Symantec Endpoint Protection Small Business Edition Implementation Guide

Symantec™ Endpoint

Symantec™ Endpoint Protection Small Business Edition

Implementation Guide

The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Documentation version 12.01.00.00

Legal Notice

Copyright © 2011 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, Bloodhound, Confidence Online, Digital Immune System, LiveUpdate, Norton, Sygate, and TruScan are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,

PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

Symantec Corporation 350 Ellis Street

Mountain View, CA 94043

Technical Support

Symantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates.

Symantec’s support offerings include the following:

■ A range of support options that give you the flexibility to select the right amount of service for any size organization

■ Telephone and/or Web-based support that provides rapid response and up-to-the-minute information

■ Upgrade assurance that delivers software upgrades

■ Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis

■ Premium service offerings that include Account Management Services For information about Symantec’s support offerings, you can visit our Web site at the following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy.

Contacting Technical Support

Customers with a current support agreement may access Technical Support information at the following URL:

www.symantec.com/business/support/

Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem.

When you contact Technical Support, please have the following information available:

■ Hardware information

■ Available memory, disk space, and NIC information

■ Operating system

■ Version and patch level

■ Network topology

■ Router, gateway, and IP address information

■ Problem description:

■ Error messages and log files

■ Troubleshooting that was performed before contacting Symantec

■ Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registration or a license key, access our technical support Web page at the following URL:

www.symantec.com/business/support/

Customer service

Customer service information is available at the following URL:

www.symantec.com/business/support/

Customer Service is available to assist with non-technical questions, such as the following types of issues:

■ Questions regarding product licensing or serialization

■ Product registration updates, such as address or name changes

■ General product information (features, language availability, local dealers)

■ Latest information about product updates and upgrades

■ Information about upgrade assurance and support contracts

■ Information about the Symantec Buying Programs

■ Advice about Symantec's technical support options

■ Nontechnical presales questions

Support agreement resources

If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows:

[email protected]

Asia-Pacific and Japan

[email protected]

Europe, Middle-East, and Africa

[email protected]

Technical Support

... 4

Chapter 1

Introducing Symantec Endpoint Protection Small

Business Edition

... 17 About Symantec Endpoint Protection Small Business Edition ... 17 What's new in version 12.1 ... 18 About the types of threat protection that Symantec Endpoint

Protection Small Business Edition provides ... 21 Protecting your network with Symantec Endpoint Protection Small

Business Edition ... 25 Getting up and running on Symantec Endpoint Protection Small

Business Edition for the first time ... 26 Managing protection on client computers ... 29 Maintaining the security of your environment ... 30 Troubleshooting Symantec Endpoint Protection Small Business

Edition ... 31

Section 1

Installing Symantec Endpoint Protection

Small Business Edition

... 33

Chapter 2

Planning the installation

... 35 Planning the installation ... 35 Components of Symantec Endpoint Protection Small Business

Edition ... 37 Product license requirements ... 39 System requirements ... 41 About Symantec Endpoint Protection Manager compatibility with

other products ... 43

Chapter 3

Installing Symantec Endpoint Protection

Manager

... 45 Installing the management server and the console ... 45 Configuring the management server during installation ... 47

Accepting the self-signed certificate for Symantec Endpoint Protection

Manager ... 47

Uninstalling Symantec Endpoint Protection Manager ... 48

Logging on to the Symantec Endpoint Protection Manager console ... 49

What you can do from the console ... 51

Chapter 4

Managing product licenses

... 55

Licensing Symantec Endpoint Protection ... 56

About the trialware license ... 58

Purchasing licenses ... 58

Where to buy a Symantec product license ... 59

Activating your product license ... 59

Using the License Activation wizard ... 60

Required licensing contact information ... 61

About upgrading from trialware ... 62

About product upgrades and licenses ... 62

About renewing your Symantec Endpoint Protection Small Business Edition license ... 63

About the Symantec Licensing Portal ... 63

Maintaining your product licenses ... 64

Checking license status ... 64

Downloading a license file ... 65

Licensing enforcement rules ... 65

Backing up your license files ... 66

Recovering a deleted license ... 67

Importing a license ... 67

About multi-year licenses ... 68

Licensing an unmanaged client ... 68

Chapter 5

Preparing for client installation

... 71

Preparing for client installation ... 71

Preparing Windows operating systems for remote deployment ... 72

Chapter 6

Installing the Symantec Endpoint Protection Small

Business Edition client

... 75

About client deployment methods ... 75

Deploying clients using a Web link and email ... 76

Deploying clients by using Remote Push ... 77

Deploying clients by using Save Package ... 79

Restarting client computers ... 80 Contents

About managed and unmanaged clients ... 81

Installing an unmanaged client ... 82

Uninstalling the client ... 82

Chapter 7

Upgrading and migrating to Symantec Endpoint

Protection Small Business Edition

... 85

About migrating to Symantec Endpoint Protection Small Business Edition ... 86

Migrating from Symantec Client Security or Symantec AntiVirus ... 87

About migrating computer groups ... 88

Migrating group settings and policy settings ... 88

Upgrading to a new release ... 90

Migrating a management server ... 90

Stopping and starting the management server service ... 91

Disabling LiveUpdate in Symantec AntiVirus before migration ... 92

Disabling scheduled scans in Symantec System Center when you migrate client computers ... 93

Turning off the roaming service ... 93

Uninstalling and deleting reporting servers ... 94

Unlocking server groups in Symantec System Center ... 95

About upgrading client software ... 95

Upgrading clients by using AutoUpgrade ... 96

Section 2

Managing protection on Symantec

Endpoint Protection Small Business

Edition

... 99

Chapter 8

Managing groups of client computers

... 101

Managing groups of computers ... 101

How you can structure groups ... 103

Adding a group ... 104

Blocking clients from being added to groups ... 104

Viewing assigned computers ... 105

Moving a client computer to another group ... 105

Chapter 9

Managing clients

... 107

Managing client computers ... 107

About the client protection status icons ... 108

Viewing the protection status of clients and client computers ... 109

Viewing a client computer's properties ... 110

About enabling and disabling protection ... 111

About commands you can run on client computers ... 113

Running commands on the client computer from the console ... 114

Converting an unmanaged client to a managed client ... 115

Chapter 10

Using policies to manage security

... 117

The types of security policies ... 118

Performing tasks that are common to all security policies ... 119

Adding a policy ... 121

Copying and pasting a policy ... 121

Editing a policy ... 122

Locking and unlocking policy settings ... 122

Assigning a policy to a group ... 123

Viewing assigned policies ... 124

Testing a security policy ... 124

Replacing a policy ... 125

Exporting and importing policies ... 125

Deleting a policy permanently ... 126

How the client computers get policy updates ... 126

Using the policy serial number to check client-server communication ... 127

Chapter 11

Managing Virus and Spyware Protection

... 129

Preventing and handling virus and spyware attacks on client computers ... 130

Remediating risks on the computers in your network ... 132

Identifying the infected and at-risk computers ... 134

Checking the scan action and rescanning the identified computers ... 135

Managing scans on client computers ... 136

About the types of scans and real-time protection ... 139

About the types of Auto-Protect ... 142

About virus and security risks ... 144

About the files and folders that Symantec Endpoint Protection excludes from virus and spyware scans ... 146 Contents

