Endpoint Protection

 View Only
  • 1.  Symantec Services in GPO & local Desktop

    Posted Jan 29, 2010 03:08 PM

    What services have to be allowed in GPO?  What services have to be allowed to run on the local desktop? 
     



  • 2.  RE: Symantec Services in GPO & local Desktop

    Posted Jan 29, 2010 03:23 PM
    these are the services FOR SEP11
    LiveUpdate
    Symantec Event Manager
    Symantec Endpoint Protection
    Symantec Network Access Control
    Symantec Management Client
    Symantec Settings Manager


  • 3.  RE: Symantec Services in GPO & local Desktop
    Best Answer

    Posted Jan 30, 2010 03:23 AM

    Title: 'Processes and Services used by Symantec Endpoint Protection'
    Document ID: 2007102906283148
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2007102906283148?Open&seg=ent

    Services used by Symantec

     

    Symantec Embedded Database

    Embedded database used by Symantec Endpoint Protection Manager.

    Symantec Endpoint Protection

    Provides virus-scanning for Symantec Endpoint Protection.

    Symantec Endpoint Protection Manager

    Application server which communicates with Symantec Endpoint Protection Manager consoles.

    Symantec Event Manager

    Event propagation and logging service.

    Symantec Management Client

    Provides communication with the Symantec Endpoint Protection Manager. Controls the SMC.exe & SMCGui.exe processes.

    Symantec Network Access Control

    Checks that the computer complies with the defined security policy and communicates with the Symantec Enforcers and/or Symantec Endpoint Protection manager to allow your computer to access the network.

    Symantec Settings Manager

    Settings storage and management service.



    Out of these the Symantec Embedded database service and Symantec Endpoint Protection Manger service will only run on the machine where we have the SEPM insattled ,
    :


  • 4.  RE: Symantec Services in GPO & local Desktop

    Posted Feb 01, 2010 10:42 AM
    I do not run the GPO or Desktop Policy.  This is another group but I have to provide them the permissions that need to be set.  I need to know what services/permissions that have to be set for Symantec Endpoint Client and Liveupdate to run on client machine. 




  • 5.  RE: Symantec Services in GPO & local Desktop

    Posted Feb 01, 2010 11:07 AM
    These are the processes I have allowed to run in Trusted Applications/HBSS/HIPS/McAFEE  (Have to run this product. I have no choice)

    C:\Program Files\Symantec\Symantec Endpoint Protection\SMC.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\SMCGUI.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\ccSvcHst.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\ccApp.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\RtvStart.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\WSCSAvNotifier.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\Checksum.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\ControlAP.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\DoScan.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\dot1xtray.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\DWHWizrd.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\LuaWrap.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\nlnook.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\PatchWrap.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\smcinst.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\SymDelta.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\Symantec AntiVirus.msi

    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\Sylink.xml

     C:\Program Files\Symantec\LiveUpdate\LuComServer.exe

    C:\Program Files\Symantec\LiveUpdate\LUALL.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\Program Files\Symantec\LiveUpdate\AUPDATE.exe

    C:\Program Files\Symantec\LiveUpdate\LSETUP.exe

    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

    C:\Program Files\Symantec\LiveUpdate\LUCheck.exe

    C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.exe

    C:\Program Files\Symantec\LiveUpdate\LuConfig.exe

    C:\Program Files\Symantec\LiveUpdate\LUInit.exe

    C:\Program Files\Symantec\LiveUpdate\NotifyHA.exe

    C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe

    C:\Program Files\Symantec\LiveUpdate\LuComServer.exe



  • 6.  RE: Symantec Services in GPO & local Desktop

    Posted Feb 02, 2010 11:47 AM

    These are the processes I have allowed to run in Trusted Applications/HBSS/HIPS/McAFEE  (Have to run this product. I have no choice)

    C:\Program Files\Symantec\Symantec Endpoint Protection\SMC.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\SMCGUI.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\ccSvcHst.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\ccApp.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\RtvStart.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\WSCSAvNotifier.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\Checksum.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\ControlAP.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\DoScan.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\dot1xtray.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\DWHWizrd.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\LuaWrap.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\nlnook.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\PatchWrap.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\smcinst.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\SymDelta.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\Symantec AntiVirus.msi

    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\Sylink.xml

     C:\Program Files\Symantec\LiveUpdate\LuComServer.exe

    C:\Program Files\Symantec\LiveUpdate\LUALL.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\Program Files\Symantec\LiveUpdate\AUPDATE.exe

    C:\Program Files\Symantec\LiveUpdate\LSETUP.exe

    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

    C:\Program Files\Symantec\LiveUpdate\LUCheck.exe

    C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.exe

    C:\Program Files\Symantec\LiveUpdate\LuConfig.exe

    C:\Program Files\Symantec\LiveUpdate\LUInit.exe

    C:\Program Files\Symantec\LiveUpdate\NotifyHA.exe

    C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe

    C:\Program Files\Symantec\LiveUpdate\LuComServer.exe



  • 7.  RE: Symantec Services in GPO & local Desktop

    Posted Apr 25, 2010 05:30 PM
    In your list I did not see ccSvcHst.exe  (Event Manager service)  or COHMon.exe (Proactive Threat protection). 

    For permissions, you can do an install, and then check the permissions of the files such as rtvscan.exe by right-clicking on the file and selecting Properties. Then click on the Security tab and see what permissions SYSTEM has, what Administrators have, and what Users have. 

    The permisssions that SEP installs with,  allow full functionality of the client.

    You can also check permssions (ACL)  with  CACL.exe (a line command included with Win XP). 

    Is that what you need?

    John


  • 8.  RE: Symantec Services in GPO & local Desktop

    Posted Apr 25, 2010 05:31 PM
    ...(sub)