swm for symantec sep11u5_a13!18!015-0085

8/10/2019 SWM for Symantec SEP11u5_A13!18!015-0085

http://slidepdf.com/reader/full/swm-for-symantec-sep11u5a1318015-0085 1/50

NPI Group

SW Manual (SWM)

For Symantec End Point Protection 11update 5

SWM Revision History

P/N: 18-015-0085Rev Description Sheet Author Approve

d byEC D!te

A00 "irst Re#e!se A## $%!#Avr!h!&

'uv!#(o#!n

0)/*010

A0) SR upd!tes A## $%!#Avr!h!&

08/*010

A05 SR upd!ted to !uto&!tic!##yinst!## the D+ !nd ,ser

A## $%!#Avr!h!&

08/*010

A0. Ne re&!rs: ercu#es user2D+C connection A## $%!#Avr!h!& 10/*010

A03 ,p%r!de SA4 106 to SEP 116 A## $%!#Avr!h!&

11/*010

A08 o to &!nu!# upd!te SEPc#ient ith 4irus de7nition

A## $%!#Avr!h!&

0*/*011

A0 9A10

o to Ch!n%e SEP c#iente!ture sets NeDep#oy&ent &ethod

A## $%!#Avr!h!&

05/*011

A11 ,pd!te E6c#usion #ist per nesubsyste&s : Corre#!tion2R+E2 ,;D2 <DS

A## Sh!ron=esch

$%!#Avr!h!&

400)1* 1*/./*011

A1* Add !ppendi6 - Pro>ectE6ception!# Re?uest

A## $%!#Avr!h!&

'uv!#(o#!n

4005@ @1/3/*011

P/N 18-015-0085 1 of 50 Rev A13



NPI GroupA1@ Ch!n%e S( product to SA4

106A## $%!#

Avr!h!& 'uv!#(o#!n

15/0/*011

Signature Date Description

ut!or "galvra!am Symantec End Point Protection

11 update 5

SWM

Page#1

pproved $y %uval&olan

'#

Rev# 1

P/N 18-015-0085 2 of 50 Rev A13

Notice

This material is proprietary of Verint. Any unauthorize reprou!tion" use or is!losure of this

material" or any part thereof" is stri!tly prohi#ite. This material is meant solely for the use of

Verint employees an Verint !ustomers.

http://softporal.ucoz.ru/Images6/SymantecEndpointEncryption_wm.JPG





NPI Group

*a$le o +ontents

1, S+'PE -D './E+*"0ES.................................................................................................4

11 !r%et Audience...........................................................................................................4

1* er&s !nd Abbrevi!tions..........................................................................................4

1@ Reerences.....................................................................................................................4, PREF+E....................................................................................................................................4

*1 Prere?uisites..................................................................................................................4

2.1.1 ;AN,A=S DC,;ENS 4

2.1.2 ARD<ARE 4

2.1.3 S"<ARE ;ED$A 4

2.1.4 =$CENSES5

, '0ER0"EW................................................................................................................................5

@1 About viruses................................................................................................................5@* About Sy&!ntec Antivirus So#ution.....................................................................5

@@ About ,pd!tin%............................................................................................................5

2, S%M-*E+ -*"0"R3S "-S*44*"'- PR'+ESS#...........................................6

)1 $nst!##!tion Bo............................................................................................................6

)* Auto&!tic inst!##!tion vi! SR too# Supp#ied by PDD %roup....................6

4.2.1 S= EFPRESS *008 R* / S= *008 SER4ER $NSA==A$N 6

4.2.2 ;S S= EFPRESS *008 R* CP/$P C;;,N$CA$N 10

4.2.3 RESRE E SEP 11 DAA+ASE 12

)@ Con7%ure the Sy&!ntec EndPoint Protection ;!n%er...............................14

4.3.1 CN"$(,RE A SEP ;ANA(E;EN SER4ER 14

4.3.2 REMOVE THE OLD SEP MANAGER FROM THE DB 22

)) Dep#oy Sy&!ntec EndPoint 11 C#ients............................................................24

4.4.1 $NSA== ,N;ANA(ED C=$EN 4$A SR SANDA=NE SER4ERS 24

4.4.2 HOW TO DEPLOY THE SEP CLIENT AND/OR CHANGE FROM UNMANAGED TO

MANAGED 25

4.4.3 ;AN,A==' CAN(E E SEP C=$EN ;ANA(ED 33

4.4.4< CAN(E/D$SA+=E SEP 11 C=$EN "EA,RES

35

4.4.5 DEP=A' E S';ANEC A4 C=$EN "R =$N,F 36

5, F"4ES -D F'4DER E+43S"'-S.............................................................................38

+'-F"&3R*"'- *.4ES F'R RE4"-* -D S*R&*E.....................................................38

51 Re#i!nt 10@ Con7%ur!tion.....................................................................................3

5* Re#i!nt 10) - upd!tes.............................................................................................43

5@ St!r(!te Con7%ur!tion...........................................................................................44

5) 4!nt!%e Con7%ur!tion............................................................................................46

55 Audio#o% Con7%ur!tion...........................................................................................4!

6, 0"R3S DEF"-"*"'-S 3PD*ES...................................................................................50

.1 ;!nu!# upd!tes the SEP; &!n!%er..................................................................50

P/N 18-015-0085 3 of 50 Rev A13



NPI Group6.2 H"# $" %&'(&))* (+,&$- ,-'$"' " & ('%&'&-, SEP C)-'$.................................52

7. APPENDIX.................................................................................................................................53

.1 H"# $" M&$- F"% S*%&'$- A'$( S*$-% C-'$- C"'")- $" S*%&'$-E',+"'$ P"$-$"' M&'&-.............................................................................................................53

.2 H"# $" 7)).-- ( '"$ ,-$-$-,.............................................................................5

P/N 18-015-0085 $ of 50 Rev A13



NPI Group

1. Scope and o$7ectives

1,1 *arget udience

he !r%et !udiences o this docu&ent !re: 'perations8 Su$contractors and PDD,

1, *erms and $$reviations

S<; 9 Sot!re ;!nu!#

SEP 9 Sy&!ntec Endpoint Protection So#ution

+D - o +e De7ned

N/A - Not App#ic!b#e

1, Reerences

GAHDocu&ent n!&e 4erint P/N 18-666-666

G+H

GCH

, Preace his docu&ent describes the procedure o inst!##in% !nd con7%urin% oSy&!ntec End Point Protection 116 / 1*6 in:

Product 4ersion Anti 4irus so#ution

Re#i!nt 10) !nd !bove

101 SP )5 $ndi!

Sy&!ntec End Point Protection 116 9;!n!%er !nd c#ients

Audio =o% 56 Sy&!ntec End Point Protection 116 9C#ients

RE=$AN 10@ !nd !bove / $ndi! pro>ects 101 SP) !nd !bove2 SAR-(AE!nd 4ANA(E syste&s

,1 Prere9uisitesPrior to the inst!##!tion2 &!e sure th!t the entire re?uired reerence &!nu!#s!nd inst!##!tion 7#es !re !v!i#!b#e

