Symantec Endpoint Protection and Symantec Network Access Control Implementation Guide

Symantec Endpoint Protection and Symantec Network Access Control Implementation GuideThe software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version 12.01.00.00

Legal NoticeCopyright 2011 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, Bloodhound, Confidence Online, Digital Immune System, LiveUpdate, Norton, Sygate, and TruScan are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party (Third Party Programs). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com

Technical SupportSymantec Technical Support maintains support centers globally. Technical Supports primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantecs support offerings include the following:

A range of support options that give you the flexibility to select the right amount of service for any size organization Telephone and/or Web-based support that provides rapid response and up-to-the-minute information Upgrade assurance that delivers software upgrades Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis Premium service offerings that include Account Management Services

For information about Symantecs support offerings, you can visit our Web site at the following URL: www.symantec.com/business/support/ All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy.

Contacting Technical SupportCustomers with a current support agreement may access Technical Support information at the following URL: www.symantec.com/business/support/ Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem. When you contact Technical Support, please have the following information available:

Product release level

Hardware information Available memory, disk space, and NIC information Operating system Version and patch level Network topology Router, gateway, and IP address information Problem description:

Error messages and log files Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes

Licensing and registrationIf your Symantec product requires registration or a license key, access our technical support Web page at the following URL: www.symantec.com/business/support/

Customer serviceCustomer service information is available at the following URL: www.symantec.com/business/support/ Customer Service is available to assist with non-technical questions, such as the following types of issues:

Questions regarding product licensing or serialization Product registration updates, such as address or name changes General product information (features, language availability, local dealers) Latest information about product updates and upgrades Information about upgrade assurance and support contracts Information about the Symantec Buying Programs Advice about Symantec's technical support options Nontechnical presales questions Issues that are related to CD-ROMs, DVDs, or manuals

Support agreement resourcesIf you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows:Asia-Pacific and Japan Europe, Middle-East, and Africa North America and Latin America customercare_apac@symantec.com semea@symantec.com supportsolutions@symantec.com

Contents

Technical Support ............................................................................................... 4 Chapter 1 Introducing Symantec Endpoint Protection .................. 37About Symantec Endpoint Protection .............................................. What's new in version 12.1 ............................................................ About the types of threat protection that Symantec Endpoint Protection provides ................................................................ Protecting your network with Symantec Endpoint Protection ............... Getting up and running on Symantec Endpoint Protection for the first time ................................................................... Managing protection on client computers ................................... Maintaining the security of your environment ............................. Troubleshooting Symantec Endpoint Protection .......................... 37 38 45 50 51 57 60 61

Section 1Chapter 2

Installing Symantec Endpoint Protection ................................................................... 63Planning the installation ................................................... 65Planning the installation ............................................................... Components of Symantec Endpoint Protection .................................. Components of Symantec Network Access Control ............................. Network architecture considerations ............................................... Product license requirements ......................................................... System requirements .................................................................... Internationalization requirements ............................................ Supported virtual installations and virtualization products ................. About Symantec Endpoint Protection Manager compatibility with other products ....................................................................... About choosing a database type ...................................................... About SQL Server configuration settings .......................................... About SQL Server database authentication modes .............................. 65 68 70 73 74 76 80 81 82 83 84 88

8

Contents

Chapter 3

Installing Symantec Endpoint Protection Manager ..........................................................................Installing the management server and the console ............................. Configuring the management server during installation ...................... Accepting the self-signed certificate for Symantec Endpoint Protection Manager ............................................................................... Uninstalling Symantec Endpoint Protection Manager ......................... Logging on to the Symantec Endpoint Protection Manager console ................................................................................. Increasing the time period for staying logged on to the console ............ What you can do from the console ...................................................

