Endpoint Protection

Hello.

I have set up two locations for a group I call workstations.  I have setup a non shared firewall policy for the location I call Out Of Office.  I want this policy to implement when the client cannot locate a management server.

Two questions:

1) When I go to the main policy icon on left pane I was thinking that this new non shared policy would show here.  That is not the case.  Only the firewall policy created during installation is listed.  Is there not a common repository where all non shared and shared policies are grouped?

2) I was wanting to see what policy was applied to a client for testing purposed.  But the only thing that I can find is via the Clients main icon in left pane.  If I go to the group I want to review and click on clients tab, I see listed only a policy serial number.  This does not help me to drill down what policy is in place for that client.

Hope somebody can help.

Thanks.

Hi,

1. In the policies tab on the left hand side, you will be able to see only those policies that you have added from the policies tab itself or the default ones. If you create a non-shared policy from clients->policies page, they will not be shown in the policies tab.

2. If you go to clients->policies you can see the names of the policies that you have applied to the groups. In this case, i created a non-shared policy for application and device control and named it new policy. As you can see in the screenshot, it can be seen in the clients->policies tab.

Thank you.

Hi Aniket.

Thanks for the update.   Did you have an answer to my second question.  That is, how can I teel what policy is in effect for a single workstation?

For example, right now, I'm testing some firewall settings and I don't know what location (policy) is in effect for this particular computer.

The only thing that I have found is the policy serial number and that doesn't help.  For example, in this configuration, I have three locations -- default, workstations when at office and workstations when out of office.  Any three of these locations could be in control given the assigned location variables and yet I don't know or can't tell which one is.

Thanks.

Hi,

Unfortunately, there is no other way from the admins to know which individual policy is being applied.  Policy serial number is the best way to determine the effective policy applied to a group.

Aniket

If you want you can query the registy for the client to check what location it is in.
You need to check this key
CurlLocation key will tell you which location policy the client is using.

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC

smc is reposible in talking to the manager and uploading logs.
since you have selected the policy unable to connect to the manger, the client will be offline
will take new locatio policy on the client end and thus does not post any event to the manager ( when it is not able to connect to the manager)
I think this is the reason why we dont have any column in the mangaer to see what policy is in place.
Posting this key event in the manager would be a great idea in the coming versions :)

Hi Aniket.

OK.  But, how do I know what policy# is what?  I'm looking at the non shared firewall policy I just created and nowhere can I see a policy #.

Even in the main policy icon in the left pane on the default policy created during install I can't locate a policy serial # for this.

Thanks.

You cannot have the policy serial no under the policy tab.. its just a template
Right click on any client click on properties under client tab you wil fnd the policy serial number.
to know what policy serial number your cleints are using, you can check any of these.
locate any group ,say default
click on deatails locate the policy serial number.
now go to

F:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\60DF7F180AB08B310005354AA7DC62E8

you will find the folder with policy serial number what you noted above
in this folder open the profile.xml
you will find a diff serial number, if your client has changed location..

OK.  Thanks for the input.  

Just wanting to make sure here, but are you guys saying that for a group containing multiple locations (each lets say with a different set of firewall rules) that in order for an admin to tell what location (firewall rule set) is in effect for any given client that they need to inspect the registry of the SEPM computer, or, manually edit an XML file?

Knowing what location (and thus SEP rules) presently are controlling an individual client computer (and if they are not connected to the SEPM then I'd like to know that they are not present on the network at least) seems like a pretty important piece of information to have available.  I must be missing something here :-)