2.1.1 Manuals Documents

• Pro>ectIs SPD docu&ents• Pro>ectIs NDD docu&ents

2.1.2 4icenses

• No =icenses needed or SEP 11 E; Edition2 the so#ution is b!sed on R"*&)$*

!%ree&ent

P/N 18-015-0085 5 of 50 Rev A13



NPI Group

, 'vervie:

,1 $out virusesCo&puter viruses pose ! potenti!# thre!t to !ny co&puter syste&Since viruses c!n c!use severe !nd irreversib#e d!&!%e2 prevent!tive&e!sures &ust be t!en !t reco%niJed points o inection he$nternet presents ! p!rticu#!r#y %ood breedin% %round or viruses !nd2!s such2 it &ust be !ppro!ched ith c!utionA#thou%h the RE=$AN2 SAR-(AE !nd 4ANA(E syste&s !re notconnected direct#y to the $nternet2 it records !nd processes te#ephone!nd co&&unic!tion d!t!2 so&e o hich inc#udes $nternet sessions

his indirect connection to the $nternet presents the critic!# point indeendin% the RE=$AN2 SAR-(AE !nd 4ANA(E syste&s ro&viruses Protection is !chieved by inst!##in% Sy&!ntec AntivirusKSo#ution sot!reIs in co&puters interconnected by RE=$AN intern!#netor =AN/<AN

, $out Symantec ntivirus SolutionSy&!ntec Endpoint Protection ;!n!%er Server/C#ient or destops !ndservers oLers centr!#iJed po#icy &!n!%e&ent ith sc!#!b#e2 cross-p#!tor& virus protection on !n enterprise-ide b!sis Mey e!tures !re:

Centr!#iJed virus protection !nd &onitorin% ro& ! sin%#e&!n!%e&ent conso#e

Enorce!b#e !nti-virus po#icy &!n!%e&ent !cross &u#tip#e p#!tor&s

R!pid dep#oy&ent !nd !uto&!tic virus protection vi! c#osed #oop!uto&!tion

Sy&!ntec Endpoint Protection ;!n!%er Conso#e- ,sin% this e!ture i##

provide you to &!n!%e !## the c#ients such !s upd!tin% virus de7nition2inst!##in% ne c#ients2 con7%ur!tion2 Po#icies2 Reports2 etc

, $out 3pdating"re?uent upd!tes !re p!rt o the dyn!&ic Antivirus protectionSy&!ntec Antivirus So#ution c!n be inst!##ed in ! C#ient-Servercon7%ur!tion2 hich provides the !bi#ity to upd!te virus de7nitions!nd en%ine e6tensions on the Server !nd dep#oyin% the upd!tedde7nition !uto&!tic!##y over the entire C#ient-Server syste& hesupport person shou#d on#y #o!d !n upd!ted 4irus De7nition "i#e tothe Server o &!6i&iJe syste& upti&e2 there is no need to reboot

servers or re-dep#oy !pp#ic!tion sot!re

P/N 18-015-0085 % of 50 Rev A13



NPI Group

2, Symantec ntivirus "nstallation Process#

2,1 "nstallation ;o:

here !re to !ys to inst!## the Sy&!ntec Endpoint Protection ;!n!%er !pp#ic!tion:

- Auto&!tic $nst!##!tion usin% SR oo#• $nst!## S= *008 Server on ;PS Re#i!nt / ; or (SA or $PS St!r (!te

server• $nst!## SEP 11 ;!n!%er on the s!&e server the S= *008 inst!##ed

• Restore SEP11 d!t!b!se to the S= *008 inst!##ed on the SEP&!n!%e&ent server

- Verifi!ation of the automati! installation !omponents

• =o%in to Sy&!ntec Endpoint Protection ;!n!%er Conso#e

• ,p#o!d #!st de7nitions upd!tes

• Distribute SEP c#ient to Servers !nd orst!tions

2, utomatic installation via SR tool (Supplied $yPDD group),

Note: %ener!##y the SR too# inst!##s !## co&ponents on the re#ev!ntserver

his process shos on#y A4 re#!ted inst!##!tions

-ote# $n ! Re#i!nt environ&ent - +eore usin% the SR to inst!## there#ev!nt co&ponents2 &!e sure you h!ve ercu#es user either inthe ;PS do&!in contro##er or your st!nd!#one server

4.2.1 S<4 Server=E>press ??@ R and SEP managerinstallation

1 Choose MPS in Reliant or t!e Managmanet server in Star &atep#!tor& !nd install=upgrade option !nd press ne6t

* $n prere9uisites chec veriy no errors !nd press ne6t

,1, Microsot S<4 E>press ??@ R or Pro>ects ithout Citri6

Environ&ent,'R,, Microsot S<4 Server ??@ or Pro>ects <$ Citri6

Environ&ent,

,, $n the &!ster inst!##er chose the Symantec EndpointProtection Manager !s e##

P/N 18-015-0085 & of 50 Rev A13



NPI Group

1 $n the ri%ht P!ne# type the ercu#es p!ssord: Re#@

Press -E* tice !nd "nstall

he SR co&ponent reboots the Server beteen the Windo:s"nstaller 2,5 !nd Microsot S<4 Server ??@ installations orCh!n%es to t!e eLect

- =e!ve SR de!u#ts

$ you receive ! !rnin% &ess!%e2 c#ic 'ES !nd continue

P/N 18-015-0085 ' of 50 Rev A13



NPI Group

<!it or inst!##!tion to co&p#ete

P/N 18-015-0085 ( of 50 Rev A13



NPI Group

4.2.2 MS S<4 E>press ??@ R *+P="P communication,

-'*E# SR installs and ena$les t!e *+P="P protocol A please c!ecB,

+y de!u#t2 hen you 7nish the inst!##!tion o S= E6press *008 R*2 theon#y co&&unic!tion protoco# th!t is opened is OSh!red ;e&ory

Since the Sy&!ntec End Point Protection &!n!%er needs to co&&unic!teith the S= E6press e shou#d open the CP/$P protoco#

1 C#ic on St!rt ;enu Pro%r!& ;icrosot S= Server *008 R* Con7%ur!tion oo# S= Server Con7%ur!tion ;!n!%er

* pen OS= Server Con7%ur!tion &!n!%er =oc!# OS= ServerNetor Con7%ur!tion OProtoco#s or 4erintSE;5

@ Ri%ht-c#ic on OCP/$P !nd choose properties) $n the OProtoco# !b ch!n%e the OEn!b#e v!#ue to 'ES

P/N 18-015-0085 10 of 50 Rev A13



NPI Group5 $n the O$P Addresses !b ch!n%e the $P A## CP Port 4!#ue to 1)@@

! his is usu!##y sets by the &!ster inst!##er:

. pen indos services !nd #oc!te the QS= Server 4erintSE;5Service

3 Restart the S= Server 4erintSE;5 Service

P/N 18-015-0085 11 of 50 Rev A13



NPI Group

4.2.3 SEP 11 Data$ase veriCcation,

-'*E# SR import t!e SEP data$ase8 create and assign t!e user ort!e SEP manager A please c!ecB,