91 91 93 93 94 95 97 98

Chapter 4

Managing product licenses ............................................. 101Licensing Symantec Endpoint Protection ........................................ About the trialware license ........................................................... Purchasing licenses .................................................................... Where to buy a Symantec product license ....................................... Activating your product license ..................................................... Using the License Activation wizard .............................................. Required licensing contact information .......................................... About upgrading from trialware .................................................... About product upgrades and licenses ............................................. About renewing your Symantec Endpoint Protection license .............. About the Symantec Licensing Portal ............................................. Maintaining your product licenses ................................................. Checking license status ................................................................ Downloading a license file ............................................................ Licensing enforcement rules ......................................................... Backing up your license files ......................................................... Recovering a deleted license ......................................................... Importing a license ..................................................................... About obsolete clients and their impact on licenses .......................... Purging obsolete clients from the database ..................................... About multi-year licenses ............................................................ Licensing an unmanaged client ..................................................... 102 104 104 105 105 106 107 108 108 109 109 110 110 111 111 112 113 113 114 114 115 115

Chapter 5

Preparing for client installation ..................................... 117Preparing for client installation .................................................... About firewalls and communication ports ....................................... Preparing Windows operating systems for remote deployment ........... Managing client installation packages ............................................ 117 119 121 122

Contents

9

Adding client installation package updates ...................................... 123

Chapter 6

Installing the Symantec Endpoint Protection client ............................................................................... 125About client deployment methods ................................................. Deploying clients using a Web link and email ............................ Deploying clients by using Remote Push .................................. Deploying clients by using Save Package ................................... Restarting client computers ......................................................... About managed and unmanaged clients .......................................... Installing an unmanaged client ..................................................... Uninstalling the client ................................................................. About the client installation settings .............................................. Configuring client installation package features ............................... Exporting client installation packages ............................................ About Federal Desktop Core Configuration (FDCC) compliant client packages ............................................................................. 125 126 127 129 131 132 132 133 134 135 136 137

Chapter 7

Upgrading and migrating to Symantec Endpoint Protection ...................................................................... 139About migrating to Symantec Endpoint Protection ........................... Migrating from Symantec Client Security or Symantec AntiVirus ............................................................................ About migrating computer groups ........................................... Migrating group settings and policy settings ............................. Migrating an installation instance that uses multiple embedded databases and management servers ......................................... Upgrading to a new release .......................................................... Turning off replication before migration ........................................ Turning on replication after migration or upgrade ........................... Migrating a management server .................................................... Stopping and starting the management server service ....................... Disabling LiveUpdate in Symantec AntiVirus before migration ........... Disabling scheduled scans in Symantec System Center when you migrate client computers ....................................................... Turning off the roaming service .................................................... Uninstalling and deleting reporting servers .................................... Unlocking server groups in Symantec System Center ........................ About upgrading client software ................................................... Upgrading clients by using AutoUpgrade ........................................ Updating client software with a LiveUpdate Settings policy ............... Migrating Group Update Providers ................................................ 140 141 143 143 144 145 146 147 148 149 150 151 151 152 153 153 154 155 156

10

Contents

Chapter 8

Setting up and managing sites and replication .......... 157Managing sites and replication ..................................................... Determining how many sites you need ........................................... How replication works ................................................................. Adding a replication partner ......................................................... Changing the automatic replication schedule ................................... Replicating data on demand ......................................................... Specifying which data to replicate ................................................. Deleting remote sites .................................................................. 157 159 161 163 164 165 166 166

Chapter 9

Managing Symantec Endpoint Protection in Protection Center ........................................................ 169About Symantec Endpoint Protection and Protection Center .............. About upgrading to Protection Center version 2 ............................... About setting up Symantec Endpoint Protection in Protection Center ................................................................................ About setting up multiple Symantec Endpoint Protection domains in Protection Center .............................................................. Configuring communication between Symantec Endpoint Protection Manager and Protection Center ............................................... 169 170 171 171 172

Section 2Chapter 10

Managing protection on Symantec Endpoint Protection ........................................... 175Managing groups of client computers .......................... 177Managing groups of clients .......................................................... How you can structure groups ...................................................... Importing an existing organizational structure ................................ Adding a group .......................................................................... Assigning clients to groups before you install the client software ............................................................................. Disabling and enabling a group's inheritance ................................... Blocking clients from being added to groups .................................... Viewing assigned computers ........................................................ Moving a client computer to another group ..................................... 177 179 180 182 183 183 184 184 185

Chapter 11

Managing clients

............................................................... 187

Managing client computers .......................................................... 188 About the client protection status icons .......................................... 189

Contents

11

Viewing the protection status of clients and client computers ............. Filtering which clients you can view on the Clients tab ...................... Searching for information about client computers ............................ Viewing a client computer's properties ........................................... About enabling and disabling protection ......................................... About commands you can run on client computers ........................... Running commands on the client computer from the console ............. Switching a client between user mode and computer mode ................. Configuring a client to detect unknown devices ................................ Converting an unmanaged client to a managed client ........................ About access to the client interface ................................................ About mixed control ................................................................... Changing the user control level ..................................................... Configuring user interface settings ................................................ Collecting user information .......................................................... Password-protecting the client .....................................................

