4. Technical Support
Symantec Technical Support maintains support centers globally. Technical
Support’s primary role is to respond to specific queries about product features
and functionality. The Technical Support group also creates content for our online
Knowledge Base. The Technical Support group works collaboratively with the
other functional areas within Symantec to answer your questions in a timely
fashion. For example, the Technical Support group works with Product Engineering
and Symantec Security Response to provide alerting services and virus definition
updates.
Symantec’s support offerings include the following:
■ A range of support options that give you the flexibility to select the right
amount of service for any size organization
■ Telephone and/or Web-based support that provides rapid response and
up-to-the-minute information
■ Upgrade assurance that delivers software upgrades
■ Global support purchased on a regional business hours or 24 hours a day, 7
days a week basis
■ Premium service offerings that include Account Management Services
For information about Symantec’s support offerings, you can visit our Web site
at the following URL:
www.symantec.com/business/support/
All support services will be delivered in accordance with your support agreement
and the then-current enterprise technical support policy.
Contacting Technical Support
Customers with a current support agreement may access Technical Support
information at the following URL:
www.symantec.com/business/support/
Before contacting Technical Support, make sure you have satisfied the system
requirements that are listed in your product documentation. Also, you should be
at the computer on which the problem occurred, in case it is necessary to replicate
the problem.
When you contact Technical Support, please have the following information
available:
■ Product release level
5. ■ Hardware information
■ Available memory, disk space, and NIC information
■ Operating system
■ Version and patch level
■ Network topology
■ Router, gateway, and IP address information
■ Problem description:
■ Error messages and log files
■ Troubleshooting that was performed before contacting Symantec
■ Recent software configuration changes and network changes
Licensing and registration
If your Symantec product requires registration or a license key, access our technical
support Web page at the following URL:
www.symantec.com/business/support/
Customer service
Customer service information is available at the following URL:
www.symantec.com/business/support/
Customer Service is available to assist with non-technical questions, such as the
following types of issues:
■ Questions regarding product licensing or serialization
■ Product registration updates, such as address or name changes
■ General product information (features, language availability, local dealers)
■ Latest information about product updates and upgrades
■ Information about upgrade assurance and support contracts
■ Information about the Symantec Buying Programs
■ Advice about Symantec's technical support options
■ Nontechnical presales questions
■ Issues that are related to CD-ROMs, DVDs, or manuals
6. Support agreement resources
If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:
Asia-Pacific and Japan customercare_apac@symantec.com
Europe, Middle-East, and Africa semea@symantec.com
North America and Latin America supportsolutions@symantec.com
7. Contents
Technical Support ............................................................................................... 4
Chapter 1 Introducing Symantec Endpoint Protection .................. 37
About Symantec Endpoint Protection .............................................. 37
What's new in version 12.1 ............................................................ 38
About the types of threat protection that Symantec Endpoint
Protection provides ................................................................ 45
Protecting your network with Symantec Endpoint Protection ............... 50
Getting up and running on Symantec Endpoint Protection for
the first time ................................................................... 51
Managing protection on client computers ................................... 57
Maintaining the security of your environment ............................. 60
Troubleshooting Symantec Endpoint Protection .......................... 61
Section 1 Installing Symantec Endpoint
Protection ................................................................... 63
Chapter 2 Planning the installation ................................................... 65
Planning the installation ............................................................... 65
Components of Symantec Endpoint Protection .................................. 68
Components of Symantec Network Access Control ............................. 70
Network architecture considerations ............................................... 73
Product license requirements ......................................................... 74
System requirements .................................................................... 76
Internationalization requirements ............................................ 80
Supported virtual installations and virtualization products ................. 81
About Symantec Endpoint Protection Manager compatibility with
other products ....................................................................... 82
About choosing a database type ...................................................... 83
About SQL Server configuration settings .......................................... 84
About SQL Server database authentication modes .............................. 88
8. 8 Contents
Chapter 3 Installing Symantec Endpoint Protection
Manager .......................................................................... 91
Installing the management server and the console ............................. 91
Configuring the management server during installation ...................... 93
Accepting the self-signed certificate for Symantec Endpoint Protection
Manager ............................................................................... 93
Uninstalling Symantec Endpoint Protection Manager ......................... 94
Logging on to the Symantec Endpoint Protection Manager
console ................................................................................. 95
Increasing the time period for staying logged on to the console ............ 97
What you can do from the console ................................................... 98
Chapter 4 Managing product licenses ............................................. 101
Licensing Symantec Endpoint Protection ........................................ 102
About the trialware license ........................................................... 104
Purchasing licenses .................................................................... 104
Where to buy a Symantec product license ....................................... 105
Activating your product license ..................................................... 105
Using the License Activation wizard .............................................. 106
Required licensing contact information .......................................... 107
About upgrading from trialware .................................................... 108
About product upgrades and licenses ............................................. 108
About renewing your Symantec Endpoint Protection license .............. 109
About the Symantec Licensing Portal ............................................. 109
Maintaining your product licenses ................................................. 110
Checking license status ................................................................ 110
Downloading a license file ............................................................ 111
Licensing enforcement rules ......................................................... 111
Backing up your license files ......................................................... 112
Recovering a deleted license ......................................................... 113
Importing a license ..................................................................... 113
About obsolete clients and their impact on licenses .......................... 114
Purging obsolete clients from the database ..................................... 114
About multi-year licenses ............................................................ 115
Licensing an unmanaged client ..................................................... 115
Chapter 5 Preparing for client installation ..................................... 117
Preparing for client installation .................................................... 117
About firewalls and communication ports ....................................... 119