1 +rose to Server management Studio :,se S= Server Authentic!tion to #o%in to the S= *008 conso#e,se the o##oin%s:

Server n!&e: SEP&!n!%erservern!&e/4ER$NSE;5

P!ssord: you supp#y durin% the inst!##!tion Re#3

E6!&p#e or Re#i!nt syste&:

* Ater #o%in:! Chec or the e6istence o the D!t!b!se n!&e 9

O0erintSem5 under D!t!b!sesb Chec th!t the user Hercules !ssi%n to the d!t!b!se under

D!t!b!ses4erintSe&5Security,sers

P/N 18-015-0085 12 of 50 Rev A13



NPI Group-ote: in c!se the D+ !s not restored !nd you c!n 7nd the O4erintSe&5 D+p#e!se run the o##oin% procedure

1. C#ose the management console2. At the SEP_manager_server pen Drive D:SEP11D+3.

Doub#e c#ic on Orestore_database.sql 4. Enter the user !nd p!ssord !s described !bove5. E6ecute the script

6. <!it or the resu#ts:

7. Chec the D!t! b!se or the O4erintSe&5 !ccordin% to the be%innin%o the procedure

8. $ the ercu#es ,ser doesnIt e6ist p#e!se repe!t steps @-5 ith thescript: Ocreate_user.sql

he resu#ts shou#d be !s o##o:

C#ose the S= Server &!n!%e&ent studio conso#e

P/N 18-015-0085 13 of 50 Rev A13



NPI Group

4.3 +onCgure t!e Symantec Endpoint ProtectionManger

4.3.1 +onCgure a SEP Management server,

=!unch the O;!n!%e&ent Server Con7%ur!tion <iJ!rd

Chose OAdv!nced !nd c#ic ne6t

Chose the appropriate amount o SEP c#ients th!t shou#d connect to theSEP &!n!%er ,n#ess speci7ed otherise e use 100-500 !nd c#ic ne6t

P/N 18-015-0085 1$ of 50 Rev A13



NPI Group

Chose O$nst!## !n !ddition!# &!n!%e&ent server !nd c#ic ne6t

he re!son e choose O!ddition!# &!n!%e&ent server is th!t the D!t!b!se th!t e h!ve

restored previous#y cont!ins !#re!dy the site con7%ur!tion ith !## the necess!ry inor&!tion !nde donIt !nt to overrite the site inor&!tion ith the option Oinst!## &y 7rst site

P/N 18-015-0085 15 of 50 Rev A13



NPI Group

=e!ve the settin% in the ne6t p!%e !nd c#ic ne6t

,se the o##oin% p!r!&eters in the ne6t p!%e !s shon in the

screenshot:

- D!t!b!se server 9 )*P+mana,er+server+name- D!t!b!se n!&e 9 4erintSe&5- Authentic!tion 9 S= Server Authentic!tion- ,ser 9 ercu#es- P!ssord 9Nine1ne

Please maBe sure you type all parameters correctly,"n case you receive una$le to connect A you pro$a$ly typedincorrectly8 please cancel t!e :iard and rerun,

P/N 18-015-0085 1% of 50 Rev A13



NPI Group

C#ic ne6t !nd i you %et ! !rnin% &ess!%e2 c#ic 'ES

P/N 18-015-0085 1& of 50 Rev A13



NPI Group

<!it ! e seconds !nd the con7%ur!tion 7nish

Ater you c#ic "$N$S the SEP &!n!%er #o%in conso#e st!rts=o%in ith ercu#es / Re#3 user n!&e

P/N 18-015-0085 1' of 50 Rev A13



NPI Group

$ you %et ! !rnin% &ess!%e durin% #o%in p#e!se o##o those steps

o 76 this !rnin% &ess!%e issue2 e shou#d 76 the D+C connection

- pen OD!t! Sources D+C ro& the o##oin% #oc!tion:

o n <indos *008 R* .)bit- c:<indosSys<<.)odbc!d@*e6eo n <indos *00@ @*bit - c:<$ND<Ssyste&@*odbc!d@*e6e

- (o to OSyste& DSN !b- Choose OSy&!ntecEndPointSecurityDSN !nd c#ic on +onCgure

-

-

P/N 18-015-0085 1( of 50 Rev A13



NPI Group- $n the server 7e#d2 enter the n!&e o the

)*P+mana,er+server+name !nd the n!&e o the inst!nce

"or E6!&p#e : ;PS14erintSe&5 !nd c#ic ne6t

-

- Enter the n!&e o the user !nd p!ssord E% ercu#es !ndNine1ne p!ssord !nd c#ic ne6t

-

P/N 18-015-0085 20 of 50 Rev A13



NPI Group- $n the ne6t p!%e ch!n%e the de!u#t d!t!b!se to O4erintSe&5 !nd

c#ic ne6t !nd 7nish

- est the connection !nd i successu##y 9 C#ic M

-

--- (o to Services !nd Rest!rt the O$$S Ad&in Service !nd the

!ssoci!te services hen you pro&pt to

P/N 18-015-0085 21 of 50 Rev A13



NPI Group=!unch the OSy&!ntec Endpoint protection &!n!%er conso#e !%!in !nd#o%in to the SEP &!n!%er conso#e

4.3.2 Remove the old SEP manager from the DB

-e nee to verify that the !urrent server is efine as )*P Amin server.

1. pen the )*P ana,er onsole !li! on Admin on the left Tool#ar" ansele!t servers4

2. ae sure that the server eists in the list.

Note4 please !he! the server list. 6f you fin one of the P) 7ith the 6P410.1%1.$&.'0 – DELETE T

P/N 18-015-0085 22 of 50 Rev A13



NPI Group

P/N 18-015-0085 23 of 50 Rev A13



NPI Group

4.4 Deploy Symantec Endpoint 11 +lients

- "or SAND-A=NE servers inst!## un&!n!%ed c#ient ro& the SR- "or ! centr!#iJed so#ution: $nst!## ;!n!%ed c#ient by usin% Sy&!ntec Server

or installation :it! ctive Directory etc

4.4.1 "nstall unmanaged client via SR (Standalone

servers),- =!unch the SR too#- Chose the correct p#!tor&- $nst!## the SEP C#ient on#y- he SR i## !uto&!tic!##y se#ect the correct !rchitecture 68. / 6.)