About submitting information about detections to Symantec

Security Response ... 151

About submissions throttling ... 152

About the default Virus and Spyware Protection policy scan settings ... 153

How Symantec Endpoint Protection Small Business Edition handles detections of viruses and security risks ... 156

Setting up scheduled scans that run on Windows computers ... 157

Setting up scheduled scans that run on Mac computers ... 159

Running on-demand scans on client computers ... 160

Adjusting scans to improve computer performance ... 161

Adjusting scans to increase protection on your client computers ... 163

Managing Download Insight detections ... 165

How Symantec Endpoint Protection Small Business Edition uses reputation data to make decisions about files ... 169

How Symantec Endpoint Protection Small Business Edition protection features work together ... 170

Enabling or disabling client submissions to Symantec Security Response ... 172

Managing the Quarantine ... 174

Using the Risk log to delete quarantined files on your client computers ... 175

Managing the virus and spyware notifications that appear on client computers ... 176

Chapter 12

Customizing scans

... 179

Customizing the virus and spyware scans that run on Windows computers ... 180

Customizing the virus and spyware scans that run on Mac computers ... 181

Customizing Auto-Protect for Windows clients ... 182

Customizing Auto-Protect for Mac clients ... 183

Customizing Auto-Protect for email scans on Windows computers ... 184

Customizing administrator-defined scans for clients that run on Windows computers ... 185

Customizing administrator-defined scans for clients that run on Mac computers ... 186

Randomizing scans to improve computer performance in virtualized environments ... 187

Modifying global scan settings for Windows clients ... 188

Changing the action that Symantec Endpoint Protection Small

Business Edition takes when it makes a detection ... 190

Allowing users to view scan progress and interact with scans ... 192

Chapter 13

Managing SONAR

... 195

About SONAR ... 195

About the files and applications that SONAR detects ... 196

Managing SONAR ... 196

Monitoring SONAR detection results to check for false positives ... 198

Enabling or disabling SONAR ... 200

Chapter 14

Managing Tamper Protection

... 201

About Tamper Protection ... 201

Changing Tamper Protection settings ... 202

Chapter 15

Managing firewall protection

... 205

Managing firewall protection ... 205

How a firewall works ... 206

About the Symantec Endpoint Protection firewall ... 207

Creating a firewall policy ... 209

Enabling and disabling a firewall policy ... 210

Adjusting the firewall security level ... 211

About firewall rules ... 212

About the firewall rule, firewall setting, and intrusion prevention processing order ... 213

Changing the order of firewall rules ... 213

How the firewall uses stateful inspection ... 214

About firewall rule application triggers ... 214

About firewall rule host triggers ... 217

About firewall rule network services triggers ... 219

Setting up firewall rules ... 219

Adding a new firewall rule ... 220

Copying and pasting firewall rules ... 221

Customizing firewall rules ... 221

Chapter 16

Managing intrusion prevention

... 229

Managing intrusion prevention on your client computers ... 229

How intrusion prevention works ... 232

About Symantec IPS signatures ... 233

Enabling or disabling network intrusion prevention or browser intrusion prevention ... 233 Contents

Creating exceptions for IPS signatures ... 234

Chapter 17

Managing exceptions

... 237

About exceptions to Symantec Endpoint Protection Small Business Edition ... 237

Managing exceptions for Symantec Endpoint Protection Small Business Edition ... 238

Creating exceptions for Symantec Endpoint Protection Small Business Edition ... 240

Excluding a file or a folder from scans ... 244

Excluding known risks from virus and spyware scans ... 245

Excluding file extensions from virus and spyware scans ... 245

Forcing scans to detect an application ... 246

Specifying how Symantec Endpoint Protection Small Business Edition handles an application that scans detect or that users download ... 247

Excluding a trusted Web domain from scans ... 247

Creating a Tamper Protection exception ... 248

Restricting the types of exceptions that users can configure on client computers ... 249

Creating exceptions from log events in Symantec Endpoint Protection Manager ... 249

Chapter 18

Configuring updates and updating client computer

protection

... 251

Managing content updates ... 251

How client computers receive content updates ... 253

Configuring the LiveUpdate download schedule for Symantec Endpoint Protection Manager ... 255

Downloading LiveUpdate content manually to Symantec Endpoint Protection Manager ... 256

Viewing LiveUpdate downloads ... 256

Checking LiveUpdate server activity ... 256

Configuring Symantec Endpoint Protection Manager to connect to a proxy server to access the Internet ... 257

Enabling and disabling LiveUpdate scheduling for client computers ... 257

Configuring the LiveUpdate download schedule for client computers ... 258

Chapter 19

Monitoring protection with reports and logs

... 261

Monitoring endpoint protection ... 261

Viewing a daily or weekly status report ... 263

Viewing system protection ... 264

Finding offline computers ... 265

Finding unscanned computers ... 265

Viewing risks ... 266

Viewing client inventory ... 266

Viewing attack targets and sources ... 267

Configuring reporting preferences ... 268

About the types of reports ... 268

Running and customizing quick reports ... 270

Saving and deleting custom reports ... 272

Creating scheduled reports ... 273

Editing the filter used for a scheduled report ... 274

Printing and saving a copy of a report ... 275

Viewing logs ... 275

About logs ... 277

Saving and deleting custom logs by using filters ... 279

Running commands on the client computer from the logs ... 280

Chapter 20

Managing notifications

... 283

Managing notifications ... 283

How notifications work ... 284

About the preconfigured notifications ... 285

About partner notifications ... 288

Establishing communication between the management server and email servers ... 289