Preparing Windows operating systems for remote deployment ........... 121
Managing client installation packages ............................................ 122
9. Contents 9
Adding client installation package updates ...................................... 123
Chapter 6 Installing the Symantec Endpoint Protection
client ............................................................................... 125
About client deployment methods ................................................. 125
Deploying clients using a Web link and email ............................ 126
Deploying clients by using Remote Push .................................. 127
Deploying clients by using Save Package ................................... 129
Restarting client computers ......................................................... 131
About managed and unmanaged clients .......................................... 132
Installing an unmanaged client ..................................................... 132
Uninstalling the client ................................................................. 133
About the client installation settings .............................................. 134
Configuring client installation package features ............................... 135
Exporting client installation packages ............................................ 136
About Federal Desktop Core Configuration (FDCC) compliant client
packages ............................................................................. 137
Chapter 7 Upgrading and migrating to Symantec Endpoint
Protection ...................................................................... 139
About migrating to Symantec Endpoint Protection ........................... 140
Migrating from Symantec Client Security or Symantec
AntiVirus ............................................................................ 141
About migrating computer groups ........................................... 143
Migrating group settings and policy settings ............................. 143
Migrating an installation instance that uses multiple embedded
databases and management servers ......................................... 144
Upgrading to a new release .......................................................... 145
Turning off replication before migration ........................................ 146
Turning on replication after migration or upgrade ........................... 147
Migrating a management server .................................................... 148
Stopping and starting the management server service ....................... 149
Disabling LiveUpdate in Symantec AntiVirus before migration ........... 150
Disabling scheduled scans in Symantec System Center when you
migrate client computers ....................................................... 151
Turning off the roaming service .................................................... 151
Uninstalling and deleting reporting servers .................................... 152
Unlocking server groups in Symantec System Center ........................ 153
About upgrading client software ................................................... 153
Upgrading clients by using AutoUpgrade ........................................ 154
Updating client software with a LiveUpdate Settings policy ............... 155
Migrating Group Update Providers ................................................ 156
10. 10 Contents
Chapter 8 Setting up and managing sites and replication .......... 157
Managing sites and replication ..................................................... 157
Determining how many sites you need ........................................... 159
How replication works ................................................................. 161
Adding a replication partner ......................................................... 163
Changing the automatic replication schedule ................................... 164
Replicating data on demand ......................................................... 165
Specifying which data to replicate ................................................. 166
Deleting remote sites .................................................................. 166
Chapter 9 Managing Symantec Endpoint Protection in
Protection Center ........................................................ 169
About Symantec Endpoint Protection and Protection Center .............. 169
About upgrading to Protection Center version 2 ............................... 170
About setting up Symantec Endpoint Protection in Protection
Center ................................................................................ 171
About setting up multiple Symantec Endpoint Protection domains
in Protection Center .............................................................. 171
Configuring communication between Symantec Endpoint Protection
Manager and Protection Center ............................................... 172
Section 2 Managing protection on Symantec
Endpoint Protection ........................................... 175
Chapter 10 Managing groups of client computers .......................... 177
Managing groups of clients .......................................................... 177
How you can structure groups ...................................................... 179
Importing an existing organizational structure ................................ 180
Adding a group .......................................................................... 182
Assigning clients to groups before you install the client
software ............................................................................. 183
Disabling and enabling a group's inheritance ................................... 183
Blocking clients from being added to groups .................................... 184
Viewing assigned computers ........................................................ 184
Moving a client computer to another group ..................................... 185
Chapter 11 Managing clients ............................................................... 187
Managing client computers .......................................................... 188
About the client protection status icons .......................................... 189
11. Contents 11
Viewing the protection status of clients and client computers ............. 191
Filtering which clients you can view on the Clients tab ...................... 192
Searching for information about client computers ............................ 193
Viewing a client computer's properties ........................................... 194
About enabling and disabling protection ......................................... 195
About commands you can run on client computers ........................... 197
Running commands on the client computer from the console ............. 199
Switching a client between user mode and computer mode ................. 200
Configuring a client to detect unknown devices ................................ 201
Converting an unmanaged client to a managed client ........................ 202
About access to the client interface ................................................ 204
About mixed control ................................................................... 205
Changing the user control level ..................................................... 205
Configuring user interface settings ................................................ 208
Collecting user information .......................................................... 211
Password-protecting the client ..................................................... 212
Chapter 12 Managing remote clients ................................................. 213
Managing remote clients ............................................................. 213
Managing locations for remote clients ............................................ 215
Enabling location awareness for a client ......................................... 217
Adding a location to a group ......................................................... 218
Changing a default location .......................................................... 219
Deleting a group's location ........................................................... 220
Setting up Scenario One location awareness conditions ..................... 221
Setting up Scenario Two location awareness conditions ..................... 223
Configuring communication settings for a location ........................... 225
About strengthening your security policies for remote clients ............ 226
Best practices for Firewall policy settings ................................. 227
About best practices for LiveUpdate policy settings .................... 228
About turning on notifications for remote clients ............................. 228
Customizing log management settings for remote clients .................. 229