191 192 193 194 195 197 199 200 201 202 204 205 205 208 211 212

Chapter 12

Managing remote clients ................................................. 213Managing remote clients ............................................................. Managing locations for remote clients ............................................ Enabling location awareness for a client ......................................... Adding a location to a group ......................................................... Changing a default location .......................................................... Deleting a group's location ........................................................... Setting up Scenario One location awareness conditions ..................... Setting up Scenario Two location awareness conditions ..................... Configuring communication settings for a location ........................... About strengthening your security policies for remote clients ............ Best practices for Firewall policy settings ................................. About best practices for LiveUpdate policy settings .................... About turning on notifications for remote clients ............................. Customizing log management settings for remote clients .................. Managing load balancing and roaming for remote clients .................. About monitoring remote clients ................................................... 213 215 217 218 219 220 221 223 225 226 227 228 228 229 229 230

Chapter 13

Using policies to manage security ................................. 231The types of security policies ........................................................ Performing tasks that are common to all security policies .................. About shared and non-shared policies ............................................ Adding a policy .......................................................................... Copying and pasting a policy on the Policies page ............................. Copying and pasting a policy on the Clients page .............................. 232 234 236 237 238 239

12

Contents

Editing a policy .......................................................................... Locking and unlocking policy settings ............................................ Assigning a policy to a group ........................................................ Testing a security policy .............................................................. Replacing a policy ....................................................................... Exporting and importing policies .................................................. Converting a shared policy to a non-shared policy ........................... Withdrawing a policy .................................................................. Deleting a policy permanently ...................................................... How the client computers get policy updates ................................... Configuring push mode or pull mode to update client policies and content ............................................................................... Using the policy serial number to check client-server communication .................................................................... Monitoring the applications and services that run on client computers ........................................................................... Configuring the management server to collect information about the applications that the client computers run ................................ Searching for information about the applications that the computers run .................................................................................... Saving the results of an application search ......................................

240 241 241 243 243 244 246 246 248 249 250 251 252 254 255 257

Chapter 14

Managing Virus and Spyware Protection ..................... 259Preventing and handling virus and spyware attacks on client computers ........................................................................... Remediating risks on the computers in your network ........................ Identifying the infected and at-risk computers ........................... Checking the scan action and rescanning the identified computers ..................................................................... Managing scans on client computers .............................................. About the types of scans and real-time protection ...................... About the types of Auto-Protect .............................................. About virus and security risks ................................................. About the files and folders that Symantec Endpoint Protection excludes from virus and spyware scans .............................. About submitting information about detections to Symantec Security Response .......................................................... About submissions throttling ................................................. About the default Virus and Spyware Protection policy scan settings ........................................................................ How Symantec Endpoint Protection handles detections of viruses and security risks ........................................................... 260 263 265 266 267 270 273 275 277 282 283 284 287

Contents

13

Setting up scheduled scans that run on Windows computers .............. Setting up scheduled scans that run on Mac computers ..................... Running on-demand scans on client computers ............................... Adjusting scans to improve computer performance .......................... Adjusting scans to increase protection on your client computers ......... Managing Download Insight detections .......................................... How Symantec Endpoint Protection uses reputation data to make decisions about files .............................................................. How Symantec Endpoint Protection protection features work together .............................................................................. Enabling or disabling client submissions to Symantec Security Response ............................................................................ Specifying a proxy server for client submissions and other external communications ................................................................... Managing the Quarantine ............................................................ Specifying a local Quarantine folder ........................................ Specify when quarantined files are automatically deleted ............ Configuring clients to submit quarantined items to a Central Quarantine Server or Symantec Security Response ............... Configuring how the Quarantine handles the rescanning of files after new definitions arrive .............................................. Using the Risk log to delete quarantined files on your client computers ..................................................................... Managing the virus and spyware notifications that appear on client computers ...........................................................................