Viewing and acknowledging notifications ... 289

Saving and deleting administrative notification filters ... 290

Setting up administrator notifications ... 291

How upgrades from another version affect notification conditions ... 292

Chapter 21

Managing administrator accounts

... 295

Managing administrator accounts ... 295

About administrator accounts ... 296

Adding an administrator account ... 297

About access rights ... 298

Configuring the access rights for a limited administrator ... 299

Changing an administrator password ... 299 Contents

Allowing administrators to save logon credentials ... 300

Allowing administrators to reset forgotten passwords ... 300

Resetting a forgotten password ... 301

Resetting the administrator user name and password to admin ... 302

Section 3

Maintaining your security

environment

... 303

Chapter 22

Preparing for disaster recovery

... 305

Preparing for disaster recovery ... 305

Backing up the database and logs ... 306

Section 4

Troubleshooting Symantec Endpoint

Protection

... 309

Chapter 23

Performing disaster recovery

... 311

Performing disaster recovery ... 311

Restoring the database ... 312

Reinstalling or reconfiguring Symantec Endpoint Protection Manager ... 313

Chapter 24

Troubleshooting installation and communication

problems

... 315

Downloading the Symantec Endpoint Protection Support Tool to troubleshoot computer issues ... 315

Identifying the point of failure of an installation ... 316

Troubleshooting communication problems between the management server and the client ... 316

Viewing the client connection status on the client ... 318

How to determine whether the client is connected and protected ... 318

Investigating protection problems using the troubleshooting file on the client ... 319

Stopping and starting the Apache Web server ... 320

Using the ping command to test the connectivity to the management server ... 320

Checking the debug log on the client computer ... 320

Recovering client communication settings by using the

SylinkDrop tool ... 321

Troubleshooting communication problems between the management server and the console or the database ... 322

Verifying the connection with the database ... 323

Chapter 25

Troubleshooting reporting issues

... 325

Troubleshooting reporting issues ... 325

Troubleshooting context-sensitive help for the reporting console ... 327

Changing reporting fonts to display Asian languages ... 327

Accessing reporting pages when the use of loopback addresses is disabled ... 328

About recovering a corrupted client System Log on 64-bit computers ... 329

Appendix A

Migration and client deployment reference

... 331

Where to go for information on upgrading and migrating ... 331

Supported server upgrade paths ... 333

Supported client upgrade paths ... 333

Migrations that are supported and unsupported for the Mac client ... 334

Feature mapping between 12.0 clients and 12.1 clients ... 335

Client protection features by platform ... 338

Management features by platform ... 339

Virus and Spyware Protection policy settings available for Windows and Mac ... 340

LiveUpdate policy settings available for Windows and Mac ... 341

Increasing Symantec Endpoint Protection Manager disk space before upgrading to version 12.1 ... 342

Index

... 345 Contents

Introducing Symantec

Endpoint Protection Small

Business Edition

This chapter includes the following topics:

■ About Symantec Endpoint Protection Small Business Edition

■ What's new in version 12.1

■ About the types of threat protection that Symantec Endpoint Protection Small Business Edition provides

■ Protecting your network with Symantec Endpoint Protection Small Business Edition

About Symantec Endpoint Protection Small Business

Edition

Symantec Endpoint Protection Small Business Edition is a client-server solution that protects laptops, desktops, Mac computers, and servers in your network against malware. Symantec Endpoint Protection combines virus protection with advanced threat protection to proactively secure your computers against known and unknown threats.

Symantec Endpoint Protection protects against malware such as viruses, worms, Trojan horses, spyware, and adware. It provides protection against even the most sophisticated attacks that evade traditional security measures such as rootkits, zero-day attacks, and spyware that mutates. Providing low maintenance and high power, Symantec Endpoint Protection Small Business Edition communicates over

1

your network to automatically safeguard computers against attacks for both physical systems and virtual systems.

This comprehensive solution protects confidential and valuable information by combining multiple layers of protection on a single integrated client. Symantec Endpoint Protection reduces management overhead, time, and cost by offering a single management console and the single client.

See“About the types of threat protection that Symantec Endpoint Protection Small Business Edition provides”on page 21.

What's new in version 12.1

The current release includes the following improvements that make the product easier and more efficient to use.

Table 1-1displays the new features in version 12.1. Introducing Symantec Endpoint Protection Small Business Edition

Table 1-1 New features in version 12.1 Description

Feature

The most significant improvements include the following policy features to provide better protection on the client computers.

■ The Virus and Spyware Protection policy detects threats more accurately while it reduces false positives and improves scan performance with the following technologies:

■ SONAR replaces the TruScan technology to identify malicious behavior of unknown threats using heuristics and reputation data. While TruScan runs on a schedule, SONAR runs at all times.

See“Managing SONAR”on page 196.

■ Auto-Protect provides additional protection with Download Insight, which examines the files that users try to download through Web browsers, text messaging clients, and other portals. Download Insight uses reputation information from Symantec Insight to make decisions about files.

See“Managing Download Insight detections”on page 165.

See“How Symantec Endpoint Protection Small Business Edition uses reputation data to make decisions about files”on page 169.

■ Insight lets scans skip Symantec and community trusted files, which improves scan performance.

See“Modifying global scan settings for Windows clients”on page 188.

■ Insight Lookup detects the application files that might not typically be detected as risks and sends information from the files to Symantec for evaluation. If Symantec determines that the application files are risks, the client computer then handles the files as risks. Insight Lookup makes malware detection faster and more accurate. See“Customizing administrator-defined scans for clients that run on Windows computers”on page 185.

■ The Firewall policy includes firewall rules to block IPv6-based traffic. See“Customizing firewall rules”on page 221.

■ The Intrusion Prevention policy includes browser intrusion prevention, which uses IPS signatures to detect the attacks that are directed at browser vulnerabilities.

See“Enabling or disabling network intrusion prevention or browser intrusion prevention”

on page 233. Better security against

malware

19 Introducing Symantec Endpoint Protection Small Business Edition

Table 1-1 New features in version 12.1 (continued) Description

Feature

Symantec Endpoint Protection Manager helps you manage the client computers more easily with the following new features:

■ Centralized licensing lets you purchase, activate, and manage product licenses from the management console.

See“Licensing Symantec Endpoint Protection”on page 56.

■ The Symantec Endpoint Protection Manager logon screen enables you to have your forgotten password emailed to you.

See“Logging on to the Symantec Endpoint Protection Manager console”on page 49.