Managing load balancing and roaming for remote clients .................. 229
About monitoring remote clients ................................................... 230
Chapter 13 Using policies to manage security ................................. 231
The types of security policies ........................................................ 232
Performing tasks that are common to all security policies .................. 234
About shared and non-shared policies ............................................ 236
Adding a policy .......................................................................... 237
Copying and pasting a policy on the Policies page ............................. 238
Copying and pasting a policy on the Clients page .............................. 239
12. 12 Contents
Editing a policy .......................................................................... 240
Locking and unlocking policy settings ............................................ 241
Assigning a policy to a group ........................................................ 241
Testing a security policy .............................................................. 243
Replacing a policy ....................................................................... 243
Exporting and importing policies .................................................. 244
Converting a shared policy to a non-shared policy ........................... 246
Withdrawing a policy .................................................................. 246
Deleting a policy permanently ...................................................... 248
How the client computers get policy updates ................................... 249
Configuring push mode or pull mode to update client policies and
content ............................................................................... 250
Using the policy serial number to check client-server
communication .................................................................... 251
Monitoring the applications and services that run on client
computers ........................................................................... 252
Configuring the management server to collect information about the
applications that the client computers run ................................ 254
Searching for information about the applications that the computers
run .................................................................................... 255
Saving the results of an application search ...................................... 257
Chapter 14 Managing Virus and Spyware Protection ..................... 259
Preventing and handling virus and spyware attacks on client
computers ........................................................................... 260
Remediating risks on the computers in your network ........................ 263
Identifying the infected and at-risk computers ........................... 265
Checking the scan action and rescanning the identified
computers ..................................................................... 266
Managing scans on client computers .............................................. 267
About the types of scans and real-time protection ...................... 270
About the types of Auto-Protect .............................................. 273
About virus and security risks ................................................. 275
About the files and folders that Symantec Endpoint Protection
excludes from virus and spyware scans .............................. 277
About submitting information about detections to Symantec
Security Response .......................................................... 282
About submissions throttling ................................................. 283
About the default Virus and Spyware Protection policy scan
settings ........................................................................ 284
How Symantec Endpoint Protection handles detections of viruses
and security risks ........................................................... 287
13. Contents 13
Setting up scheduled scans that run on Windows computers .............. 288
Setting up scheduled scans that run on Mac computers ..................... 290
Running on-demand scans on client computers ............................... 291
Adjusting scans to improve computer performance .......................... 292
Adjusting scans to increase protection on your client computers ......... 295
Managing Download Insight detections .......................................... 298
How Symantec Endpoint Protection uses reputation data to make
decisions about files .............................................................. 302
How Symantec Endpoint Protection protection features work
together .............................................................................. 303
Enabling or disabling client submissions to Symantec Security
Response ............................................................................ 305
Specifying a proxy server for client submissions and other external
communications ................................................................... 307
Managing the Quarantine ............................................................ 308
Specifying a local Quarantine folder ........................................ 310
Specify when quarantined files are automatically deleted ............ 311
Configuring clients to submit quarantined items to a Central
Quarantine Server or Symantec Security Response ............... 311
Configuring how the Quarantine handles the rescanning of files
after new definitions arrive .............................................. 312
Using the Risk log to delete quarantined files on your client
computers ..................................................................... 313
Managing the virus and spyware notifications that appear on client
computers ........................................................................... 313
Chapter 15 Customizing scans ............................................................ 317
Customizing the virus and spyware scans that run on Windows
computers ........................................................................... 318
Customizing the virus and spyware scans that run on Mac
computers ........................................................................... 319
Customizing Auto-Protect for Windows clients ................................ 320
Customizing Auto-Protect for Mac clients ....................................... 322
Customizing Auto-Protect for email scans on Windows
computers ........................................................................... 323
Customizing administrator-defined scans for clients that run on
Windows computers ............................................................. 324
Customizing administrator-defined scans for clients that run on Mac
computers ........................................................................... 325
Randomizing scans to improve computer performance in virtualized
environments ...................................................................... 326
Modifying global scan settings for Windows clients .......................... 327
14. 14 Contents
Modifying miscellaneous settings for Virus and Spyware Protection
on Windows computers ......................................................... 328
Customizing Download Insight settings .......................................... 330
Changing the action that Symantec Endpoint Protection takes when
it makes a detection .............................................................. 331
Allowing users to view scan progress and interact with scans ............. 333
How Symantec Endpoint Protection interacts with Windows Security
Center ................................................................................ 335
Managing Symantec Endpoint Protection in virtual
environments ...................................................................... 337
Configuring your clients to communicate with Shared Insight
Cache ........................................................................... 338
Using the Virtual Image Exception tool on a base image .............. 340
Bypassing the scanning of base image files ................................ 341
Chapter 16 Managing SONAR .............................................................. 343
About SONAR ............................................................................ 343
About the files and applications that SONAR detects ......................... 344
Managing SONAR ....................................................................... 345
Handling and preventing SONAR false positive detections ................. 348
Adjusting SONAR settings on your client computers ......................... 350
Monitoring SONAR detection results to check for false positives ......... 351
