The secret to optimizing Symantec Endpoint Protection

In this post I identify helpful links and tips from Symantec experts and reveal how to get a fast expert-led analysis of Symantec Endpoint Protection for free – before you switch.

So you manage Symantec Endpoint Protection?

Scan the headers below for best practices in all areas of SEP and lots of links to helpful guides, as well as a way to get a free analysis of your SEP environment at the bottom using Symantec’s Best Kept Secret.

Symantec Endpoint Protection Installation planning

Installation is a big topic, so I encourage you to read Symantec’s Top 10 SEP installation best practices. The article covers things like ensuring all SEP clients and SEPMS are running the latest maintenance release, using the Group Update Provider (GUP) for content distribution, and how to ensure out-of-date SEP clients to still get incremental updates. It even explains the best way to use a MS-SQL database for large environments.

Symantec Endpoint Protection Upgrade planning

According to Symantec, an upgrade to version 12.1.5 will take much longer than you expect (sorry). It’s slow because the upgrade process converts all existing content to an optimized storage format, so plan for an extended upgrade time. Make sure you review the benefits of upgrading to the latest version of SEP 12.1.x, and check out Symantec’s Help diagnostic tool to determine if your system meets the minimum requirements.

Symantec Endpoint Protection Administration

There are a lot of moving parts to admin work, so here is a list of Symantec’s guides to content revision configuration, server certificate updates, GPO, testing authentication, central deployment, LiveUpdate, and clients with both SEP and Data Loss Prevention:

Symantec Endpoint Protection Policy Configuration

If your users do not use a VPN, you should change the LiveUpdate policy setting to use the default Symantec LiveUpdate server – this allows remote clients to update any time they connect to the Internet. Also, tune the scheduling frequency down to one hour. For all other locations, make sure you use the SEP Manager to distribute product software and content updates. The SEP manager updates are incremental, and smaller than the ones downloaded from the LiveUpdate server.

To dive deeper into SEP policy configuration, have a look at these articles on application control rules, location awareness, Group Update Provider and even best practices for QuickBooks.

Symantec Endpoint Protection Firewall and intrusion prevention

Have you enabled Intrusion Prevention (IPS)? Unlike antivirus, IPS scans network traffic and identifies methods used to break malicious files into your network. You can add IPS using the Endpoint Protection Manager under add/remove programs and full Symantec IPS instructions are available here.

As for firewall, in version 12.1 and later firewall is a separate function that does not need to be installed for IPS to function, however, for version 11 you must have the firewall running for IPS to work. To run IPS and not firewall, you must withdraw the firewall policy to ensure IPS is protecting your network without forcing the use of the client firewall. View best practices on Symantec SEP firewall settings here.

Symantec Endpoint Protection Security

There are twelve best practices for security you should consider with SEP, I will list the top three here and link to the rest.

  1. The firewall should block incoming connections from the Internet to private services.
  2. Enforce a complex passwords policy.
  3. Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task.

Get nine more best practices like disabling and blocking service access, configuring email server to remove attachments and isolating compromised computers here: SEP top twelve security best practices.

Symantec Endpoint Protection Threat Remediation

There is a virus on your network, you need to collect logs on an infected computer, or respond to a virus in the history log. In some cases, you might need to remove a safe file from detection or remove a w32.Downadup or remediate a W32.Qaknot infected network. Here is a great list of best practices for all of the above.

Symantec Endpoint Protection Virtualization

Using Symantec on a Windows Azure, Amazon WorkSpaces and other virtual endpoint?  For Symantec 12.1, you want to isolate VDI client groups from policy changes to allow scheduled scans defined on different days or off hours. Update virus definitions using the LiveUpdate policy which will randomize client to SEP Manager communications and optimize I/O loads when they’re not updating simultaneously. Scan randomization does this too with minimal security impact

For more best practices like disabling ‘Run an Active Scan’ when new viruses arrive, configuring Shared Insight Cache, and how to exclude base images using the Virtual Image Exception tool and more, view best practices for SEP and virtualization here.

Automate a check of common SEP issues

The above information is just a slice of the best practices offered by Symantec on how to get the most from Symantec Endpoint Protection. With such a vast library to study, simply reviewing all of these documents and implementing changes will present a whole new set of challenges to each unique environment let alone the Symantec Endpoint Protection known issues.

Symantec’s Best Kept Secret: The (free) Symantec SEP Analyzer

Powered by an automated data collection process, it generates a report that provides baseline evaluation of your security posture. Use this report to gain visibility into the most important tasks to complete that will immediately improve your security posture and performance – free

A few key metrics include:

  • Versioning – Are you running the latest version, or do vulnerabilities exist in the deployed version?
  • Component Deployment – Which protection capabilities are deployed?
  • Manager Performance – Is content stored correctly to ensure optimal definition distribution?

Click here to download a sample report.

The data collection process takes about 15 minutes (or less) from start to finish and is completed by a Symantec engineer and Softchoice’s own dedicated Symantec expert, who will give you their recommendations.

Sign up for a free SEP Analyzer now and see if you qualify.

Related Posts

About Emily A. Davidson

Emily is the Content Marketing Lead for servers, storage, networking, security and enterprise software at Softchoice. She blends her background in creative writing and B2B marketing with an insatiable curiosity about the potential of social and virtualized business.