Endpoint SWAT: Protect the Endpoint Community

 View Only

  • 1.  Installing SNAC on clients / server - what features needed on client

    Posted May 14, 2014 03:21 AM

    Hi All,

    I have been tasked to implement SNAC on the current environment with 28000+ machines. Running SEP12RU4MP1 on SEPM's , clients mixed between RU1-RU4MP1.

    I know that you have to upgrade the SEPM with the SNAC installation which adds the feature for configuring policy and license . 

    What features need to be enabled on the SEP client to get the SNAC to work. All clients have all features except firewall installed. Would the current
    features installed on the client be sufficient to enable SNAC.

    Thanking you in advance.



  • 2.  RE: Installing SNAC on clients / server - what features needed on client

    Posted May 14, 2014 03:30 AM

    Once the SNAC license is installed on the SEPM, all you have to do then is create and assign a Host Integrity Policy to your clients.

    SNAC is already built into all SEP clients by default, all you have to do is assign the HI Policy to enable the function (the same as when you assign or withdraw other policy types).



  • 3.  RE: Installing SNAC on clients / server - what features needed on client

    Posted May 14, 2014 03:32 AM

    Great. So then there is no need to have the firewall feature enabled?



  • 4.  RE: Installing SNAC on clients / server - what features needed on client

    Posted May 14, 2014 03:34 AM

    As a side note, HI policies work fine entirely independently of the other SEP policies, but they can be used in combination with them.

    Assignment of HI Policies to a group, adds a "Quarantine" location to it.  Clients that fail the HI check in the HI Policy will use policies in this "Quarantine" location instead, meaning you can apply more stringent security to those machines that fail their HI checks.

    The most common action we see, is for admins to apply a more secure FW policy to clients when they fail their HI checks.  So you're missing a beat by not having the FW installed (but you can still make sure everything else is more secure).



  • 5.  RE: Installing SNAC on clients / server - what features needed on client

    Posted May 14, 2014 03:35 AM

    Hi,

     

    if you install SNAc license on SEPm server then you get Host Integrity policy on the SEPM server.

    after that you can apply that policy for particular group and and check that group particular client you get extra feature name " Network Access Control" on SEP Client windows.

    you can configure SNAC "Host Integrity" policy from the SEPM server for SEP clients.

     

    Thanks

    Rupesh Naik



  • 6.  RE: Installing SNAC on clients / server - what features needed on client
    Best Answer

    Posted May 14, 2014 03:37 AM

    The FW is required if you want to apply "self-enforcement" (this is when a Client's SEP FW blocks access to eberything on the network when the HI checks fail).