■ The Monitors page includes a set of preconfigured email notifications that inform you of the most frequently used events. The events include when new client software is available, when a policy changes, license renewal messages, and when the management server locates unprotected computers. The notifications are enabled by default and support the BlackBerry, iPhone, and Android.

See“About the preconfigured notifications”on page 285.

■ Improved status reporting automatically resets the Still Infected Status for a client computer once the computer is no longer infected.

Faster and more flexible management

To increase the speed between the management server and the management console, database, and the client computers:

■ Virus and spyware scans use Insight to let scans skip safe files and focus on files at risk. Scans that use Insight are faster and more accurate, and reduce scan overhead by up to 70 percent.

See“Modifying global scan settings for Windows clients”on page 188. See“Customizing Auto-Protect for Windows clients”on page 182.

See“About commands you can run on client computers”on page 183on page 183. See“Adjusting scans to improve computer performance”on page 161.

■ LiveUpdate can run when the client computer is idle, has outdated content, or has been disconnected, which uses less memory.

Better server and client performance

In Symantec Enterprise Protection Small Business Edition, you can now deploy and manage Mac clients on Symantec Endpoint Protection Manager for Symantec Endpoint Protection Small Business Edition.

See“Deploying clients using a Web link and email”on page 76. Support for Mac

clients

Introducing Symantec Endpoint Protection Small Business Edition What's new in version 12.1

Table 1-1 New features in version 12.1 (continued) Description

Feature

You can install the product faster and easier than before with the following new installation features:

■ You can upgrade to the current version of the product while the legacy clients stay connected and protected.

■ A new quick report for deployment shows which computers have successfully installed the client software.

See“Running and customizing quick reports”on page 270. Improved installation

process

Symantec Endpoint Protection Manager now supports the following additional operating systems:

■ VMware Workstation 7.0 or later

■ VMware ESXi 4.0.x or later

■ VMware ESX 4.0.x or later

■ VMware Server 2.0.1

■ Citrix XenServer 5.1 or later

Symantec Endpoint Protection Manager now supports the following Web browsers:

■ Internet Explorer 7.0, 8.0, 9.0

■ Firefox 3.6, 4.0

See“System requirements”on page 41. Support for additional

operating systems

About the types of threat protection that Symantec

Endpoint Protection Small Business Edition provides

Symantec Endpoint Protection Small Business Edition uses state-of-the-art protection to integrate multiple types of protection on each computer in your network. It offers advanced defense against all types of attacks for both physical systems and virtual systems. You need combinations of all the protection technologies to fully protect and customize the security in your environment. Symantec Endpoint Protection Small Business Edition combines traditional scanning, behavioral analysis, intrusion prevention, and community intelligence into a superior security system.

Table 1-2describes the types of protection that the product provides and their benefits.

Table 1-2 Layers of protection Benefit Description

Protection type

Virus and Spyware Protection detects new threats earlier and more accurately using not just signature-based and behavioral-based solutions, but other technologies.

■ Symantec Insight provides faster and more accurate malware detection to detect the new and the unknown threats that other approaches miss. Insight identifies new and zero-day threats by using the collective wisdom of over millions of systems in hundreds of countries.

■ Bloodhound uses heuristics to detect a high percentage of known and unknown threats.

■ Auto-Protect scans files from a signature list as they are read from or written to the client computer.

Virus and Spyware Protection protects computers from viruses and security risks, and in many cases can repair their side effects. The protection includes real-time scanning of files and email as well as scheduled scans and on-demand scans. Virus and spyware scans detect viruses and the security risks that can put a computer, as well as a network, at risk. Security risks include spyware, adware, and other malicious files.

See“Managing scans on client computers”

on page 136. Virus and

Spyware Protection

■ The rules-based firewall engine shields computers from malicious threats before they appear.

■ The IPS scans network traffic and files for indications of intrusions or attempted intrusions.

■ Browser Intrusion Prevention scans for attacks that are directed at browser vulnerabilities.

■ Universal download protection monitors all downloads from the browser and validates that the downloads are not malware. Network Threat Protection provides a firewall

and intrusion prevention protection to prevent intrusion attacks and malicious content from reaching the computer that runs the client software.

The firewall allows or blocks network traffic based on the various criteria that the

administrator sets. If the administrator permits it, end users can also configure firewall policies. The Intrusion Prevention System (IPS) analyzes all the incoming and the outgoing information for the data patterns that are typical of an attack. It detects and blocks malicious traffic and attempts by outside users to attack the client computer. Intrusion Prevention also monitors outbound traffic and prevents the spread of worms.

See“Managing firewall protection”on page 205. See“Managing intrusion prevention on your client computers”on page 229.

Network Threat Protection

Introducing Symantec Endpoint Protection Small Business Edition

Table 1-2 Layers of protection (continued) Benefit Description

Protection type

SONAR examines programs as they run, and identifies and stops malicious behavior of new and previously unknown threats. SONAR uses heuristics as well as reputation data to detect emerging and unknown threats.

Proactive Threat Protection uses SONAR to protect against zero-day attack vulnerabilities in your network. Zero-day attack vulnerabilities are the new vulnerabilities that are not yet publicly known. Threats that exploit these vulnerabilities can evade signature-based detection, such as spyware definitions. Zero-day attacks may be used in targeted attacks and in the propagation of malicious code. SONAR provides real-time behavioral protection by monitoring processes and threats as they execute.

See“Managing SONAR”on page 196. Proactive Threat

Protection

The management server enforces each protection by using an associated policy that is downloaded to the client.

Figure 1-1 An overview of protection layers

Virus and Spyware Protection

Endpoint Network Interface Card

Back doors DoS attacks Port scans Stack attacks Trojans Worms Internet Memory / peripherals File system Proactive Threat Protection

File/process/ registry modifications Firewall policy Intrusion Prevention policy Application and Device Control policy Company Network

Virus and Spyware Protection policy (SONAR) Adware Back doors Mutating threats Spyware Trojans Worms Viruses Insider threats Keyloggers Retro viruses Spyware Targeted attacks Trojans Worms Zero day threats DNS and host file changes Network Threat Protection Application vulnerabilities Back doors OS vulnerabilities Trojans Worms

Virus and Spyware Protection policy

See“Components of Symantec Endpoint Protection Small Business Edition”

on page 37.

Introducing Symantec Endpoint Protection Small Business Edition

Protecting your network with Symantec Endpoint

Protection Small Business Edition

You protect the computers in your network by installing and managing the Symantec Endpoint Protection Manager and the Symantec Endpoint Protection Small Business Edition client.