288 290 291 292 295 298 302 303 305 307 308 310 311 311 312 313 313

Chapter 15

Customizing scans

............................................................ 317 318 319 320 322 323 324 325 326 327

Customizing the virus and spyware scans that run on Windows computers ........................................................................... Customizing the virus and spyware scans that run on Mac computers ........................................................................... Customizing Auto-Protect for Windows clients ................................ Customizing Auto-Protect for Mac clients ....................................... Customizing Auto-Protect for email scans on Windows computers ........................................................................... Customizing administrator-defined scans for clients that run on Windows computers ............................................................. Customizing administrator-defined scans for clients that run on Mac computers ........................................................................... Randomizing scans to improve computer performance in virtualized environments ...................................................................... Modifying global scan settings for Windows clients ..........................

14

Contents

Modifying miscellaneous settings for Virus and Spyware Protection on Windows computers ......................................................... Customizing Download Insight settings .......................................... Changing the action that Symantec Endpoint Protection takes when it makes a detection .............................................................. Allowing users to view scan progress and interact with scans ............. How Symantec Endpoint Protection interacts with Windows Security Center ................................................................................ Managing Symantec Endpoint Protection in virtual environments ...................................................................... Configuring your clients to communicate with Shared Insight Cache ........................................................................... Using the Virtual Image Exception tool on a base image .............. Bypassing the scanning of base image files ................................

328 330 331 333 335 337 338 340 341

Chapter 16

Managing SONAR

.............................................................. 343 343 344 345 348 350 351 353 354 356

About SONAR ............................................................................ About the files and applications that SONAR detects ......................... Managing SONAR ....................................................................... Handling and preventing SONAR false positive detections ................. Adjusting SONAR settings on your client computers ......................... Monitoring SONAR detection results to check for false positives ......... Managing TruScan proactive threat scans for legacy clients ............... About adjusting TruScan settings for legacy clients .................... Configuring TruScan proactive threat scan settings for legacy clients ..........................................................................

Chapter 17

Managing Tamper Protection ......................................... 359About Tamper Protection ............................................................. 359 Changing Tamper Protection settings ............................................ 360

Chapter 18

Managing firewall protection .......................................... 363Managing firewall protection ........................................................ How a firewall works ............................................................. About the Symantec Endpoint Protection firewall ...................... Creating a firewall policy ............................................................. Enabling and disabling a firewall policy .................................... Automatically allowing communications for essential network services ........................................................................ Configuring firewall settings for mixed control .......................... 363 365 365 366 370 370 371

Contents

15

Automatically blocking connections to an attacking computer ...................................................................... Detecting potential attacks and spoofing attempts ..................... Preventing stealth detection ................................................... Disabling the Windows firewall ............................................... Configuring peer-to-peer authentication ................................... About firewall rules .................................................................... About firewall server rules and client rules ............................... About the firewall rule, firewall setting, and intrusion prevention processing order ............................................................ About inherited firewall rules ................................................. Changing the order of firewall rules ......................................... How the firewall uses stateful inspection .................................. About firewall rule application triggers .................................... About firewall rule host triggers .............................................. About firewall rule network services triggers ............................. About firewall rule network adapter triggers ............................. Setting up firewall rules .............................................................. Adding a new firewall rule ...................................................... Importing and exporting firewall rules ..................................... Copying and pasting firewall rules ........................................... Customizing firewall rules .....................................................

372 373 374 375 376 378 379 380 381 383 384 384 389 392 394 396 396 398 399 399

Chapter 19

Managing intrusion prevention ...................................... 409Managing intrusion prevention on your client computers .................. How intrusion prevention works ................................................... About Symantec IPS signatures ..................................................... About custom IPS signatures ........................................................ Enabling or disabling network intrusion prevention or browser intrusion prevention ............................................................. Creating exceptions for IPS signatures ........................................... Setting up a list of excluded computers ........................................... Configuring client intrusion prevention notifications ........................ Managing custom intrusion prevention signatures ........................... Creating a custom IPS library ................................................. Adding signatures to a custom IPS library ................................. Assigning multiple custom IPS libraries to a group ..................... Changing the order of custom IPS signatures ............................. Copying and pasting custom IPS signatures ............................... Defining variables for custom IPS signatures ............................. Testing custom IPS signatures ................................................ 409 413 413 414 415 415 417 418 419 421 421 423 423 424 424 425

