Endpoint Protection

 View Only

  • 1.  Newbie Seeking Symantec Endpoint Protection Advice

    Posted Jul 23, 2009 05:45 AM
    Hello

    My company has just moved to symantec endpoint protection and I am in the process of rolling this out to computers in the business.

    I have created several client groups with different policies applied (anti virus & anti spyware only). The one thing that is the same across all these groups is that the weekly scan schedule is set at the same time.

    As am relatively new to this software I dont yet know all the in's and out's but most of it is straight forward.

    The questions I have are:

    As stated, the scheduled scan happens at 6pm every tuesday, however i have had computers running their scans before and after this time. My PC for one, started scanning wednessday at 2pm although it had been powered off near to the scheduled time due to PAT testing. Surely my PC should have started scanning when it was next switched on, not 5 hours later?
    A colleague's computer also scanned on the wednessday but it is now running another scan today??

    All i have done is set the policy on the group of PC's to match what i want to achieve.

    Second question, and forgive me if it sounds daft.

    On the clients section again, where i have all my computers grouped there is the install packages tab. I have already pushed out the installation to PC's in this group and they are controlled by the policy which is attached to it. At the moment i havent got an install package assigned to this group yet i have created and used one via the deployment wizard. Should i have a package in here or is it only used when new versions are released which are needed to be pushed out??

    Sorry if my questions sound daft

    Kind regards

    Matt


  • 2.  RE: Newbie Seeking Symantec Endpoint Protection Advice

    Posted Jul 23, 2009 06:31 AM
    Hi,

    let me answer the one which is simpler first,  your second question
    as u mentioned when new versions of SEPM comes out you need not have to create packages and push them to clients, instead you can just add the new package to the groups and clients would update themself, this will save lot of time.

    coming to the scan questions i would like to know if the scan ran completely, the initial scan which ever its suppose to run, you may check the logs and see who initiated the scan
    if its a schedule scan , it would say so, if not it would say administrator initiated the scan.
    please check the logs  so that we can know who initiated the scans.
    some times its possible that they retain their older settings ( from sAV) 

    check this key it will tell you about all the admin scans

    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\General

    client scans key would hold info about clients made scans,

    hope this helps :)