Table 1-3outlines the main high-level tasks that you need to do to use Symantec Endpoint Protection Small Business Edition.

Table 1-3 Steps to set up, configure, and manage Symantec Endpoint Protection Small Business Edition

Description Task

You can install Symantec Endpoint Protection Manager and the Symantec Endpoint Protection Small Business Edition client and protect your network in a few easy steps. See“Getting up and running on Symantec Endpoint Protection Small Business Edition for the first time”

on page 26. Setting up Symantec

Endpoint Protection Small Business Edition

Symantec Endpoint Protection Manager comes with default settings and policies so that your network is protected immediately after you install. You can modify these settings to suit your network environment.

See“Managing protection on client computers”on page 29. Managing Symantec

Endpoint Protection Small Business Edition

You might need to perform some ongoing maintenance to keep your network environment running smoothly at peak performance. For example, you must back up the database in case you need to perform disaster recovery.

See“Maintaining the security of your environment”

on page 30. Maintaining a secure

network environment

If you have problems installing or using the product, Symantec Endpoint Protection Manager includes resources to help fix common issues, such as client-server

communication and virus outbreaks.

See“Troubleshooting Symantec Endpoint Protection Small Business Edition”on page 31.

Troubleshooting Symantec Endpoint Protection Small Business Edition

See“Components of Symantec Endpoint Protection Small Business Edition”

on page 37.

Getting up and running on Symantec Endpoint Protection Small

Business Edition for the first time

You should assess your security requirements and decide if the default settings provide the balance of performance and security you require. Some performance enhancements can be made immediately after you install Symantec Endpoint Protection Manager.

Table 1-4lists the tasks you should perform to install and protect the computers in your network immediately.

Table 1-4 Tasks to install and configure Symantec Endpoint Protection Small Business Edition

Description Action

Whether you install the product for the first time, upgrade from a previous version, or migrate from another product, you install Symantec Endpoint Protection Manager first. See“Installing the management server and the console”on page 45.

See“About migrating to Symantec Endpoint Protection Small Business Edition”on page 86. Install or migrate the

management server

You can add the groups that contain computers based on the level of security or function the computers perform. For example, you should put computers with a higher level of security in one group, or a group of Mac computers in another group.

See“How you can structure groups”on page 103. See“Adding a group”on page 104.

See“Guidelines for managing portable computers”on page 105. Create groups

Change the following default scan settings:

■ For the servers group, change the scheduled scan time to a time when most users are offline.

See“Setting up scheduled scans that run on Windows computers”on page 157. Modify the Virus and

Spyware Protection policy

Purchase and activate a license within 30 days of product installation. See“Activating your product license”on page 59.

Activate the product license

Before you install the client software, perform the following tasks, if necessary:

■ Uninstall third-party virus protection software from your computers.

For more information on a tool to uninstall any competitive product automatically, see the knowledge base article,SEPprep competitive product uninstall tool.

■ If you deploy client software remotely, first modify the firewall settings on your client computers to allow communication between the computers and the management server.

See“Preparing for client installation”on page 71. Prepare computers for

client installation (optional)

Introducing Symantec Endpoint Protection Small Business Edition

Table 1-4 Tasks to install and configure Symantec Endpoint Protection Small Business Edition (continued)

Description Action

Deploy the client software.

See“Deploying clients using a Web link and email”on page 76. Install the client

software with the Client Deployment Wizard

In the management console, on the Computers > Computers page:

1 Change the view to Client status to make sure that the client computers in each group communicate with the management server.

Look at the information in the following columns:

■ The Computer column displays a green dot for the clients that are connected to the management server.

■ The Last Time Status Changed column displays the time that the client last communicated with the management server.

■ The Restart Required column displays which client computers you need to restart to enable protection.

See“Restarting client computers”on page 80.

■ The Policy Serial Number column displays the most current policy serial number. The policy might not update for one to two heartbeats.

See“Using the policy serial number to check client-server communication”

on page 127.

2 Change to the Protection technology view and ensure that the following protections are On:

■ Antivirus status

■ Firewall status

See“Viewing the protection status of clients and client computers”on page 109. 3 On the client, check that the client is connected to a server, and check that the policy

serial number is the most current one.

See“Viewing the client connection status on the client”on page 318.

See“Troubleshooting communication problems between the management server and the client”on page 316.

Check that the computers are listed in the groups that you expected and that the client communicates with the management server

Make sure that the content updates download to client computers at a time that affects users the least.

See“Configuring the LiveUpdate download schedule for Symantec Endpoint Protection Manager”on page 255.

Check the LiveUpdate schedule and adjust if necessary

Table 1-4 Tasks to install and configure Symantec Endpoint Protection Small Business Edition (continued)

Description Action

Alerts and notifications are critical to maintaining a secure environment and can also save you time.

See“Managing notifications”on page 283. Configure Symantec

Endpoint Protection Manager to send email alerts

Create a notification for a Single risk event and modify the notification for Risk Outbreak. For these notifications, do the following:

1 Change the Risk severity to Category 1 (Very Low and above) to avoid receiving emails about tracking cookies.

2 Keep the Damper setting at Auto.

See“Setting up administrator notifications”on page 291. Configure notifications

for a single risk outbreak and when a new risk is detected

Table 1-5displays the tasks to perform after you install and configure the product to assess whether the client computers have the correct level of protection. Table 1-5 Tasks to perform two weeks after you install

Description Action

You can increase performance so that the client does not scan certain folders and files. For example, the client scans the mail server every time a scheduled scan runs. You can also exclude files by extension for Auto-Protect scans.

See“Creating exceptions for Symantec Endpoint Protection Small Business Edition”

on page 240.

See“Customizing Auto-Protect for Windows clients”on page 182.

See“About commands you can run on client computers”on page 183on page 183. Exclude applications and

files from being scanned

Run the quick reports and scheduled reports to see whether the client computers have the correct level of security.

See“About the types of reports”on page 268.

See“Running and customizing quick reports”on page 270. See“Creating scheduled reports”on page 273.

Run a quick report and scheduled report after the scheduled scan

Review monitors, logs, and the status of client computers to make sure that you have the correct level of protection for each group.

See“Monitoring endpoint protection”on page 261. Check to ensure that

scheduled scans have been successful and clients operate as expected

Introducing Symantec Endpoint Protection Small Business Edition

Managing protection on client computers

You use a single management console to manage the protection on the client computers. Although the client computers are protected immediately, you might need to modify the protection to suit your needs.