Managing TruScan proactive threat scans for legacy clients ............... 353
About adjusting TruScan settings for legacy clients .................... 354
Configuring TruScan proactive threat scan settings for legacy
clients .......................................................................... 356
Chapter 17 Managing Tamper Protection ......................................... 359
About Tamper Protection ............................................................. 359
Changing Tamper Protection settings ............................................ 360
Chapter 18 Managing firewall protection .......................................... 363
Managing firewall protection ........................................................ 363
How a firewall works ............................................................. 365
About the Symantec Endpoint Protection firewall ...................... 365
Creating a firewall policy ............................................................. 366
Enabling and disabling a firewall policy .................................... 370
Automatically allowing communications for essential network
services ........................................................................ 370
Configuring firewall settings for mixed control .......................... 371
15. Contents 15
Automatically blocking connections to an attacking
computer ...................................................................... 372
Detecting potential attacks and spoofing attempts ..................... 373
Preventing stealth detection ................................................... 374
Disabling the Windows firewall ............................................... 375
Configuring peer-to-peer authentication ................................... 376
About firewall rules .................................................................... 378
About firewall server rules and client rules ............................... 379
About the firewall rule, firewall setting, and intrusion prevention
processing order ............................................................ 380
About inherited firewall rules ................................................. 381
Changing the order of firewall rules ......................................... 383
How the firewall uses stateful inspection .................................. 384
About firewall rule application triggers .................................... 384
About firewall rule host triggers .............................................. 389
About firewall rule network services triggers ............................. 392
About firewall rule network adapter triggers ............................. 394
Setting up firewall rules .............................................................. 396
Adding a new firewall rule ...................................................... 396
Importing and exporting firewall rules ..................................... 398
Copying and pasting firewall rules ........................................... 399
Customizing firewall rules ..................................................... 399
Chapter 19 Managing intrusion prevention ...................................... 409
Managing intrusion prevention on your client computers .................. 409
How intrusion prevention works ................................................... 413
About Symantec IPS signatures ..................................................... 413
About custom IPS signatures ........................................................ 414
Enabling or disabling network intrusion prevention or browser
intrusion prevention ............................................................. 415
Creating exceptions for IPS signatures ........................................... 415
Setting up a list of excluded computers ........................................... 417
Configuring client intrusion prevention notifications ........................ 418
Managing custom intrusion prevention signatures ........................... 419
Creating a custom IPS library ................................................. 421
Adding signatures to a custom IPS library ................................. 421
Assigning multiple custom IPS libraries to a group ..................... 423
Changing the order of custom IPS signatures ............................. 423
Copying and pasting custom IPS signatures ............................... 424
Defining variables for custom IPS signatures ............................. 424
Testing custom IPS signatures ................................................ 425
16. 16 Contents
Chapter 20 Managing application and device control .................... 427
About application and device control ............................................. 427
About Application and Device Control policies ................................. 429
About the structure of an Application and Device Control policy ......... 429
Setting up application and device control ........................................ 430
Enabling a default application control rule set ................................. 432
Creating custom application control rules ....................................... 433
About best practices for creating application control rules ........... 435
Typical application control rules ............................................. 437
Creating a custom rule set and adding rules ............................... 440
Copying application rule sets or rules between Application and
Device Control policies .................................................... 441
Applying a rule to specific applications and excluding
applications from a rule ................................................... 442
Adding conditions and actions to a custom application control
rule .............................................................................. 444
Testing application control rule sets ........................................ 445
Configuring system lockdown ....................................................... 446
Managing file fingerprint lists ................................................ 448
Running system lockdown in test mode .................................... 453
Enabling system lockdown to block unapproved
applications .................................................................. 455
Testing and removing items from system lockdown .................... 456
Managing device control .............................................................. 456
About the hardware devices list .............................................. 457
Obtaining a class ID or device ID ............................................. 458
Adding a hardware device to the Hardware Devices list ............... 459
Configuring device control ..................................................... 460
Chapter 21 Managing exceptions ........................................................ 461
About exceptions to Symantec Endpoint Protection .......................... 461
Managing exceptions for Symantec Endpoint Protection ................... 462
Creating exceptions for Symantec Endpoint Protection ..................... 464
Excluding a file or a folder from scans ...................................... 468
Excluding known risks from virus and spyware scans .................. 469
Excluding file extensions from virus and spyware scans .............. 470
Forcing scans to detect an application ...................................... 470
Specifying how Symantec Endpoint Protection handles an
application that scans detect or that users download ............. 471
Excluding a trusted Web domain from scans .............................. 472
Excluding applications from application control ........................ 472
Creating a Tamper Protection exception ................................... 473
17. Contents 17
Restricting the types of exceptions that users can configure on client
computers ........................................................................... 473
Creating exceptions from log events in Symantec Endpoint Protection
Manager ............................................................................. 474
Chapter 22 Configuring updates and updating client computer
protection ...................................................................... 477
Managing content updates ........................................................... 478
About the types of content that LiveUpdate can provide .............. 481
How client computers receive content updates ........................... 485
Configuring a site to download content updates ............................... 491
Configuring the LiveUpdate download schedule for Symantec
Endpoint Protection Manager ................................................. 495
Downloading LiveUpdate content manually to Symantec Endpoint