16

Contents

Chapter 20

Managing application and device control .................... 427About application and device control ............................................. About Application and Device Control policies ................................. About the structure of an Application and Device Control policy ......... Setting up application and device control ........................................ Enabling a default application control rule set ................................. Creating custom application control rules ....................................... About best practices for creating application control rules ........... Typical application control rules ............................................. Creating a custom rule set and adding rules ............................... Copying application rule sets or rules between Application and Device Control policies .................................................... Applying a rule to specific applications and excluding applications from a rule ................................................... Adding conditions and actions to a custom application control rule .............................................................................. Testing application control rule sets ........................................ Configuring system lockdown ....................................................... Managing file fingerprint lists ................................................ Running system lockdown in test mode .................................... Enabling system lockdown to block unapproved applications .................................................................. Testing and removing items from system lockdown .................... Managing device control .............................................................. About the hardware devices list .............................................. Obtaining a class ID or device ID ............................................. Adding a hardware device to the Hardware Devices list ............... Configuring device control ..................................................... 427 429 429 430 432 433 435 437 440 441 442 444 445 446 448 453 455 456 456 457 458 459 460

Chapter 21

Managing exceptions ........................................................ 461About exceptions to Symantec Endpoint Protection .......................... Managing exceptions for Symantec Endpoint Protection ................... Creating exceptions for Symantec Endpoint Protection ..................... Excluding a file or a folder from scans ...................................... Excluding known risks from virus and spyware scans .................. Excluding file extensions from virus and spyware scans .............. Forcing scans to detect an application ...................................... Specifying how Symantec Endpoint Protection handles an application that scans detect or that users download ............. Excluding a trusted Web domain from scans .............................. Excluding applications from application control ........................ Creating a Tamper Protection exception ................................... 461 462 464 468 469 470 470 471 472 472 473

Contents

17

Restricting the types of exceptions that users can configure on client computers ........................................................................... 473 Creating exceptions from log events in Symantec Endpoint Protection Manager ............................................................................. 474

Chapter 22

Configuring updates and updating client computer protection ...................................................................... 477Managing content updates ........................................................... About the types of content that LiveUpdate can provide .............. How client computers receive content updates ........................... Configuring a site to download content updates ............................... Configuring the LiveUpdate download schedule for Symantec Endpoint Protection Manager ................................................. Downloading LiveUpdate content manually to Symantec Endpoint Protection Manager .............................................................. Checking LiveUpdate server activity .............................................. Configuring Symantec Endpoint Protection Manager to connect to a proxy server to access the Internet .......................................... Specifying a proxy server that clients use to communicate to Symantec LiveUpdate or an internal LiveUpdate server ............... Enabling and disabling LiveUpdate scheduling for client computers ........................................................................... Configuring the types of content used to update client computers ........................................................................... Configuring the LiveUpdate download schedule for client computers ........................................................................... Configuring the amount of control that users have over LiveUpdate .......................................................................... Controlling the content revisions that clients use ............................. Configuring the disk space that is used for LiveUpdate downloads ........................................................................... About randomization of simultaneous content downloads ................. Randomizing content downloads from the default management server or a Group Update Provider .................................................... Randomizing content downloads from a LiveUpdate server ................ Configuring client updates to run when client computers are idle .................................................................................... Configuring client updates to run when definitions are old or the computer has been disconnected ............................................. Configuring Group Update Providers to distribute content ................ About the types of Group Update Providers ............................... 478 481 485 491 495 495 496 496 497 498 499 500 501 502 502 504 505 505 506 507 508 510

18

Contents

About Group Update Providers and legacy software releases ........................................................................ About configuring rules for multiple Group Update Providers ...................................................................... Configuring a Group Update Provider ...................................... Searching for the clients that act as Group Update Providers ...................................................................... Setting up an external LiveUpdate server ........................................ Setting up an internal LiveUpdate server ........................................ Using Intelligent Updater files to update client virus and security risk definitions .................................................................... Using third-party distribution tools to update client computers .......... Configuring a LiveUpdate Settings policy to allow third-party content distribution to managed clients .............................. Preparing unmanaged clients to receive updates from third-party distribution tools ............................................................ Distributing the content using third-party distribution tools ............................................................................