Table 1-6outlines the tasks that you can perform if you need to adjust the default settings.

Table 1-6 Modifying protection on the client computer Description

Task

You apply protection to the client computers based on the group that you place a computer in. The computers in each group have the same level of security.

You can import your company's existing group structure. You can also create new groups. To determine which groups to add, first consider the structure of the network. Or, if you create a new group structure, you base your group structure on function, role, geography, or a combination of criteria. For example, consider the number of computers at the site, or whether the computers are the same type, such as Windows or Mac computers.

See“Managing groups of computers”on page 101. See“Managing client computers”on page 107. Organizing and

managing groups

Symantec Endpoint Protection Manager includes default policies for each type of protection. The policies balance the need for protection with performance. Out of the box, the default policies provide appropriate settings for large and small organizations. You may want to adjust settings over time based on your company needs.

See“The types of security policies”on page 118.

See“About the types of threat protection that Symantec Endpoint Protection Small Business Edition provides”on page 21.

See“Managing scans on client computers”on page 136. See“Managing firewall protection”on page 205.

See“Managing intrusion prevention on your client computers”on page 229. Modifying

protection

Security policies must be applied to a group before the clients apply the policies to the client computer. You can create policies that all groups share or that apply to only one group. Symantec Endpoint Protection Manager makes it easy to add and modify policies for all the security needs of your company.

See“Performing tasks that are common to all security policies”on page 119. Managing policies

Table 1-6 Modifying protection on the client computer (continued) Description

Task

Client computers need to receive periodic updates to protection content such as virus definitions, intrusion prevention signatures, and product software. You can configure the method, type of content, and schedule that Symantec Endpoint Protection Small Business Edition uses to download the content to the client computers.

See“Managing content updates”on page 251. Scheduling and

managing updates

You can configure the client to display different client features and protection features. How you configure these features depends on how much control you want client computer users in each group to have.

See“Locking and unlocking policy settings”on page 122. Controlling user

access

Symantec recommends that you analyze which computers need which type of security. If you did not deploy the client installation package at the time that you installed Symantec Endpoint Protection Manager, you can deploy the client software later.

You have the option to look for unprotected computers. See“Preparing for client installation”on page 71.

See“Deploying clients using a Web link and email”on page 76. Managing client

deployment

You use reports and logs to view the security status of the client computers. The reports and logs help you to handle virus outbreaks and to increase the security and performance of your company's network.

You can also configure notifications to alert administrators and computer users about potential security problems.

See“Monitoring endpoint protection”on page 261. See“Managing notifications”on page 283. Monitoring and

responding to status changes

You can add administrator accounts so that different administrators have different levels of control over managing the groups, policies, commands, and reports in Symantec Endpoint Protection Manager.

See“Managing administrator accounts”on page 295. Managing

administrators

Maintaining the security of your environment

After you have secured your network, you might want to modify the protection and infrastructure to increase security or increase performance.

Introducing Symantec Endpoint Protection Small Business Edition

Table 1-7 Tasks you can perform to maintain the security of your network Description

Task

You should periodically check the Home page to view the overall security status of your network. You can use the notifications, reports, and logs to provide the details on the security status.

See“Monitoring endpoint protection”on page 261. See“Managing notifications”on page 283. Checking the

security status of your network

You can check whether your license is about to expire or if you have too many deployed clients for what your license covers.

See“Maintaining your product licenses”on page 64. Maintaining licenses

To help mitigate a case of data corruption or a hardware failure, you should back up the database regularly and make a copy of specific management server files.

See“Preparing for disaster recovery”on page 305. Preparing for

disaster recovery

You can update the settings for the mail server, proxy server, and LiveUpdate servers. See“Establishing communication between the management server and email servers”

on page 289.

See“Configuring Symantec Endpoint Protection Manager to connect to a proxy server to access the Internet”on page 257.

Reconfiguring servers

Troubleshooting Symantec Endpoint Protection Small Business Edition

Table 1-8displays the most common issues that you might encounter when you install and use Symantec Endpoint Protection Small Business Edition.

Table 1-8 Common issues you can troubleshoot Description

Task

You can download and run the Symantec Endpoint Protection Small Business Edition Support Tool to verify that your computers are ready for installation. The support tool is provided with the management server and the client. It is also available on the Symantec Support Web site.

See“Downloading the Symantec Endpoint Protection Support Tool to troubleshoot computer issues”on page 315.

Fixing installation problems

Table 1-8 Common issues you can troubleshoot (continued) Description

Task

You can prevent threats from attacking computers on your network.

See“Preventing and handling virus and spyware attacks on client computers”on page 130. See“Remediating risks on the computers in your network”on page 132.

If a threat does attack a client computer, you can identify and respond to the threat. See the following knowledge base article:

Best practices for troubleshooting viruses on a network. Handling virus

outbreaks

If the latest virus definitions do not update correctly on Symantec Endpoint Protection Manager or the clients, see the following knowledge base article:

Symantec Endpoint Protection: LiveUpdate Troubleshooting. Troubleshooting

content update problems

The communication channels between all of the Symantec Endpoint Protection Small Business Edition components must be open. These channels include, server to client, server to database, and server and client to the content delivery component, such as LiveUpdate.

See“Troubleshooting communication problems between the management server and the client”on page 316.

See“Troubleshooting communication problems between the management server and the console or the database”on page 322.

See the following knowledge base article:

Troubleshooting Symantec Endpoint Protection Manager communication problems. Fixing

communication errors

In case of database corruption or hardware failure, you can restore the latest snapshot of the database if you have a database backup file.

See“Performing disaster recovery”on page 311. Performing disaster

recovery

You can solve various report and log issues. See“Troubleshooting reporting issues”on page 325. Troubleshooting

reporting issues

See the knowledge base article,Top "Best Practices" Articles for Symantec Endpoint Protection.

Introducing Symantec Endpoint Protection Small Business Edition

Installing Symantec Endpoint

Protection Small Business

Edition

■ Chapter 2. Planning the installation

■ Chapter 3. Installing Symantec Endpoint Protection Manager

■ Chapter 4. Managing product licenses

■ Chapter 5. Preparing for client installation

■ Chapter 6. Installing the Symantec Endpoint Protection Small Business Edition client

■ Chapter 7. Upgrading and migrating to Symantec Endpoint Protection Small Business Edition

Planning the installation

This chapter includes the following topics:

■ Planning the installation

■ Components of Symantec Endpoint Protection Small Business Edition

■ Product license requirements

■ System requirements

■ About Symantec Endpoint Protection Manager compatibility with other products

Planning the installation

Table 2-1summarizes the high-level steps to install Symantec Endpoint Protection Small Business Edition.