Protection Manager .............................................................. 495
Checking LiveUpdate server activity .............................................. 496
Configuring Symantec Endpoint Protection Manager to connect to a
proxy server to access the Internet .......................................... 496
Specifying a proxy server that clients use to communicate to
Symantec LiveUpdate or an internal LiveUpdate server ............... 497
Enabling and disabling LiveUpdate scheduling for client
computers ........................................................................... 498
Configuring the types of content used to update client
computers ........................................................................... 499
Configuring the LiveUpdate download schedule for client
computers ........................................................................... 500
Configuring the amount of control that users have over
LiveUpdate .......................................................................... 501
Controlling the content revisions that clients use ............................. 502
Configuring the disk space that is used for LiveUpdate
downloads ........................................................................... 502
About randomization of simultaneous content downloads ................. 504
Randomizing content downloads from the default management server
or a Group Update Provider .................................................... 505
Randomizing content downloads from a LiveUpdate server ................ 505
Configuring client updates to run when client computers are
idle .................................................................................... 506
Configuring client updates to run when definitions are old or the
computer has been disconnected ............................................. 507
Configuring Group Update Providers to distribute content ................ 508
About the types of Group Update Providers ............................... 510
18. 18 Contents
About Group Update Providers and legacy software
releases ........................................................................ 512
About configuring rules for multiple Group Update
Providers ...................................................................... 513
Configuring a Group Update Provider ...................................... 514
Searching for the clients that act as Group Update
Providers ...................................................................... 516
Setting up an external LiveUpdate server ........................................ 517
Setting up an internal LiveUpdate server ........................................ 518
Using Intelligent Updater files to update client virus and security
risk definitions .................................................................... 521
Using third-party distribution tools to update client computers .......... 522
Configuring a LiveUpdate Settings policy to allow third-party
content distribution to managed clients .............................. 523
Preparing unmanaged clients to receive updates from third-party
distribution tools ............................................................ 524
Distributing the content using third-party distribution
tools ............................................................................ 526
Chapter 23 Monitoring protection with reports and logs ............... 531
Monitoring endpoint protection .................................................... 531
Viewing a daily or weekly status report .................................... 535
Viewing system protection ..................................................... 535
Finding offline computers ...................................................... 536
Finding unscanned computers ................................................ 536
Viewing risks ....................................................................... 537
Viewing client inventory ........................................................ 538
Viewing attack targets and sources .......................................... 538
Configuring reporting preferences ................................................. 539
Logging on to reporting from a stand-alone Web browser .................. 540
About the types of reports ............................................................ 541
Running and customizing quick reports ......................................... 544
Saving and deleting custom reports ............................................... 545
Creating scheduled reports ........................................................... 547
Editing the filter used for a scheduled report ................................... 548
Printing and saving a copy of a report ............................................ 549
Viewing logs .............................................................................. 550
About logs ........................................................................... 551
Saving and deleting custom logs by using filters ......................... 554
Viewing logs from other sites ................................................. 555
Running commands on the client computer from the logs .................. 556
19. Contents 19
Chapter 24 Managing notifications .................................................... 559
Managing notifications ................................................................ 559
How notifications work ......................................................... 560
About the preconfigured notifications ...................................... 561
About partner notifications .................................................... 565
Establishing communication between the management server and
email servers ....................................................................... 565
Viewing and acknowledging notifications ....................................... 566
Saving and deleting administrative notification filters ...................... 567
Setting up administrator notifications ............................................ 568
How upgrades from another version affect notification
conditions ........................................................................... 569
Chapter 25 Managing domains ............................................................ 573
About domains ........................................................................... 573
Adding a domain ........................................................................ 575
Adding a domain logon banner ................................................ 575
Setting the current domain .......................................................... 576
Chapter 26 Managing administrator accounts ................................. 579
Managing domains and administrator accounts ............................... 580
About administrators .................................................................. 581
Adding an administrator account .................................................. 584
About access rights ..................................................................... 585
Configuring the access rights for a domain administrator .................. 586
Configuring the access rights for a limited administrator ................... 587
Changing an administrator's type .................................................. 588
Setting up authentication for administrator accounts ....................... 588
Configuring the management server to authenticate administrators
who use RSA SecurID to log on ................................................ 589
Authenticating administrators who use RSA SecurID to log on to the
management server .............................................................. 590
Specifying SecurID Authentication for a Symantec Endpoint
Protection Manager administrator ........................................... 591
Changing an administrator password ............................................. 591
Allowing administrators to save logon credentials ............................ 592
Allowing administrators to reset forgotten passwords ....................... 593
Resetting a forgotten password ..................................................... 594
Resetting the administrator user name and password to admin ........... 595
Locking an administrator's account after too many logon
attempts ............................................................................. 595
20. 20 Contents
Section 3 Maintaining your security
environment ............................................................ 597
Chapter 27 Managing servers .............................................................. 599
Managing servers ....................................................................... 599
About the types of Symantec Endpoint Protection servers .................. 602