512 513 514 516 517 518 521 522 523 524 526

Chapter 23

Monitoring protection with reports and logs ............... 531Monitoring endpoint protection .................................................... Viewing a daily or weekly status report .................................... Viewing system protection ..................................................... Finding offline computers ...................................................... Finding unscanned computers ................................................ Viewing risks ....................................................................... Viewing client inventory ........................................................ Viewing attack targets and sources .......................................... Configuring reporting preferences ................................................. Logging on to reporting from a stand-alone Web browser .................. About the types of reports ............................................................ Running and customizing quick reports ......................................... Saving and deleting custom reports ............................................... Creating scheduled reports ........................................................... Editing the filter used for a scheduled report ................................... Printing and saving a copy of a report ............................................ Viewing logs .............................................................................. About logs ........................................................................... Saving and deleting custom logs by using filters ......................... Viewing logs from other sites ................................................. Running commands on the client computer from the logs .................. 531 535 535 536 536 537 538 538 539 540 541 544 545 547 548 549 550 551 554 555 556

Contents

19

Chapter 24

Managing notifications

.................................................... 559 559 560 561 565 565 566 567 568 569

Managing notifications ................................................................ How notifications work ......................................................... About the preconfigured notifications ...................................... About partner notifications .................................................... Establishing communication between the management server and email servers ....................................................................... Viewing and acknowledging notifications ....................................... Saving and deleting administrative notification filters ...................... Setting up administrator notifications ............................................ How upgrades from another version affect notification conditions ...........................................................................

Chapter 25

Managing domains ............................................................ 573About domains ........................................................................... Adding a domain ........................................................................ Adding a domain logon banner ................................................ Setting the current domain .......................................................... 573 575 575 576

Chapter 26

Managing administrator accounts ................................. 579Managing domains and administrator accounts ............................... About administrators .................................................................. Adding an administrator account .................................................. About access rights ..................................................................... Configuring the access rights for a domain administrator .................. Configuring the access rights for a limited administrator ................... Changing an administrator's type .................................................. Setting up authentication for administrator accounts ....................... Configuring the management server to authenticate administrators who use RSA SecurID to log on ................................................ Authenticating administrators who use RSA SecurID to log on to the management server .............................................................. Specifying SecurID Authentication for a Symantec Endpoint Protection Manager administrator ........................................... Changing an administrator password ............................................. Allowing administrators to save logon credentials ............................ Allowing administrators to reset forgotten passwords ....................... Resetting a forgotten password ..................................................... Resetting the administrator user name and password to admin ........... Locking an administrator's account after too many logon attempts ............................................................................. 580 581 584 585 586 587 588 588 589 590 591 591 592 593 594 595 595

20

Contents

Section 3Chapter 27

Maintaining your security environment ............................................................ 597Managing servers .............................................................. 599Managing servers ....................................................................... About the types of Symantec Endpoint Protection servers .................. Managing the connection between the management server and the client computers .................................................................. Improving client and server performance ....................................... Exporting and importing server settings ......................................... About server certificate types ....................................................... Updating a server certificate ........................................................ Upgrading server security certificates without orphaning clients ................................................................................ Configuring secure communications to prevent clients from being orphaned .............................................................. Backing up a server certificate ...................................................... Configuring SSL between Symantec Endpoint Protection Manager and the clients ..................................................................... Verifying port availability ...................................................... Changing the SSL port assignment .......................................... Enabling SSL communication between the management server and the client ................................................................. Granting or denying access to remote Symantec Endpoint Protection Manager consoles ................................................................. 599 602 602 604 606 607 608 609 610 611 611 612 612 613 614

Chapter 28

Managing directory servers ............................................. 617About organizational units and the LDAP server .............................. About synchronizing organizational units ...................................... About importing user and computer account information from an LDAP directory server ........................................................... Synchronizing user accounts between directory servers and Symantec Endpoint Protection Manager ................................................. Searching for users on an LDAP directory server .............................. Importing users from an LDAP directory server search results list ..................................................................................... Importing organizational units from an Active Directory or LDAP server ................................................................................. Adding directory servers .............................................................. 617 618 618 619 620 622 623 623