P/N 18-015-0085 2$ of 50 Rev A13



NPI Group

4.4.2 How to deploy the SEP client and/or change from

unmanaged to managed

P#e!se use the procedure be#o:

1 Cre!te ne custo& inst!##!tion settin%s

* Cre!te ne $nst!##!tion e!ture set

@ E6port the ne SEP c#ients

) Dep#oy the c#ient by usin% the Sy&!ntec &i%r!tion !nd dep#oy&entiJ!rd

4.4.2.1 Create a new custom installation settings

*o create custom installation settings to restore clientGservercommunication8 please ollo: t!e steps outlined $elo:#

1, pen the Sy&!ntec End Point ;!n!%er

, $n the SEP;2 c#ic on dmin

, C#ic on "nstall PacBages,

2, C#ic on +lient "nstall Settings,

5, C#ic on dd +lient "nstall Settings,,,

6, N!&e the ne QC#ient $nst!##!tion settin%sI !s 0erint +lient"nstallation settings

, $n the +lient "nstall Settings :indo:2 !t the botto& you i## see3pgrade settings2 Choose the IRemove all previous logs andpolicies8 and reset t!e communication settingsI option !nd c#icM

P/N 18-015-0085 25 of 50 Rev A13



NPI Group

P/N 18-015-0085 2% of 50 Rev A13



NPI Group

4.4.2.2 Create a new installation feature set

*o create a ne: installation eature set to remove all eaturese>cept rom t!e ntivirus and ntispy:are8 please ollo: t!e stepsoutlined $elo:#

1, pen the Sy&!ntec End Point ;!n!%er

, $n the SEP;2 c#ic on dmin

, C#ic on "nstall PacBages,

2, C#ic on +lient "nstall Feature sets

5, C#ic on dd +lient "nstall Feature Set,,,

1, $n the N!&e 7e#d type 0erint 'nly ntivirus andntispy:are

, $n the Select t!e eature to include: re&ove !## e!turese6cept ro& Ontivirus and ntispy:are protection I option!nd c#ic M

P/N 18-015-0085 2& of 50 Rev A13



NPI Group

4.4.2.3 Export the new SEP 11 clients

*o e>port t!e SEP 11 client :it! t!e ne: previous createddeCnitions em$edded in t!e pacBage8 please ollo: t!e stepsoutlined $elo:#

1 pen the Sy&!ntec End Point ;!n!%er

* $n the SEP;2 c#ic on dmin

@ C#ic on "nstall PacBages,

) C#ic on +lient "nstall PacBage

5 Ri%ht C#ic on the 7rst c#ient SEP c#ient @*bit in the ri%ht p!ne !ndchose E>port

. Cre!te ! ne o#der hich the ne c#ient i## be e6ported to2 ore6!&p#e: D:Ne C#ient

1 Cre!te the o##oin% subo#ders under D:Ne C#ient

1, D#J-e: +lientJ>@6

, D#J-e: +lientJ>62

* $n the EFPR o#der c#ic .ro:se !nd se#ect re#ev!nt o#der

@ $n the T$nst!##!tion Settin%s !nd e!turesT se#ect the 4ER$Nsettin%s ro& the Tdrop don #istT

) $n the IPolicy settingsI ;!r T4 to IE>port PacBage :it!policyK8 and 0ER"-* !nd c#ic M

3 E6port the SEP 11 62$it in the s!&e procedure2 this ti&e e6port toD#J-e: +lientJ>62,

P/N 18-015-0085 2' of 50 Rev A13



NPI Group

P/N 18-015-0085 2( of 50 Rev A13



NPI Group

4.4.2.4 Deploy the client by using the Symantec migration

and deployment wizard

ter t!e custom=eatures installation settings are created andsaved and t!e clients already e>ported to a older8 you are ready todeploy t!e installation pacBage to your clients, Follo: t!e steps$elo:#

1 =!unch the Migration and Deployment Wiard by %oin% to StartUll ProgramsUSymantec Endpoint ProtectionManagerLMigration and Deployment Wiard

* Se#ect -e>t !t the T<e#co&eT screen2

@ Ensure Deploy t!e client is en!b#ed !nd c#ic ne>t

) En!b#e the ISelect an e>isting client install pacBage to deployI2!nd then c#ic Finis!

5 $n the TPush Dep#oy&ent <iJ!rd2 c#ic the .ro:se button

. $n the T+rose or "o#derT di!#o% bo62 n!vi%!te to !nd open the o#derth!t you e6ported your inst!##!tion p!c!%e to2 !nd se#ect the neededsubo#der or @*/.)bit c#ients

3 C#ic ' 2 !nd then c#ic ne>t

8 $n the ISelect one or more computers,,, screenI2 either:Note: +e !!re to !dd servers ith corre#!ted S type @* / .) bit

! Dri## don into the IMicrosot Windo:s -et:orBI to Add your orst!tions to the I+omputers to deploy toI p!ne

P/N 18-015-0085 30 of 50 Rev A13



NPI Group

r

b C#ic the dd or "mport +omputer button !nd se#ect theco&puters b!sed upon T"P ddressT or THost nameT 'ou

&!y !#so use ! te6t 7#e #ist popu#!ted ith either ost n!&es or$P Addresses

nce your orst!tions !re !dded to the I+omputers to deployI p!ne2 c#ic Finis! A pro%ress indic!tor !ppe!rs !s the Sy&!ntecEndpoint Protection sot!re is dep#oyed

P/N 18-015-0085 31 of 50 Rev A13



NPI Group

he Sy&!ntec Endpoint Protection sot!re i## no inst!##!uto&!tic!##y to the orst!tions !nd beco&e ! &!n!%ed c#ient in theSy&!ntec End Point ;!n!%er

C#ic C=SE !nd youI## receive ! &ess!%e to revie the dep#oy&ent #o%

%ou !ave successully deployed t!e SEP 11,*!e SEP 11 client :ill automatically receive preGdeCned policies

rom t!e SEP manager,

P/N 18-015-0085 32 of 50 Rev A13



NPI Group

4.4.3 Manually c!ange t!e SEP client to managed

The master installer is !han,in, the )*P !lient from unmana,e to mana,eautomati!ally" the follo7in, pro!eure eplain ho7 to manually perform thisa!tion.

6n orer to assi,n the lients to the mana,er 7e nee to uploa the ana,erPoli!y to the !lient

4.4.3.1 Download Policy XML from the Manager

• pen the SEP ;!n!%er Conso#e

• C#ic on OClients

• E6p!nd OMy Company !nd Ri%ht C#ic on OVerint • Choose OExport Communications Settings”

• C#ic on OBrowse !nd choose the #oc!tion !s OD• O!re"erred !olicy Mode shou#d be OComputer Mode

P/N 18-015-0085 33 of 50 Rev A13



NPI Group

• C#ic on OExport

4.4.3.2 Upload Policy XML to the SEP Clients

• n the desi%n!ted server:

i. Start

#un

$$M!S%$d& or t'e equi(alent Star )ateSer(er ii. Copy the ;y OCompany_Verint_sylin*.xml you e6ported

e!r#ier to the server destop• pen the c#ient !pp#ic!tion !t the desi%n!ted server

i. Start !rogram Symantec Endpoint !rotection Symantec Endpoint !rotection

• C#ic on +roubles'ooting

• he management conso#e shou#d sho th!t the server is not&!n!%ed:

-ote: i the server is !#re!dy &!n!%ed by diLerent server you need to un-!ssi%nit

• At the management roub#eshootin% c#ic on O+ommunicationSettings "mport

• N!vi%!te to ODestop !nd choose theOCompany_Verint_sylin*.xml

• <!it V 10 &inutes or it si%n to the SEP server:

P/N 18-015-0085 3$ of 50 Rev A13

http://smb//MPS1/d$

http://smb//MPS1/d$



NPI Group

-ote# the Server i## be shon !s $P/ost n!&e per c#ient DNS con7%ur!tion

• At the SEP &!n!%er Server you c!n see the server #isted underc#ients O4erint

-

4.4.4 Ho: to +!ange=Disa$le SEP 11 client eatures

*o modiy installed eatures or managed clients

$n Sy&!ntec Endpoint Protection ;!n!%er2 c#ic dmin

1 C#ic "nstall PacBages on the botto&

* C#ic +lient "nstall Feature Set on the top

@ $ ! e!ture set th!t &eets your needs does not e6ist2 then choose dd+lient "nstall Feature Set

) (ive the e!ture set ! uni?ue n!&e

5 Se#ect /dese#ect the e!tures you need Antivirus/Antispy!re2 Netor hre!t Protection2 Pro!ctive hre!t Protection

. Choose '

3 n the #et2 c#ic +lients

8 Se#ect the %roup ith your Sy&!ntec Endpoint Protection c#ients in it2 !ndthen c#ic the "nstall PacBages t!b in the ri%ht p!ne

,nder *asBs2 choose dd +lient "nstall PacBage

10 $n th!t screen2 se#ect the correct p!c!%e in the drop don &enu or useith this %roup @* bit or .) bit b!se inst!## 7#es +oth p!c!%es c!n besep!r!te#y !ssi%ned to the s!&e %roup

11,nchec Maintain e>isting client eatures :!en updating

1*+e#o th!t2 se#ect the e!ture set you !nt to use ro& the dropdon&enu

P/N 18-015-0085 35 of 50 Rev A13



NPI Group1@ $ you do not choose ,p%r!de Schedu#e2 then c#ients i## receive the

instructions to ch!n%e their inst!##!tion hen they chec in ith the&!n!%er his #!unches ;S$EFEC on the c#ient

1)Ater the inst!##!tion co&p#etes2 ! rest!rt is re?uired i the ch!n%e inst!##sor uninst!##s Netor hre!t Protection

"or un&!n!%ed c#ients2 or to ch!n%e ! &!n!%ed c#ient on !n individu!# b!sis#oc!# to th!t &!n!%ed c#ient2 use Add or Re&ove Pro%r!&s to ch!n%e theinst!##!tion

*o modiy installed eatures or unmanaged clients

pen dd or Remove Programs

1 Se#ect Sy&!ntec Endpoint Protection2 !nd then c#ic +!ange

* C#ic -e>t

@ Se#ect Modiy2 !nd c#ic ne>t

) ,se the drop don &enus ne6t to the individu!# co&ponent to eitherThis e!ture i## be inst!##edT2 This e!ture2 !nd !## subco&ponents2i## be inst!##edT2 or This e!ture i## not be !v!i#!b#eT

5 C#ic -e>t

. C#ic "nstall to &odiy the inst!##!tion

3 Ater the inst!##!tion co&p#etes2 ! rest!rt is re?uired i the ch!n%e inst!##sor uninst!##s Netor hre!t Protection

-et:orB over!ead considerations

As e!ch e6istin% Sy&!ntec Endpoint Protection c#ient !#re!dy cont!ins !##co&ponents hether or not they !re inst!##ed !nd the version is notbein% up%r!ded2 no inst!##!tion 7#es !re !ctu!##y sent over the netorNo netor b!ndidth or tr!Wc spies shou#d occur hen ch!n%in% theinst!##ed e!ture set

4.4.5 Deploy t!e Symantec 0 client or 4inu>

4.4.5.1 Software system requirements

Sy&!ntec Antivirus supports the o##oin% =inu6 distributions:

• Red !tX Enterprise =inu6 @0 ES RE=@ES

• SuSEK =$N,F Enterprise Server S=ES

• Nove##X =inu6 Destop N=D

hese distributions !re supported on co&puters usin% $nte# )8.-2 58.-2 !nd .8.-co&p!tib#e CP,s

he Y!v! Runti&e Environ&ent YRE 1) or hi%her &ust be inst!##ed on your

P/N 18-015-0085 3% of 50 Rev A13



NPI Group=inu6 co&puters to use the user inter!ce YRE is !#so re?uired to run Y!v! =ive,pd!te

F11 ith ! MDE or (no&e destop environ&ent is re?uired to see the syste& tr!yicon2 user st!tus indo2 !nd event noti7c!tions

$nst!##!tion P!c!%es or SA4

• S!v - Sy&!ntec Antivirus Auto-Protect e!tures n#y speci7c erne# versions!re supported

• S!v!p - he Sy&!ntec Antivirus %r!phic!# user inter!ceF11 &ust !#re!dy beinst!##ed

• S!v>#u - he Y!v! =ive ,pd!te e!tures $ this p!c!%e is not inst!##ed2!#tern!tive &ethods &ust be used to upd!te de7nitions

he setup bin!ries or SA4 or =inu6 c!n be ound !t:JrdpartyJSEP 11 u5 +lientJS04"-3

4.4.5.2 Installing Symantec Antivirus for Linux locally

n the co&&!nd #ine2 type the o##oin%: rpm A3!v NCleOnameL,rpm

$nst!##in% Sy&!ntec Antivirus or =inu6 ro& ! re&ote server

n the co&&!nd #ine2 type the o##oin%: rpm Aitp#==Nsomeserver,com=somes!are=Cle nameL,rpm

P/N 18-015-0085 3& of 50 Rev A13



NPI Group

5, Files and Folder e>clusions

$n order to !void the SEP c#ient ro& sc!nnin% un!nted 7#es !nd o#dersin our syste&s2 ! po#icy h!s been set in the Sy&!ntec End Point ;!n!%er

to !pp#y on !## SEP c#ient hen they 7rst connect to the SEP ;!n!%erserver

his po#icy cont!ins !## 7#es e6tensions !nd o#ders or !## pro>ects !nd i !7#e/o#der is not e6ist on ! p!rticu#!r server/orst!tion the SEP c#ienti%nore it

Since this po#icy is p!rt o the SEP &!n!%er d!t!b!se2 there is no need torun con7% too# or con7%ure !ny co&ponent

-ote# Security RisB E>ceptions are glo$al8 and apply to all Sc!eduled Scansas :ell as RealGtime uto Protect,

he o##oin% p!%es cont!in !## 7#es !nd o#ders e6c#usions or the v!ri!ntservers

CN"$(,RA$N A+=ES "R RE=$AN AND S AR(AE

5.1 Reliant 1?, +onCguration

;icroso:t Wce

<ord 83 - *00@ Docu

P/N 18-015-0085 3' of 50 Rev A13



NPI Group

5.2 Reliant 1?,2 A updates

;icroso:t Wce<ord 83 - *00@ Docu

5, Star&ate +onCguration

;icroso:t Wce

<ord 83 - *00@ Docu

5,2 0antage +onCguration

;icroso:t Wce

<ord 83 - *00@ Docu

5.5 udiolog +onCguration

;icroso:t Wce

<ord 83 - *00@ Docu

P/N 18-015-0085 3( of 50 Rev A13



NPI Group

6, 0irus deCnitions updates

6,1 Manual updates t!e SEPM manager<hen upd!tin% the SEP; !ntivirus de7nition content is not possib#e by runnin% =ive,pd!te