Managing the connection between the management server and the
client computers .................................................................. 602
Improving client and server performance ....................................... 604
Exporting and importing server settings ......................................... 606
About server certificate types ....................................................... 607
Updating a server certificate ........................................................ 608
Upgrading server security certificates without orphaning
clients ................................................................................ 609
Configuring secure communications to prevent clients from
being orphaned .............................................................. 610
Backing up a server certificate ...................................................... 611
Configuring SSL between Symantec Endpoint Protection Manager
and the clients ..................................................................... 611
Verifying port availability ...................................................... 612
Changing the SSL port assignment .......................................... 612
Enabling SSL communication between the management server
and the client ................................................................. 613
Granting or denying access to remote Symantec Endpoint Protection
Manager consoles ................................................................. 614
Chapter 28 Managing directory servers ............................................. 617
About organizational units and the LDAP server .............................. 617
About synchronizing organizational units ...................................... 618
About importing user and computer account information from an
LDAP directory server ........................................................... 618
Synchronizing user accounts between directory servers and Symantec
Endpoint Protection Manager ................................................. 619
Searching for users on an LDAP directory server .............................. 620
Importing users from an LDAP directory server search results
list ..................................................................................... 622
Importing organizational units from an Active Directory or LDAP
server ................................................................................. 623
Adding directory servers .............................................................. 623
21. Contents 21
Chapter 29 Managing databases ......................................................... 625
Maintaining the database ............................................................. 625
Scheduling automatic database backups ......................................... 629
Scheduling automatic database maintenance tasks ........................... 630
Increasing the Microsoft SQL Server database file size ................ 631
Exporting data to a Syslog server .................................................. 632
Exporting log data to a text file ..................................................... 633
Exporting log data to a comma-delimited text file ............................. 635
Specifying client log size and which logs to upload to the management
server ................................................................................. 635
Specifying how long to keep log entries in the database ..................... 636
About increasing the space by adjusting the amount of client log
data ................................................................................... 637
Clearing log data from the database manually .................................. 638
Chapter 30 Managing failover and load balancing .......................... 641
Setting up failover and load balancing ............................................ 641
About failover and load balancing .................................................. 642
Configuring a management server list ............................................ 644
Assigning a management server list to a group and location ............... 645
Chapter 31 Preparing for disaster recovery ...................................... 647
Preparing for disaster recovery ..................................................... 647
Backing up the database and logs .................................................. 648
Section 4 Managing network compliance with
Symantec Network Access Control ........... 651
Chapter 32 Introducing Symantec Network Access Control .......... 653
About Symantec Network Access Control ........................................ 653
About the types of enforcement in Symantec Network Access
Control ............................................................................... 654
How Symantec Network Access Control works ................................. 655
How self enforcement works ......................................................... 657
How the Symantec Network Access Control Enforcer appliances work
with Host Integrity policies .................................................... 659
Communication between an Enforcer appliance and a Symantec
Endpoint Protection Manager ........................................... 659
Communication between the Enforcer appliance and
clients .......................................................................... 660
22. 22 Contents
How the Gateway Enforcer appliance works .................................... 661
How the LAN Enforcer appliance works .......................................... 662
How an Integrated Enforcer for Microsoft DHCP Servers works .......... 664
How an Integrated Enforcer for Microsoft Network Access Protection
works with a Microsoft Network Policy Server (NPS) ................... 665
How the On-Demand Client works ................................................. 666
Chapter 33 Working with Symantec Network Access
Control ........................................................................... 667
What you can do with Symantec Enforcer appliances ........................ 667
What you can do with Symantec Integrated Enforcers ....................... 668
What you can do with On-Demand Clients ....................................... 669
Deploying Symantec Network Access Control .................................. 670
Chapter 34 Configuring Host Integrity ............................................... 673
What you can do with Host Integrity policies ................................... 674
About working with Host Integrity policies ..................................... 674
About the Quarantine policy ................................................... 674
Creating and testing a Host Integrity policy ..................................... 675
About Host Integrity requirements ................................................ 678
Adding Host Integrity requirements .............................................. 680
Configuring Host Integrity for the Mac ........................................... 681
Enabling, disabling, and deleting Host Integrity requirements ............ 682
Changing the sequence of Host Integrity requirements ..................... 682
Adding a Host Integrity requirement from a template ....................... 683
About settings for Host Integrity checks ......................................... 684
Allowing the Host Integrity check to pass if a requirement fails .......... 685
Configuring notifications for Host Integrity checks .......................... 686
About Host Integrity remediation .................................................. 687
About remediating applications and files for Host Integrity .......... 687
Host Integrity remediation and Enforcer settings ....................... 688
Specifying the amount of time the client waits to remediate ............... 688
Allowing users to postpone or cancel Host Integrity remediation ........ 689
Chapter 35 Adding custom requirements ......................................... 691
About custom requirements ......................................................... 692
About conditions ........................................................................ 692
About antivirus conditions ..................................................... 693
About antispyware conditions ................................................. 693
About firewall conditions ....................................................... 694
About file conditions ............................................................. 694
23. Contents 23
About operating system conditions .......................................... 696
About registry conditions ...................................................... 697
About functions ......................................................................... 698
About custom requirement logic ................................................... 699
