Need of Endpoint Protection :-
Endpoint protection is always required, regardless of the type of system one works on, be it a physical or a virtual one. It is a software solution developed to secure servers, desktop, laptops and virtual environments against a wide range of threats.
Endpoint protection can monitor the prevalence and security rating of almost any known app on the Internet, so users can rest assured that the programs they are installing are completely safe. J
What is Symantec Endpoint Protection?
Symantec Endpoint Protection is an endpoint security solution created through a layered approach to defense. With unique, layered technology, it detects and removes more malware than any other product in its class1. Derived from Symantec’s global intelligence network, our unique Insight and SONAR technologies enable faster scan, more accurate detection, and higher performance while utilizing fewer resources. With single management console, Symantec Endpoint Protection provides advance protection across multiple platforms both physical and virtual.
With Symantec Endpoint Protection Manager we are able to:-
- Deploy Endpoint Clients on your Network
- Configure protection policies
- View the Company’s Security Status
Download and Buy Now , Login to open the SEPM program and enter your credentials .
After login into SEPM server, you have the Dashboard. It will give you complete information about Security status, Endpoint status, License status and virus and risk activity summary information.
Find out Computer status logs :-
To find out log information, click on the Monitors option, Click on the Logs tab and select the Log type ( Audit , Compliance, Appliance and device control etc.. ) and also select the Time range option to create the logs.
Who did what and When on SEPM :-
SEPM comes with a really nice feature named command status named “Command status” , which will give you information about Who did what and When on SEPM. It will give you information about Date issued, Issued by, command , Description, Completion status and Source IP address information.
Securing Virtual Appliance :-
SEPM comes with really nice feature to protect virtual appliance like Citrix application and Vmware appliance.
In the Security virtual appliance tab, it will give you information about it.
Report is always important for any security software’s, SEPM also comes with a reporting about different risk categories like Audit, Application and device control, compliance, computer status , Network threat protection etc.. here you have also option to scheduled reports.
Policies are always important for any AV-Products. SEPM comes with default three Virus and Spyware Protection policies.
- Balanced: – Recommended policy for most environments.
- High Security: – High security policy that may affect the performance of other applications.
- High Performance: – High performance policy, but with reduced security.
But SEPM is also providing the features of creating custom Virus and Spyware protection policies.
To view what a particular policy is, double click on the policy or select the policy and click on the edit policy. In Administrator-defined scans you have information about daily scheduled scan information. Here you have option to add or edit scheduled scan.
SEPM comes with Auto-protect feature, which will scan all files, here you have also option to exclude particular extensions here.
In Action menu, you have the option what decision will be taken by SEPM in the case of Detection of Malware, Virus, Spyware , Dialer and Hack tool etc..
You have the option to define First action and second option in case of failed first option.
Protection based on File Reputation :-
Most of the time hackers are using the malicious files to infect computer or network. SEPM is using the technology file reputation to protect this kind of infection. Here you have option to define security level for your file reputation.
Symantec Online Network for Advanced Response (SONAR) provides real-time protection against threats and proactively detects computer security risks. By examining programs as they run, SONAR identifies emerging threats based on application behaviour, giving it the capability to locate new and previously unknown threats.
Scan for keylogger and Trojan Program :-
Keylogger is a hardware or software hacking program that is used to capture keystrokes of PC.
Troajn is RAT ( remote administration tool ) program that is used to control the remote pc.
Troajan and Keylogger is primary tool used by hackers to gain access to victim computers. SEPM comes with feature “Truescan Legacy scan” which will scan files based on True file type.
Early Launch Anti-malware Protection :-
Early Launch Anti-Malware (ELAM) is a Windows 8 security technology that evaluates non-Microsoft Windows boot time device/application drivers for malicious code. It is the first system kernel driver that starts in Windows 8 operating mode, before any third party software or driver.
SEPM also comes with a feature of Early Launch Anti-Malware (ELAM)
Assign Policy on Group :-
To assign a policy on Group, first you have to create a group in the Client tab, and right-click on the particular policy that you want to assign and select the option “Assign”
Here, you have the option to select your group.
Firewall Policy :-
SEPM comes with default firewall protection for End point.
Click on the Rules option to view what rule is default configured for your endpoint. Here you have option to configure new rule or edit rule.
Protection against Attacks :-
SEPM firewall is providing the protection against Port Scan , DOS attack , Mac-address spoofing, Stealth mode web browsing, TCP re-sequencing and OS fingerprint protection for endpoint.
Intrusion prevention Policy :-
Network intrusion prevention automatically detects and blocks network attacks. Browser intrusion prevention automatically detects and block browser attacks.
If you want to remove or add some policies, then you have the option to add or edit in the Exception menu.
Application and device control policies :-
Application control restricts what an application is permitted to do and which system resources it can use. Application control has many purpose, including preventing malware from hijacking applications, protecting confidential data from inadvertently being removed from your company, and restricting which applications can run.
In the Policy menu, click on the Application and device control tab, if you want to add new policy right-click on the empty area and select the Add option.
Here you have the option to enable application control policies (like Block writing to USB drives , block access to Autorun.inf etc… )
Hardware Device control Policies:-
Devices a client computer is blocked from accessing, such as USB drives, Bluetooth devices, printers and serial and parallel ports.
In device control menu in Application and device control, you have the option to add blocked device and also exclude devices from blocking.
Live update policy:-
Enable the scheduling of automatic downloads from Live update servers. The schedule settings do not control downloads from the default management server, from group update providers, or from third party content management tools.
Here we have scheduling to get update after each 4 hour.
We have option to add or create new policies in Exception tab.
You can add or edit policy in exception menu, here you have also option to take action against particular policy.
Client Exception settings:-
Client restrictions allow you to control the type of exceptions that users can add if they have administrative privileges on the computer.
In SEPM, clients tab have the option to add your servers based on location.
As you seen in below screen shoot, we have two group 1. UCC-Chennai-DR and 2. UCC-Pune-DC
In the right-pane, you have option to change general settings, External communication settings, client log settings and live update content policy settings.
In General settings, we have option to configure Restart settings for client.
In Security setting tab, we have option to put the password on:-
- Open the client user interface
- Stop the client service
- Import or export a policy
- Uninstall the client
With Communication setting, we have the option to define how client will communicate with management server. SEPM have two modes to download policy.
Push mode:- Keep the connection between clients and the management server open so that clients can download policies as soon as they are available.
Pull mode :- Clients will connect to the management server at a regular interval to check if new policies are available.
SEPM Admin Setting:-
In SEPM admin setting tab, we have option to manage Administrator, Domains, Servers, Install package and License information.
From the Administrator tab, we can create, edit or manage administrators.
In Domain tab, we have the option to rename, add or export domain.
In the server tab, we have option to Edit, delete , Manage Servers.
Replication Partner:- In the server tab, we have option to add Replication partner, Existing replication partner.
Here we DC-Pune server have replication with Chennai-DR.
Note:- Make sure you have the Auto option select in the Edit replication partner properties.
To perform manual replication, click on the Replicate now.
Client Install package:-
Client install package generally comes with a feature set of basic AV, Firewall , HIPS, Downaload package protection, POP/SMTP scanner , SONAR protection and Application and device control.
It’s depend upon your requirement, what we want to use for particular package.
To create new client install feature set, click on the “Add client Install Feature Set” and put your package name and select the option that you want to add in your package set.
Hope you like my post.Getting Started With Symantec Endpoint Protection Manager (SEPM). Please Share with others.
In my test article i am going to show you “How to Install a Endpoint protection on a Client Server/PCs”