Endpoint Protection

 View Only

  • 1.  No def updates in User Mode if not logged in?

    Posted Apr 06, 2009 09:30 AM
    We use User Mode. We have two stories from Symantec support on definition updates:

    1. The PC never gets def updates when installed in User Mode until the first person logs in. It will continue to get def updates after that even if no one is logged in and even if the PC is rebooted but no one logs in.

    2. If the PC is rebooted and no one logs in, the PC will never get any def updates because it doesn't know where to get updates from.

    #1 is acceptable behavior. #2 is not. #2 came from Symantec "emergency outage" support. He said th e SMC service will not start until someone logs in even though it is set to automatic when User Mode is used.

    Yes, I know leaving a PC turned on but not logged in is not "green" but we do have PCs running tasks that do not need people logged in every day but that do need USB control when someone logs in per our regulators.

    Any light that can be shed on this would be helpful. I would think that if a PC is not logged in, it would use the LiveUpdate Default Location policy to get its updates. We're using MR4 MP1a.

    Thanks,

    Ray





  • 2.  RE: No def updates in User Mode if not logged in?

    Posted Apr 23, 2009 05:19 AM
    Why you are using User Mode?


  • 3.  RE: No def updates in User Mode if not logged in?

    Posted Apr 23, 2009 08:57 AM
    We need certain employees to be able to use USB drives regardless of which computer they use (at their desk, at a remote office, etc.) The only ways to authorize USB devices are by User ID or by computer. If we do it by computer, anyone sitting at that computer can use a USB drive, which is not desirable.

    Ray


  • 4.  RE: No def updates in User Mode if not logged in?

    Posted Apr 23, 2009 09:07 AM
    while logging in user mode are the client server communication alright? have you checked that?


  • 5.  RE: No def updates in User Mode if not logged in?

    Posted Apr 23, 2009 09:10 AM
    Yeah, gets pretty tricky. How I handle it is to tell them if they MUST use USB, we'll move the computer to a lax group.
    But since we're on a network with everything, we tell them to send the files to their email or copy them across the net to their own computer and get them from there.
    Another way is to have management use approved encrypted devices and allow ONLY those devices...........


  • 6.  RE: No def updates in User Mode if not logged in?

    Posted Apr 23, 2009 09:13 AM
    Try AD policy to restrict them


  • 7.  RE: No def updates in User Mode if not logged in?

    Posted Apr 23, 2009 09:29 AM

    We can't use AD because we need realtime alerting when someone plugs in a USB device and because we need to log all files copied to or from a USB device. It would be nice if the file sizes were reported by SEP as well. <hint, hint>

    Yes, communication is fine.

    We bought encrypted devices but we still need to be able to approve them for each user. Otherwise an employee could simply buy one on their own and steal customer data.

    Ideally, SEP will eventually work like PointSec. It would allow us to force encryption on 100% of all USB devices regardless of the vendor and control the decryption keys using Active Directory. That way we could be assured the devices could not be accessed outside of our network and we could approve USB devices for 100% of al lemployees and lose the management hassle entirely.

    Ray