the following manner:
All groups in all domains if you’re a system admin. This would apply for both Enterprise Edition and Small Business Edition
All groups in the logged in domain if you’re a domain admin. This basically only applies if you have multiple domains in your SEPM environment. 

18th.jpg

Password Settings section has been moved from General Settings > Security Settings to their own link on the Policies page.  
 
If invoked from Group->Policies dialog, an option to apply to sub-groups included. This will apply password settings to all sub-groups, even if they are not inheriting group policies

19th.jpg

For SBE it's under same location.

 

See Related Articles for more information:

Title: Upgrading or migrating to Symantec Endpoint Protection 12.1.5 (RU5)

Article URL: http://www.symantec.com/docs/TECH224034

 

Title: New fixes and features in Symantec Endpoint Protection 12.1.5 (RU5)

Article URL: http://www.symantec.com/docs/TECH224706

 

Title: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control 12.1.5 Release Notes/What’s New

Article URL: http://www.symantec.com/docs/DOC7696

 

Title: The LiveUpdate content optimization and content storage space optimization steps take a long time to complete when upgrading to Symantec Endpoint Protection Manager 12.1 RU5

Article URL: http://www.symantec.com/docs/TECH224055

 

Title: Symantec Endpoint Protection Manager 12.1 RU5 and higher installs its services with reduced privileges and permissions

Article URL: http://www.symantec.com/docs/TECH224312

 

Title: Symantec Endpoint Protection 12.1.5 Getting Started Guide

Article URL: http://www.symantec.com/docs/DOC7701

 

Title: Symantec Endpoint Protection 12.1.5 Installation and Administration Guide

Article URL: http://www.symantec.com/docs/DOC7698

 

Title: Symantec Endpoint Protection Small Business Edition 12.1.5 Installation and Administration Guide

Article URL: http://www.symantec.com/docs/DOC7706 

 

Title: Symantec Network Access Control 12.1.5 Getting Started Guide

Article URL: http://www.symantec.com/docs/DOC7578

 

Title: Symantec Network Access Control 12.1.5 Installation and Administration Guide

Article URL: http://www.symantec.com/docs/DOC7707 

 

Title: Symantec Endpoint Protection 12.1.5 Database Schema Reference Guide

Article URL: http://www.symantec.com/docs/DOC7660

 

Title: Symantec Endpoint Protection 12.1.5 for Linux Client Guide

Article URL: http://www.symantec.com/docs/DOC7697

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Migration User
Jan 02, 2015 12:06 PM

Agree with you. You can mitigate your pain if you save user name and password so that you don't need to insert them during logon:

Admin > Domains > Edit Domain Properties > Password tab > Allow users to save credentials when logging on

Now the system is at least as insecure as with the Never setting for the console :-)

Migration User
Dec 19, 2014 03:44 AM

This can be done pretty easily when you know how; for myself I´m facing your "would be cool if that will work via policy"-thoughts everytime I apply a new SEP version to our clients, too. This is so seldom I forget it every time that the way to achieve this is slightly different. Because of that I´m documenting it here, not unselfish :) :

1) In client view, define your packages with the needed settings in a group:

1.png

2) After that, on the left side of SEPM there´s the option "Apply current deployment settings". Click it. (btw. also available via right-click):

2.png

3) In the now appearing "Copy Deployment Settings" dialogue window right-click the parent group and select "Select this and all subgroups". Now all groups under the selected parent group will inherit/copy your installation package.

3.png

Please be aware: during my experiences this works like a charm with one group and its subgroup(s). If you´ve got a sub-sub-group, eg. "Site (parent group) - Department (subgroup) - Servers (sub-sub-group)" the packages will not be applied. It works with like a charm with 2 levels of groups. Like in screenshot above: select Hall E and subgroups: Hall E and underlying departments are getting the packages. Doing the same with the parent group of Hall E will have no effect.

 

 

Best Regards

 

Peter Renner

IT Int. Sourcing AG

Migration User
Nov 06, 2014 03:45 PM

While I can and do appreciate a lot of the changes and improvments, even though the ugprade failed and trashed one SEPM and is giving nothing but troubles on the other related to virus defs, the one thing I wish they had left alone and left up to me, stop telling me how to work is the timeout. They took away my ability to keep the console open more than 1 hour. I should be the one to determine that, not the coders. When I am up to my eyeballs in alligators due to failed upgrades and updates and need to do a lot of back and forth there is little more frustrating than having to START ALL OVER logging in again. I have exclusive ability to get to the console, others cannot. I've got things locked down well, but this feels like they are dumbing it down to protect people who don't know better or should NOT be playing with security software - protecting them from themselves.

I will decide, not someone forcing me to log in every hour when I'm already dealing with a half-dozen fires, some of them caused by the upgrade to RU5.

Give back my right to leave the console open to specific pages and logs for more than an hour - and I will be opening a case on this as it's just plain dumb to dumb down an interface for a profesional in order to protect amateurs.
I also have to keep that open as it's our way of monitoring events since with the 12 series they totally broke the device control alerts, and there was a case open on that but the writers refused to believe anyone actually used it and decided it was best to report on ALL events not just blocked events. More dumb...... they broke a perfect great alerting system back then, they told me tuff as no one cared to use it like we did - as a replacement for our other device control app.
So now I have to keep logging in to the console and keep opening up the monitor pages again, all because some don't know how to lock things down.

I want the ability to set the console timeout put back.

Migration User
Oct 07, 2014 09:08 AM

nice information..!

podvojin
Sep 24, 2014 07:21 AM

Hallo,

Thank you for fixes and improvements. I have a qustion about "Install Packages" tab under Groups.

it will be very usefull if I can set (apply) same "install packages" settings also for sub-groups in the Clients tree regardless if inheritance is enabled/disabled. In the large environment with hundreds groups and 3-5 subgroup depth it can really help.

Thank you,

Ondrej

Related Entries and Links

No Related Resource entered.