=,A==e6e or schedu#in% =ive,pd!te throu%h the SEP; (,$ !nd then &!nu!##y upd!tin% the

de7nitions content on the SEP; is the ne6t preerred &ethod

+ause# <hen the SEP; is behind ! c#osed 7re!##/pro6y or h!s no direct !ccess to the $nternet or

!n intern!# =ive,pd!te server2 the SEP; i## not be !b#e to retrieve content

Solution#

*!e Cle , /D. can $e used to update t!e virus deCnitions or Symantec EndpointProtection Manager,

P#e!se note th!t the YD+ 7#e on#y cont!ins !ntivirus/!ntispy!re de7nitions !nd i## not provide

upd!ted content or the 7re!## co&ponent or the SEP c#ients

,se the YD+ D!i#y Certi7ed de7nitions or the YD+ R!pid Re#e!se de7nitions to upd!te Sy&!ntec

Endpoint Protection ;!n!%er Content

*o do:nload t!e ,/D. daily certiCed deCnitions#

! $n ! broser ith !ccess to the internet2 %o to the o##oin% ,R=:

http://sy&!ntecco&/business/securityresponse/de7nitions/don#o!d/det!i#>spZ%id[s!vce

b n the ne6t eb p!%e2 TSy&!ntec Endpoint Protection / Sy&!ntec Antivirus Corpor!te

EditionT2 there !re &u#tip#e he!din%s/product c!te%ories presented +e !!re th!t e!ch set o

de7nitions !v!i#!b#e !re %rouped by @* bit or .) bit product inst!##!tion sets Don#o!d the correct

@* bit or .) bit YD+ 7#e !ccordin% to the <indos p#!tor& here the Sy&!ntec Endpoint

Protection ;!n!%er is inst!##ed !nd s!ve the 7#e to the <indos destop

*o do:nload t!e ,/D. Rapid Release deCnitions#

! $n ! broser ith !ccess to the internet2 %o to the o##oin% ,R=:

http://sy&!ntecco&/business/securityresponse/de7nitions/don#o!d/det!i#>spZ%id[rr

b Don#o!d the !v!i#!b#e YD+ 7#e !nd s!ve the 7#e to the <indos destop

*o use t!e ,/D. Cle to update deCnitions or Symantec Endpoint Protection

Manager#

! Ater don#o!din%2 ren!&e the 7#e e6tension ro& TJipT to T>dbT ;ost brosers detect

the 7#e type !nd !uto&!tic!##y ch!n%e the e6tension his &ust be ch!n%ed b!c to YD+ or use inthe SEP;

P/N 18-015-0085 $0 of 50 Rev A13

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr



NPI Group

b Copy the YD+ 7#e to the TC:Pro%r!& "i#esSy&!ntecSy&!ntec Endpoint Protection

;!n!%erd!t!inbo6contentinco&in%T he #oc!tion #isted in this #ine is the de!u#t inst!##!tion

#oc!tion !nd is presented !s !n e6!&p#e on#y

c $n ! period o ti&e ro& @0 seconds to ! &inute2 the YD+ 7#e i## be processed As the YD+

7#e is processed2 !## 7#es !nd subo#ders !re re&oved ro& the T$nco&in%T o#der

0eriy t!at t!e SEPM content is updated#

! o veriy th!t the SEP; content h!s been upd!ted2 #oo in the o##oin% o#ders:

@*-bit de7nitions: TC:Pro%r!& "i#esSy&!ntecSy&!ntec Endpoint Protection

;!n!%er$netpubcontent\C.0DC*@)-.5"-).3)-)AE-.*158E"CA)@@]T

.)-bit de7nitions: TC:Pro%r!& "i#esSy&!ntecSy&!ntec Endpoint Protection

;!n!%er$netpubcontent\1CD8518-*.C.-)b!c-8C3*-5D@)+0*5DE@5]T

b ypic!##y2 there i## be @ nu&bered o#ders present he o#der n!&in% convention is

Tyy&&dd666T "or e6!&p#e T100.0*0@)T his is the d!te !nd bui#d revision nu&ber o the

de7nition set inst!##ed P#e!se note th!t the de7nition set inst!##ed &!y h!ve been pub#ished the

previous d!y !nd ! set or the current d!y &!y not yet be !v!i#!b#e

c =ooin% inside the o#der th!t &!tches the set don#o!ded !nd inst!##ed2 there shou#d be !

o#der n!&ed T"u##T !nd ! Jip 7#e n!&ed T"u##JipT

d =ooin% inside the T"u##T o#der2 there shou#d be the 7#es typic!##y !ssoci!ted ith ! virus

de7nition set

*!e diQerences $et:een do:nloads G "mportant -otes#

1 "or the @*-bit $nte##i%ent ,pd!ter 7#es or c#ients2 the 7#e n!&es end ith Ti@*e6eT !nd the

.)-bit c#ient 7#e n!&es end ith Ti.)e6eT

* he $nte##i%ent ,pd!ter 7#e n!&es or S0 c#ients end ith Ti@*e6eT or Ti.)e6eT

@ he $nte##i%ent ,pd!ter 7#e n!&es or SEP c#ients end ith Tv5i@*e6eT or Tv5i.)e6eT

) he $nte##i%ent ,pd!ter 7#e n!&e th!t ends in T68.e6eT is on#y or cert!in products !nd

shou#d on#y be used ith those products

5 he SEPM upd!ter 7#e h!s ! TYD+T e6tension

. he SA4 P!rent upd!ter 7#e h!s !n TFD+T e6tension !nd on#y upd!tes @*-bit virus

de7nitions^ SA4 p!rent servers do not serve .)-bit de7nitions .)-bit syste&s c!nnot be SA4 p!rent

servers

P/N 18-015-0085 $1 of 50 Rev A13



NPI Group

!.2 "o# to man$a%%& $'(ate (e)initions )or a

$nmanage( SEP *%ient.