Table 2-1 Installation planning Description

Action Step

Understand the sizing requirements for your network. In addition to identifying the endpoints requiring protection, scheduling updates, and other variables should be evaluated to ensure good network and database performance. For information to help you plan medium to large-scale installations, see the Symantec white paper,Sizing and Scalability Recommendations for Symantec Endpoint Protection Small Business Edition.

Purchase a license within 30 days of product installation. See“Licensing Symantec Endpoint Protection”on page 56. See“Product license requirements”on page 39.

Plan network

architecture and review and purchase a license within 30 days of product installation Step 1

2

Table 2-1 Installation planning (continued) Description

Action Step

Make sure your computers comply with the minimum system requirements and that you understand the product licensing requirements.

See“System requirements”on page 41. See“Product license requirements”on page 39. Review system

requirements Step 2

Uninstall other virus protection software from your computers, make sure system-level access is available, and open firewalls to allow remote deployment. See“Preparing for client installation”on page 71.

See“Preparing Windows operating systems for remote deployment”on page 72. Prepare computers for

installation Step 3

Remotely deploying the client requires that certain ports and protocols are open and allowed between the Symantec Endpoint Protection Manager and the endpoint computers.

Open ports and allow protocols

Step 4

Identify the user names, passwords, email addresses, and other installation settings. Have the information on hand during the installation.

Identify installation settings

Step 5

Install Symantec Endpoint Protection Manager.

If the network that supports your business is small and located in one geographic location, you need to install only one Symantec Endpoint Protection Manager. If your network is geographically dispersed, you may need to install additional management servers for load balancing and bandwidth distribution purposes.

See“Installing the management server and the console”on page 45. Install the management

server Step 6

If you are running legacy Symantec protection, you usually migrate policy and group settings from your older version.

See“About migrating to Symantec Endpoint Protection Small Business Edition”

on page 86. Migrate Symantec legacy

virus protection software Step 7

Table 2-1 Installation planning (continued) Description

Action Step

Prepare for client installation as follows:

■ Identify the computers on which to install the client software.

■ Identify the methods to use to deploy the client software to your computers.

■ Uninstall third-party virus protection software from your computers.

■ Modify or disable the firewall settings on your endpoint computers to allow communication between the endpoints and the Symantec Endpoint Protection Manager.

■ Set up the console computer groups to match your organizational structure. See“Preparing for client installation”on page 71.

See“Guidelines for managing portable computers”on page 105. Prepare computers for

client installation Step 8

Install the Symantec Endpoint Protection Small Business Edition client on your endpoint computers.

Symantec recommends that you also install the client on the computer that hosts Symantec Endpoint Protection Manager.

See“Deploying clients using a Web link and email”on page 76. Install clients

Step 9

See“Getting up and running on Symantec Endpoint Protection Small Business Edition for the first time”on page 26.

Post-installation tasks Step 10

See“About the trialware license”on page 58.

Components of Symantec Endpoint Protection Small

Business Edition

Table 2-2lists the product's components and describes their functions.

Table 2-2 Product components Description Component

Symantec Endpoint Protection Manager is a management server that manages the client computers that connect to your company's network.

Symantec Endpoint Protection Manager includes the following software:

■ The console software coordinates and manages security policies, client computers, reports, and logs. The console is the interface to the management server. It can also be installed and used remotely on any computer with a network connection to the management server.

■ The management server software provides secure communication to and from the client computers and the console.

Symantec Endpoint Protection Manager

The database stores security policies and events. The database is installed on the computer that hosts Symantec Endpoint Protection Manager.

Database

The Symantec Endpoint Protection Small Business Edition client protects the computers with virus and spyware scans, SONAR, Download Insight, a firewall, an Intrusion Prevention System, and other protection technologies. It runs on the servers, desktops, and portable computers that you want to protect.

The Symantec Endpoint Protection Mac client protects the computers with virus and spyware scans.

For more information, see the Symantec Endpoint Protection Small Business Edition Client Guide.

See“About Symantec Endpoint Protection Small Business Edition”on page 17.

Symantec Endpoint Protection Small Business Edition client

Planning the installation

Figure 2-1 The product components in a network

Firewall Computers running the

Symantec Endpoint Protection client, connecting through a VPN tunnel

Internet

Local Ethernet Network

Symantec Endpoint Protection Manager, with the Symantec Endpoint Protection client installed

Computers running the Symantec Endpoint Protection client

See“About the types of threat protection that Symantec Endpoint Protection Small Business Edition provides”on page 21.

Product license requirements

If you want to use Symantec Endpoint Protection Small Business Edition after the trial period expires, you must purchase a product license. Your purchase a license according to the following requirements:

Table 2-3 Product license requirements Requirement Product

You must purchase a license that covers each deployed client. One license covers all clients regardless of platform and version.

See“Licensing enforcement rules”on page 65. Paid license installation

Symantec Endpoint Protection Small Business Edition accepts the license file from your Symantec legacy virus protection software. You must purchase a new license when the legacy license expires.

Symantec legacy virus protection software

A 30-day trial license is included with Symantec Endpoint Protection Small Business Edition. You must purchase a license when the trial license expires. Trialware

The following terminology applies to Symantec product licenses:

A license contains a serial number that uniquely identifies your license and associates the license with your company. The serial number can be used to activate your Symantec Endpoint Protection Small Business Edition license.

See“Activating your product license”on page 59. Serial number

Deployed refers to the endpoint computers that are under the protection of the Symantec Endpoint Protection Small Business Edition client software. For example, "We have 50 deployed seats." means that 50 endpoints have client software installed on them. Deployed

You activate your Symantec Endpoint Protection Small Business Edition product license to enable unrestricted access to all program functionality. You use the License Activation wizard to complete the activation process.

See“Activating your product license”on page 59. Activate

A seat is a single endpoint computer that is protected by the Symantec Endpoint Protection Small Business Edition client software. A license is purchased and is valid for a specific number of seats. "Valid seats" refers to the total number of seats that are specified in all of your active licenses.

Seat

See“Purchasing licenses”on page 58. Trialware

A license is over-deployed when the number of deployed clients exceeds the number of licensed seats.

Over-deployed Planning the installation

After you have determined your license requirements you do the following tasks:

■ Purchase the license.

See“Purchasing licenses”on page 58.