About the RETURN statement ................................................ 700
About the IF, THEN, and ENDIF statement ................................ 700
About the ELSE statement ...................................................... 700
About the NOT keyword ........................................................ 700
About AND, OR keywords ...................................................... 701
Writing a custom requirement script ............................................. 701
Adding an IF THEN statement ................................................ 703
Switching between the IF statement and the IF NOT
statement ..................................................................... 703
Adding an ELSE statement ..................................................... 703
Adding a comment ................................................................ 704
Copying and pasting IF statements, conditions, functions, and
comments ..................................................................... 704
Deleting a statement, condition, or function .............................. 704
Displaying a message dialog box .................................................... 705
Downloading a file ...................................................................... 706
Setting a registry value ................................................................ 706
Incrementing a registry DWORD value ........................................... 707
Running a program ..................................................................... 708
Running a script ......................................................................... 709
Setting the timestamp of a file ...................................................... 710
Specifying a wait time for the custom requirement script .................. 711
Chapter 36 Introducing the Symantec Network Access Control
Enforcer appliances .................................................... 713
About the Symantec Network Access Control Enforcer
appliances ........................................................................... 713
Support for third-party enforcement solutions ................................ 714
Chapter 37 Installing all types of Enforcer appliances ................... 715
About installing an Enforcer appliance ........................................... 715
Installing an Enforcer appliance .................................................... 716
About the Enforcer appliance indicators and controls ....................... 716
Setting up an Enforcer appliance ................................................... 718
Logging on to an Enforcer appliance .............................................. 719
Configuring an Enforcer appliance ................................................ 720
24. 24 Contents
Chapter 38 Upgrading and reimaging all types of Enforcer
appliance images ......................................................... 723
About upgrading and reimaging Enforcer appliance images ............... 723
Enforcer hardware compatibility matrix ......................................... 724
Determining the current version of an Enforcer appliance
image ................................................................................. 725
Upgrading the Enforcer appliance image ........................................ 725
Reimaging an Enforcer appliance image ......................................... 726
Chapter 39 Performing basic tasks on the console of all types
of Enforcer appliances ................................................ 727
About performing basic tasks on the console of an Enforcer
appliance ............................................................................ 727
Configuring a connection between an Enforcer appliance and a
Symantec Endpoint Protection Manager ................................... 728
Configuring SPM .................................................................. 729
Checking the communication status of an Enforcer appliance on the
Enforcer console .................................................................. 731
Remote access to an Enforcer appliance .......................................... 731
Chapter 40 Planning for the installation of the Gateway
Enforcer appliance ...................................................... 733
Installation planning for a Gateway Enforcer appliance ..................... 733
Where to place a Gateway Enforcer appliance ............................ 735
Guidelines for IP addresses on a Gateway Enforcer
appliance ...................................................................... 737
About two Gateway Enforcer appliances in a series ..................... 737
Protection of VPN access through a Gateway Enforcer
appliance ...................................................................... 738
Protection of wireless access points through a Gateway Enforcer
appliance ...................................................................... 738
Protection of servers through a Gateway Enforcer
appliance ...................................................................... 738
Protection of non-Windows servers and clients through a
Gateway Enforcer appliance ............................................. 739
Requirements for allowing non-Windows clients without
authentication ............................................................... 740
Gateway Enforcer appliance NIC settings ........................................ 741
Failover planning for Gateway Enforcer appliances .......................... 742
How failover works with Gateway Enforcer appliances in the
network ........................................................................ 742
25. Contents 25
Where to place Gateway Enforcer appliances for failover in a
network with one or more VLANs ...................................... 743
Setting up Gateway Enforcer appliances for failover ................... 745
Fail-open and fail-closed planning for a Gateway Enforcer
appliance ............................................................................ 745
Chapter 41 Configuring the Symantec Gateway Enforcer
appliance from the Symantec Endpoint
Protection Manager .................................................... 747
About configuring the Symantec Gateway Enforcer appliance on the
Symantec Endpoint Protection Manager Console ........................ 748
Changing Gateway Enforcer appliance configuration settings in
Symantec Endpoint Protection Manager ................................... 748
About general settings on a Gateway appliance ................................ 751
Adding or editing the description of a Gateway Enforcer appliance
group ........................................................................... 751
Adding or editing the description of a Gateway Enforcer
appliance ...................................................................... 752
Adding or editing the IP address or host name of a Gateway
Enforcer appliance ......................................................... 752
Establishing communication between a Gateway Enforcer
appliance and a Symantec Endpoint Protection Manager
through a management server list and the conf.properties
file ............................................................................... 753
About authentication settings on a Gateway appliance ...................... 754
Authentication settings on a Gateway appliance ........................ 754
About authentication sessions on a Gateway Enforcer
appliance ...................................................................... 758
About client authentication on a Gateway Enforcer
appliance ...................................................................... 758
Specifying the maximum number of challenge packets during
an authentication session ................................................ 759
Specifying the frequency of challenge packets to be sent to
clients .......................................................................... 760
Specifying the time period for which a client is blocked after it
fails authentication ......................................................... 761
Specifying the time period for which a client is allowed to retain
its network connection without reauthentication ................. 762
Allowing all clients with continued logging of non-authenticated
clients .......................................................................... 762
Allowing non-Windows clients to connect to a network without
authentication ............................................................... 763
26. 26 Contents
Checking the policy serial number on a client ............................ 764
Sending a message from a Gateway Enforcer appliance to a client
about non-compliance ..................................................... 765
Redirecting HTTP requests to a Web page ................................. 767
