Endpoint Protection Small Business Edition

 View Only

  • 1.  SEP 21.1 — Distinct policies for Server (Exchange) and Clients

    Posted Apr 10, 2012 03:51 AM

    I have recently moved our Endpoint installation from the SBS 2003 server to a XP workstation and upgraded it from SEP 12.0 to 12.1.

    After succesfully moving and upgrading the installation I took some time to review the policy settings and started wondering if some of the hickups we experience frequently might be related to the way SEP checks for virusses and intrusions.

    Question 1: Auto-protect

    This option is enabled as default and before I had left this as is. Rereading the Implementation guide I do wonder if this is the right way to go. In principal, files running back and forth between our server and the client computers shouldn't be check for virusses, but apparently all of the files will be checked continuously. Only files downloaded by the internet or through the use of digital medium (CD/DVD, USB-stick,...) should be scanned. And this goes for the workstations as well as for the server.

    How can I accomplish this without impeding security issues?

    Question 2: Internet Email Auto-protect and Microsoft Outlook Auto-protect?

    Both of these are enabled on all the clients (workstations and Exchange server). Considering the note in the Implementation guide (see below) I am wondering what the correct procedure is to protect both the server and our clients from malicious attacks. The server already runs an application that removes spam (Spamfighter) so I don't think that we need Symantec Mail Security to be run on our server.

    Note: On a Microsoft Exchange Server, you should not install Microsoft

Outlook Auto-Protect. Instead you should install Symantec Mail Security

for Microsoft Exchange.

    To conclude:

    A: I want both the server and the workstations to check files that are being fed by an external medium (CD/DVD, USB-sticks, Internet, Mail) but refrain from checking checking files that get exchanged between server and workstations on our own network.

    B: I would like to use the best (resource-low) procedure to check intrusions and virusses sent by mail.

    Can somebody explain this as lucid and concise as possible?



  • 2.  RE: SEP 21.1 — Distinct policies for Server (Exchange) and Clients

    Trusted Advisor
    Posted Apr 12, 2012 02:36 PM

    Hello,

    Could please let us know if you have Migrated to SEP Small Business Edition (SBE) 12.1 OR SEP Enterprise Edition (EE) 12.1?

     

    A: I want both the server and the workstations to check files that are being fed by an external medium (CD/DVD, USB-sticks, Internet, Mail) but refrain from checking checking files that get exchanged between server and workstations on our own network.

    The Autoprotect within SEP would make sure that all the files would get checked when any files from the External Files are processed or changed. However, in case if you want to refrain this check between networks, then you can disable the Network Scan Option. NOTE this option is not available in SBE products.

    B: I would like to use the best (resource-low) procedure to check intrusions and virusses sent by mail.

     

    Internet Email Auto-Protect protects both incoming email messages and outgoing email messages that use the POP3 or SMTP communications protocol over the Secure Sockets Layer (SSL). When Internet Email Auto-Protect is enabled, the client software scans both the body text of the email and any attachments that are included.
     
    You can enable Auto-Protect to support the handling of encrypted email over POP3 and SMTP connections. Auto-Protect detects the secure connections and does not scan the encrypted messages. Even if Internet Email Auto-Protect does not scan encrypted messages, it continues to protect computers from viruses and security risks in attachments.
     
    File System Auto-Protect scans email attachments when you save the attachments to the hard drive.
    The Symantec Endpoint Protection client also provides outbound email heuristics scanning. The heuristics scanning uses Bloodhound Virus Detection to identify the risks that may be contained in outgoing messages. When the client scans outgoing email messages, the scan helps to prevent the spread of risks. These risks include the worms that can use email clients to replicate and distribute themselves across a network.
     
    Hope that helps!!