8o7 to upate efinitions for the )ymante! *npoint Prote!tion lient usin,the .9# file.

he _>db 7#e c!n be used to upd!te virus de7nitions or the Sy&!ntec EndpointProtection C#ient ,se the D!i#y Certi7ed or R!pid Re#e!se _>db to upd!teSy&!ntec Endpoint Protection C#ient

Directly on t!e +lient#

1 Don#o!d the _>db "i#e ro& our Sy&!ntec Security Response <ebsite:http://sy&!ntecco&/!vcenter/desdon#o!dht&# or certi7edde7nitions orhttp://sy&!ntecco&/!vcenter/r!pidre#e!sedon#o!dht&# or R!pidRe#e!se de7nitions

* Copy the 7#e on the C#ient PC into the o#der:C:Docu&ents !nd Settin%sA## ,sersApp#ic!tionD!t!Sy&!ntecSy&!ntec Endpoint Protectioninbo6

n <indos *00@ 9 the p!th is 9 C:Docu&ent !nd Settin%sA## ,sers

n <indos *008/R* the p!th is 9 C:,sersA## ,sers

@ Ater ! e &inutes the c#ient i## h!ve the ne Antivirus De7nitions

P/N 18-015-0085 $2 of 50 Rev A13

http://www.symantec.com/avcenter/defs.download.html

http://www.symantec.com/avcenter/rapidrelease.download.html

http://www.symantec.com/avcenter/defs.download.html

http://www.symantec.com/avcenter/rapidrelease.download.html



NPI Group

P/N 18-015-0085 $3 of 50 Rev A13



NPI Group

,

8. +''en(i,

8.1 "o# to igrate rom S&mantec +ntivir$s S&stem*enter *onso%e to S&mantec En('oint Protectionanager

$n order to up%r!de the SA4 Syste& center to Sy&!ntec Endpoint Protection2 you&ust o##o the be#o procedure or success up%r!de

Migrations t!at are supported#

he c#ient inst!##!tion detects the o##oin% sot!re !nd &i%r!tes the sot!re i it is detected:

! Sy&!ntec Antivirus c#ient !nd server 6 !nd #!ter

b Sy&!ntec C#ient Security c#ient !nd server *6 !nd #!ter

Migrations t!at are $locBed#

he c#ient inst!##!tion routines chec or the e6istence o the o##oin%sot!re !nd b#ocs &i%r!tion i this sot!re is detected:

! Sy&!ntec Antivirus c#ient !nd server 86 !nd e!r#ier

b Sy&!ntec C#ient Security c#ient !nd server 16

c Sy&!ntec C#ient "ire!## 50

d Sy&!ntec Syste& Center2 !## versions

e Sy&!ntec Reportin% Server 106

Con7dence n#ine e!vy by <ho#e Security2 !## versions

% Norton Antivirus !nd Norton $nternet Security2 !## versions

'ou &ust uninst!## this sot!re 7rst !nd then inst!## Sy&!ntecEndpoint Protection c#ients

Migrations t!at are not supported#

he o##oin% sot!re is not &i%r!ted !nd c!n coe6ist on the s!&eco&puter !s Sy&!ntec Endpoint Protection c#ient sot!re:

! Sy&!ntec C#ient "ire!## Ad&inistr!tor2 !## versions

b =ive,pd!te Server

o inst!## the #!test version o =ive,pd!te Server2you &ust 7rst uninst!## the #e%!cy version

P/N 18-015-0085 $$ of 50 Rev A13



NPI Group

Migrating Symantec ntivirus and Symantec +lient Security

Preparing legacy installations or migration#

<ith the Sy&!ntec Syste& Center2 you &ust ch!n%e settin%s or c#ients !ndservers to si&p#iy the &i%r!tion process "or e6!&p#e2 i ! c#ient runs !n!ntivirus sc!n durin% &i%r!tion2 &i%r!tion is b#oced unti# the sc!n 7nishes !ndthe &i%r!tion &!y !i# A#so2 you need to dis!b#e the uninst!##!tion p!ssorde!ture or c#ient sot!re i it is en!b#ed $ you do not2 users !re pro&pted toenter the p!ssord in inter!ctive &ode

Note: $ you &i%r!te %roups !nd settin%s ro& the Sy&!ntec Syste& Center2 thepo#icies th!t !re &i%r!ted or those %roups inc#ude these &odi7c!tions 'ou &!y!nt to revert these settin%s !ter the &i%r!tion "or e6!&p#e2 you &!y !nt toturn on schedu#ed sc!ns A#so2 you do not need to dis!b#e the uninst!## p!ssordi it is en!b#ed he &i%r!tion i%nores the p!ssord

Preparing all legacy installations#

hese procedures !pp#y to !## #e%!cy sot!re inst!##!tions th!t !re supported or&i%r!tion

-ote# " you use client groups t!at do not in!erit settings8 preparet!ese groups t!e same :ay t!at you prepare server groups andmanagement servers,

Disa$ling sc!eduled scans#

$ ! sc!n is schedu#ed to run !nd is runnin% hi#e the c#ient &i%r!tion occurs2&i%r!tion &!y !i# A best pr!ctice is to dis!b#e schedu#ed sc!ns durin% &i%r!tion!nd then en!b#e !ter &i%r!tion

o dis!b#e schedu#ed sc!ns1 $n the Sy&!ntec Syste& Center2 do one o the o##oin% !ctions:

! Ri%ht-c#ic ! &!n!%e&ent server

b Ri%ht-c#ic ! c#ient %roup

* +licB ll *asBs L Symantec ntivirus L Sc!eduled Scans,

@ $n the Sc!eduled Scans di!#o% bo62 on the Server Sc!ns t!b2 unchec !##schedu#ed sc!ns) n the C#ient Sc!ns t!b2 unchec !## schedu#ed sc!ns2 !nd then c#ic M5 Repe!t this procedure or !## pri&!ry &!n!%e&ent servers2 second!ry&!n!%e&ent servers2 !nd !## c#ient %roups

P/N 18-015-0085 $5 of 50 Rev A13



NPI GroupDeleting !istories

A## histories !re no stored in ! d!t!b!se istory 7#e de#etion speeds the&i%r!tion process

o de#ete histories1 $n the Sy&!ntec Syste& Center2 ri%ht-c#ic ! server %roup* C#ic A## !ss U Sy&!ntec Antivirus U Con7%ure istory@ $n the istory ptions di!#o% bo62 ch!n%e the De#ete !ter v!#ues to 1 d!y) C#ic M5 Repe!t this procedure or !## server %roups i you h!ve &ore th!n one

;i%r!tin% Sy&!ntec Antivirus !nd Sy&!ntec C#ient Security

Disa$ling 4ive3pdate$ =ive,pd!te runs on c#ient co&puters durin% &i%r!tion2 conBicts &!y occur hereore2 you &ust turn oL =ive,pd!te on c#ient co&puters durin% &i%r!tion

o turn oL =ive,pd!te

1 $n the Sy&!ntec Syste& Center2 ri%ht-c#ic ! server %roup* C#ic A## !ss U Sy&!ntec Anti4irus U 4irus De7nition ;!n!%er@ $n the 4irus De7nition ;!n!%er di!#o% bo62 chec ,pd!te on#y the pri&!ryserver o this server %roup2 !nd then c#ic Con7%ure) $n the Con7%ure Pri&!ry Server ,pd!tes di!#o% bo62 unchec Schedu#e orAuto&!tic ,pd!tes2 !nd then c#ic M5 $n the 4irus De7nition ;!n!%er di!#o% bo62 unchec the o##oin% se#ections:

_ ,pd!te virus de7nitions ro& p!rent server_ Schedu#e c#ient or !uto&!tic upd!tes usin% =ive,pd!te_ En!b#e continuous =ive,pd!te

. Chec do not !##o c#ient to &!nu!##y #!unch =ive,pd!te2 !nd then c#ic M3 Repe!t this procedure or !## server %roups i you h!ve &ore th!n one