Authentication range settings ....................................................... 768
Client IP address ranges compared to trusted external IP
addresses ...................................................................... 768
When to use client IP address ranges ....................................... 769
About trusted IP addresses ..................................................... 770
Adding client IP address ranges to the list of addresses that
require authentication .................................................... 772
Editing client IP address ranges on the list of addresses that
require authentication .................................................... 773
Removing client IP address ranges from the list of addresses that
require authentication .................................................... 773
Adding a trusted internal IP address for clients on a management
server ........................................................................... 774
Specifying trusted external IP addresses ................................... 775
Editing trusted internal or external IP address ........................... 776
Removing a trusted internal or trusted external IP address .......... 776
IP address range checking order .............................................. 777
About advanced Gateway Enforcer appliance settings ....................... 778
Specifying packet types and protocols ...................................... 778
Allowing a legacy client to connect to the network with a Gateway
Enforcer appliance ......................................................... 780
Enabling local authentication on a Gateway Enforcer
appliance ...................................................................... 780
Enabling system time updates for the Gateway Enforcer appliance
using the Network Time Protocol ...................................... 781
Using the Gateway Enforcer appliance as a Web server ............... 781
Using the Gateway Enforcer as a DNS spoofing server ................ 782
Chapter 42 Installation planning for the LAN Enforcer
appliance ....................................................................... 785
Planning for the installation of a LAN Enforcer appliance .................. 785
Where to place LAN Enforcer appliances .................................. 786
Failover planning for LAN Enforcer appliances ................................ 789
Where to place LAN Enforcer appliances for failover in a
network ........................................................................ 789
27. Contents 27
Chapter 43 Configuring the LAN Enforcer appliance on the
Symantec Endpoint Protection Manager ................ 791
About configuring the Symantec LAN Enforcer on the Symantec
Endpoint Protection Manager Console ...................................... 792
About configuring RADIUS servers on a LAN Enforcer
appliance ............................................................................ 792
About configuring 802.1x wireless access points on a LAN Enforcer
appliance ............................................................................ 793
Changing LAN Enforcer configuration settings in Symantec Endpoint
Protection Manager .............................................................. 794
Using general settings ................................................................. 796
Adding or editing the name of a LAN Enforcer appliance group
with a LAN Enforcer ........................................................ 797
Specifying a listening port for communication between a VLAN
switch and a LAN Enforcer ............................................... 797
Adding or editing the description of an Enforcer group with a
LAN Enforcer ................................................................. 798
Adding or editing the IP address or host name of a LAN
Enforcer ....................................................................... 798
Adding or editing the description of a LAN Enforcer ................... 798
Connecting the LAN Enforcer to a Symantec Endpoint Protection
Manager ....................................................................... 799
Using RADIUS server group settings .............................................. 800
Adding a RADIUS server group name and RADIUS server ............ 800
Editing the name of a RADIUS server group .............................. 802
Editing the friendly name of a RADIUS server ........................... 803
Editing the host name or IP address of a RADIUS server .............. 804
Editing the authentication port number of a RADIUS server ......... 804
Editing the shared secret of a RADIUS server ............................ 805
Enabling support for Windows Network Policy Server (NPS) on
the LAN Enforcer ........................................................... 806
Deleting the name of a RADIUS server group ............................. 806
Deleting a RADIUS server ...................................................... 807
Using switch settings .................................................................. 807
Switch settings .................................................................... 808
About the support for attributes of switch models ...................... 809
Adding an 802.1x switch policy for a LAN Enforcer appliance
with a wizard ................................................................. 811
Editing basic information about the switch policy and
802.1x-aware switch ....................................................... 819
Editing information about the 802.1x-aware switch .................... 824
Editing VLAN information for the switch policy ......................... 825
28. 28 Contents
Editing action information for the switch policy ......................... 828
Using advanced LAN Enforcer appliance settings ............................. 832
Allowing a legacy client to connect to the network with a LAN
Enforcer appliance ......................................................... 833
Enabling local authentication on the LAN Enforcer
appliance ...................................................................... 833
Enabling system time updates for the Enforcer appliance using
the Network Time Protocol ............................................... 834
Configuring MAC addresses and MAC authentication bypass (MAB)
on the LAN Enforcer ............................................................. 834
Using 802.1x authentication ......................................................... 835
About reauthentication on the client computer .......................... 838
Chapter 44 Managing Enforcers on the Symantec Endpoint
Protection Manager .................................................... 841
About managing Enforcers on the management server console ........... 842
About managing Enforcers from the Servers page ............................ 842
About Enforcer groups ................................................................ 843
How the console determines the Enforcer group name ................ 843
About failover Enforcer groups ............................................... 843
About changing a group name ................................................ 844
About creating a new Enforcer group ....................................... 844
About the Enforcer information that appears on the Enforcer
console ............................................................................... 844
Displaying information about the Enforcer on the management
console ............................................................................... 845
Changing an Enforcer’s name and description ................................. 846
Deleting an Enforcer or an Enforcer group ...................................... 846
Exporting and importing Enforcer group settings ............................. 847
Pop-up messages for blocked clients .............................................. 848
Messages for the computers that are running the client ............... 848
Messages for Windows computers that are not running the client
(Gateway Enforcer only) .................................................. 848
Setting up the Enforcer messages ............................................ 849
About client settings and the Enforcer ............................................ 850
Configuring clients to use a password to stop the client service ........... 850
About Enforcer reports and logs .................................................... 850
Configuring Enforcer log settings .................................................. 851
Disabling Enforcer logging on the Symantec Endpoint Protection
Manager Console ............................................................ 853
Enabling the sending of Enforcer logs from an Enforcer to the
Symantec Endpoint Protection Manager ............................. 853