■ Activate the license.

See“Activating your product license”on page 59.

Understanding license requirements is part of planning your Symantec Endpoint Protection Small Business Edition installation and after installation, managing your product licenses.

See“Planning the installation”on page 35.

See“Licensing Symantec Endpoint Protection”on page 56.

System requirements

In general, the system requirements for Symantec Endpoint Protection Manager and the clients are the same as those of the supported operating systems. Additional details are provided in the following tables.

Table 2-4displays the minimum requirements for the Symantec Endpoint Protection Manager.

Table 2-5displays the minimum requirements for the Symantec Endpoint Protection Small Business Edition client.

Table 2-4 Symantec Endpoint Protection Manager system requirements Requirements

Component

■ 32-bit processor: 1-GHz Intel Pentium III or equivalent minimum (Intel Pentium 4 or equivalent recommended)

■ 64-bit processor: 2-GHz Pentium 4 with x86-64 support or equivalent minimum

Note:Intel Itanium IA-64 and PowerPC processors are not supported. Processor

1 GB of RAM for 32-bit operating systems, 2 GB of RAM for 64-bit operating systems, or higher if required by the operating system Physical RAM

4 GB or more free space Hard drive

800 x 600 Display

41 Planning the installation

Table 2-4 Symantec Endpoint Protection Manager system requirements

(continued)

Requirements Component

■ Windows 7

■ Windows XP (32-bit, SP3 or later; 64-bit, all SPs)

■ Windows Server 2003 (32-bit, 64-bit, R2, SP1 or later)

■ Windows Server 2008 (32-bit, 64-bit)

■ Windows Small Business Server 2008 (64-bit)

■ Windows Small Business Server 2011 (64-bit)

■ Windows Essential Business Server 2008 (64-bit) Operating system

■ Microsoft Internet Explorer 7, 8, or 9

■ Mozilla Firefox 3.6 or 4.0 Web browser

Note:Clients before version 12.1 can be managed by this version of the Symantec Endpoint Protection Manager, regardless of the client operating system. Table 2-5 Symantec Endpoint Protection Small Business Edition Windows and

Mac client system requirements Requirements

Component

■ 32-bit processor for Windows: 1-GHz Intel Pentium III or equivalent minimum (Intel Pentium 4 or equivalent recommended)

■ 32-bit processor for Mac: Intel Core Solo, Intel Core Duo

■ 64-bit processor for Windows: 2-GHz Pentium 4 with x86-64 support or equivalent minimum. Itanium processors are not supported.

■ 64-bit processor for Mac: Intel Core 2 Duo, Intel Quad-Core Xeon Processor

512 MB of RAM, or higher if required by the operating system Physical RAM

Hard disk: 700 MB or more free space Hard drive

800 x 600 Display

Table 2-5 Symantec Endpoint Protection Small Business Edition Windows and Mac client system requirements (continued)

Requirements Component

■ Windows XP (32-bit, SP2 or later; 64-bit, all SPs)

■ Windows XP Embedded

■ Windows Vista (32-bit, 64-bit)

■ Windows 7 (32-bit, 64-bit)

■ Windows Server 2003 (32-bit, 64-bit, R2, SP1 or later)

■ Windows Server 2008 (32-bit, 64-bit)

■ Windows Small Business Server 2008 (64-bit)

■ Windows Small Business Server 2011 (64-bit)

■ Windows Essential Business Server 2008 (64-bit)

■ Mac OS X 10.5 or 10.6 (32-bit, 64-bit)

■ Mac OS X Server 10.5 or 10.6 (32-bit, 64-bit) Operating system

About Symantec Endpoint Protection Manager

compatibility with other products

Some products may cause conflicts with Symantec Endpoint Protection Small Business Edition when they are installed on the same server. You need to configure the Symantec Endpoint Protection Manager installation if one or more of the following products is installed on the same server:

■ Symantec Backup Exec 10, 10D, or 11D

■ Symantec Brightmail

■ Symantec Enterprise Vault

■ Symantec Ghost Solution Suite 2.0

■ Symantec Mail Security for Exchange

■ Symantec NetBackup

■ Microsoft Outlook Web Access

■ Microsoft SharePoint

■ Microsoft Windows Update Services

In most cases, port changes are required to allow these programs to run concurrently with Symantec Endpoint Protection Small Business Edition.

For information about the configuration changes, see the Symantec Support knowledge base article,Addressing Symantec Endpoint Protection compatibility issues.

See“System requirements”on page 41. Planning the installation

Installing Symantec

Endpoint Protection

Manager

This chapter includes the following topics:

■ Installing the management server and the console

■ Configuring the management server during installation

■ Accepting the self-signed certificate for Symantec Endpoint Protection Manager

■ Uninstalling Symantec Endpoint Protection Manager

■ Logging on to the Symantec Endpoint Protection Manager console

■ What you can do from the console

Installing the management server and the console

You perform several tasks to install the server and the console. In the installation wizard, a green check mark appears next to each completed task.

See“System requirements”on page 41.

See“Preparing for client installation”on page 71.

See“Getting up and running on Symantec Endpoint Protection Small Business Edition for the first time”on page 26.

3

To install the management server and the console

1

If you have physical media, insert and display the product disc.

The installation should start automatically. If it does not start, double-click Setup.exe.

If you downloaded the product, unzip the folder and extract the entire product disc image to a physical disc, such as a hard disk. RunSetup.exefrom the physical disc.

2

Click Install. On the sub-menu that is displayed, click Install Symantec

Endpoint Protection Manager.

3

Review the sequence of installation events and click Next.

4

In the License Agreement panel, click I accept the terms in the license

agreement, and then click Next.

5

In the Destination Folder panel, accept the default destination folder or specify another destination folder, and then click Next.

6

Click Install.

The installation process begins with the installation of the Symantec Endpoint Protection Manager and console. This part of the installation completes automatically.

7

In the installation summary panel, click Next.

The Management Server Configuration Wizard starts automatically.

8

You configure the management server according to your requirements and then click Next.

See“Configuring the management server during installation”on page 47.

9

In the Symantec AntiVirus Migration (optional) panel, click No if you do not need to migrate from Symantec AntiVirus or Symantec Client Security.

10

The Client Deployment Wizard starts automatically. You can deploy client software at any time. You can safely cancel client deployment if you do not want to deploy client software at this time.

See“About client deployment methods”on page 75.

See“Deploying clients using a Web link and email”on page 76. Installing Symantec Endpoint Protection Manager