*urning oQ t!e roaming service$ the ro!&in% service is runnin% on c#ient co&puters2 the &i%r!tion &i%ht h!n%!nd !i# to co&p#ete $ the ro!&in% service is turned on2 you &ust turn it oLbeore st!rtin% the &i%r!tion

Note: $ your ro!&in% c#ients run Sy&!ntec Antivirus version 1062 you &ustun#oc your server %roups beore you dis!b#e the ro!&in% service his pr!cticehe#ps ensure th!t ro!&in% c#ients !re proper#y !uthentic!ted ith certi7c!tes totheir p!rent server

o turn oL the ro!&in% service

1 $n the Sy&!ntec Syste& Center2 ri%ht-c#ic ! server %roup* C#ic A## !ss U Sy&!ntec Antivirus U C#ient Ro!&in% ptions@ $n the C#ient Ro!&in% ptions di!#o% bo62 in the 4!#id!te p!rent every &inutesbo62 type 1) $n the Se!rch or the ne!rest p!rent every &inutes bo62 type 12 !nd then pressM

;i%r!tin% Sy&!ntec Antivirus !nd Sy&!ntec C#ient Security

P/N 18-015-0085 $% of 50 Rev A13



NPI Group5 <!it ! e &inutes. $n the Sy&!ntec Syste& Center2 ri%ht-c#ic ! server %roup3 C#ic A## !ss U Sy&!ntec Antivirus U C#ient Ro!&in% ptions8 $n the C#ient Ro!&in% ptions di!#o% bo62 unchec En!b#ero!&in%onc#ientsth!t h!ve the Sy&!ntec Antivirus Ro!&in% service inst!##ed C#ic M

$out preparing Symantec 1?,>=,> legacy installations

Sy&!ntec Antivirus 106 !nd Sy&!ntec C#ient Security @6 provide the !ddition!#e!tures th!t &ust be proper#y con7%ured or successu# &i%r!tion

,n#ocin% server %roups$ you do not un#oc server %roups beore &i%r!tion2 unpredict!b#e resu#ts &!yoccur A#so2 i the ro!&in% service is en!b#ed or c#ients2 the un#ocin% the server%roup he#ps ensures th!t the c#ients proper#y !uthentic!te to ! p!rent serverC#ients th!t proper#y !uthentic!te to ! p!rent server %et p#!ced in the d!t!b!se

C#ients th!t %et p#!ced in the d!t!b!se !uto&!tic!##y !ppe!r in the correct#e%!cy %roup in the conso#e !ter inst!##!tion

o un#oc ! server %roup1 $n the Sy&!ntec Syste& Center2 ri%ht-c#ic ! #oced server %roup2 !nd thenc#ic ,n#oc Server (roup* $n the ,n#oc Server (roup di!#o% bo62 type the !uthentic!tion credenti!#s inecess!ry2 !nd then c#ic M

urnin% oL !&per Protection !&per Protection c!n c!use unpredict!b#e resu#ts durin% &i%r!tion 'ou &ustturn oL !&per Protection beore st!rtin% the &i%r!tion

o turn oL !&per Protection

1 $n the Sy&!ntec Syste& Center2 ri%ht-c#ic one o the o##oin% c!te%ories:

_ Server %roup ;i%r!tin% Sy&!ntec Antivirus !nd Sy&!ntec C#ientSecurity_ Pri&!ry or second!ry &!n!%e&ent server

* C#ic A##!ssUSy&!ntecAnti4irusUServer!&perProtection ptions@ $n the Server !&per Protection ption di!#o% bo62 unchecEn!b#e!&perProtection) C#ic M

5 Do one o the o##oin% !ctions:_ $ you se#ected ! server %roup2 repe!t this procedure or !## server%roups i you h!ve &ore th!n one_ $ you se#ected ! &!n!%e&ent server2 repe!t this procedure or !##&!n!%e&ent servers in !## server %roups

P/N 18-015-0085 $& of 50 Rev A13



NPI Group

8.2 "o# to )i, /i%%.e,e vir$s not (etecte(

The ill.ee virus is not ete!te ue to preefine path in the !entralizee!eption that )ymante! a in the first pla!e.

The follo7in, pro!eure is for eistin, environments.The upate )*P ata#ase !ontains this fi.

1. pen :)ymante! *n Point Prote!tion mana,er onsole; 2. Navi,ate to :Poli!ies; 3. 6n the :Poli!ies; !li! on :entralize *!eption; $. 6n the ri,ht pane" ri,ht !li! on :Verint *!eption; an !hose :eit; 5. Navi,ate to :entralize *!eption;.%. 6n the :*!eption 6tem; lo!ate the *N P+S

an elete it.

&. The )*P lients 7ill #e upate in a short 7hile.

P/N 18-015-0085 $' of 50 Rev A13



NPI Group

8.3 PE - Pro6ect E,ce'tiona% e7$est

8.3.1 Internal application/software productization$n !## 4erint products e !re usin% the o##oin% Anti 4irus so#utionsre%!rdin% Sy&!ntec

-o, Department

Pro7ectversion

0endor and version

1 NP$ 10) !nd !bove Sy&!ntec End Point Protection116

10@ SP1 Sy&!ntec Anti 4irus 106101 SP)5$ndi!

Sy&!ntec End Point Protection116

310 SP6 Sy&!ntec Anti 4irus 106

* <A;-<$S Sy&!ntec Anti 4irus 106@ St!r%!te .6 Sy&!ntec Anti 4irus 106

56 Sy&!ntec Anti 4irus 106) Audio#o% 56 Sy&!ntec End Point Protection

116)6 Sy&!ntec Anti 4irus 106

5 !ctic!# Sy&!ntec Anti 4irus 106 4ist!10*

8.3.2 Procedure when implementing a different A/V product

6n !ase the !ustomer 7ant to use his/her o7n A/V solution" please use thefollo7in, pro!eure4

1. Run a sanity test in your <A= 7ith the A/V solution the !ustomerre>ueste.

2. he! 7ith the !ustomer to use the e!lusion list ta#les on se!tion 5pa,es 5' 7hen !onfi,urin, the A/V poli!y

$n order to !void the SEP c#ient ro& sc!nnin% un!nted 7#es !nd o#dersin our syste&s to !void !ccess b#ocin% !nd poor peror&!nce2 ! po#icy

h!s been set in the Sy&!ntec End Point Protection ;!n!%er th!t !pp#ieson !## SEP c#ients hen they 7rst connect to the SEP ;!n!%er server

his po#icy cont!ins !## 7#es e6tensions !nd o#ders or !## pro>ects !nd i !7#e/o#der is not e6ist on ! p!rticu#!r server/orst!tion the SEP c#ienti%nore it

Since this po#icy is p!rt o the SEP &!n!%er d!t!b!se2 there is no need torun con7% too# or con7%ure !ny co&ponent

-ote# Security RisB E>ceptions are glo$al8 and apply to all Sc!eduled Scansas :ell as RealGtime uto Protect,

3. he! for any elays/errors 7hen usin, our o7n systems.

P/N 18-015-0085 $( of 50 Rev A13



NPI Group$. he! 7ith the !ustomer a#out the Virus efinition upates pro!eure.