Contents

21

Chapter 29

Managing databases ......................................................... 625Maintaining the database ............................................................. Scheduling automatic database backups ......................................... Scheduling automatic database maintenance tasks ........................... Increasing the Microsoft SQL Server database file size ................ Exporting data to a Syslog server .................................................. Exporting log data to a text file ..................................................... Exporting log data to a comma-delimited text file ............................. Specifying client log size and which logs to upload to the management server ................................................................................. Specifying how long to keep log entries in the database ..................... About increasing the space by adjusting the amount of client log data ................................................................................... Clearing log data from the database manually .................................. 625 629 630 631 632 633 635 635 636 637 638

Chapter 30

Managing failover and load balancing .......................... 641Setting up failover and load balancing ............................................ About failover and load balancing .................................................. Configuring a management server list ............................................ Assigning a management server list to a group and location ............... 641 642 644 645

Chapter 31

Preparing for disaster recovery ...................................... 647Preparing for disaster recovery ..................................................... 647 Backing up the database and logs .................................................. 648

Section 4Chapter 32

Managing network compliance with Symantec Network Access Control ........... 651Introducing Symantec Network Access Control .......... 653About Symantec Network Access Control ........................................ About the types of enforcement in Symantec Network Access Control ............................................................................... How Symantec Network Access Control works ................................. How self enforcement works ......................................................... How the Symantec Network Access Control Enforcer appliances work with Host Integrity policies .................................................... Communication between an Enforcer appliance and a Symantec Endpoint Protection Manager ........................................... Communication between the Enforcer appliance and clients .......................................................................... 653 654 655 657 659 659 660

22

Contents

How the Gateway Enforcer appliance works .................................... How the LAN Enforcer appliance works .......................................... How an Integrated Enforcer for Microsoft DHCP Servers works .......... How an Integrated Enforcer for Microsoft Network Access Protection works with a Microsoft Network Policy Server (NPS) ................... How the On-Demand Client works .................................................

661 662 664 665 666

Chapter 33

Working with Symantec Network Access Control ........................................................................... 667What you can do with Symantec Enforcer appliances ........................ What you can do with Symantec Integrated Enforcers ....................... What you can do with On-Demand Clients ....................................... Deploying Symantec Network Access Control .................................. 667 668 669 670

Chapter 34

Configuring Host Integrity ............................................... 673What you can do with Host Integrity policies ................................... About working with Host Integrity policies ..................................... About the Quarantine policy ................................................... Creating and testing a Host Integrity policy ..................................... About Host Integrity requirements ................................................ Adding Host Integrity requirements .............................................. Configuring Host Integrity for the Mac ........................................... Enabling, disabling, and deleting Host Integrity requirements ............ Changing the sequence of Host Integrity requirements ..................... Adding a Host Integrity requirement from a template ....................... About settings for Host Integrity checks ......................................... Allowing the Host Integrity check to pass if a requirement fails .......... Configuring notifications for Host Integrity checks .......................... About Host Integrity remediation .................................................. About remediating applications and files for Host Integrity .......... Host Integrity remediation and Enforcer settings ....................... Specifying the amount of time the client waits to remediate ............... Allowing users to postpone or cancel Host Integrity remediation ........ 674 674 674 675 678 680 681 682 682 683 684 685 686 687 687 688 688 689

Chapter 35

Adding custom requirements ......................................... 691About custom requirements ......................................................... About conditions ........................................................................ About antivirus conditions ..................................................... About antispyware conditions ................................................. About firewall conditions ....................................................... About file conditions ............................................................. 692 692 693 693 694 694

Contents

23

About operating system conditions .......................................... About registry conditions ...................................................... About functions ......................................................................... About custom requirement logic ................................................... About the RETURN statement ................................................ About the IF, THEN, and ENDIF statement ................................ About the ELSE statement ...................................................... About the NOT keyword ........................................................ About AND, OR keywords ...................................................... Writing a custom requirement script ............................................. Adding an IF THEN statement ................................................ Switching between the IF statement and the IF NOT statement ..................................................................... Adding an ELSE statement ..................................................... Adding a comment ................................................................ Copying and pasting IF statements, conditions, functions, and comments ..................................................................... Deleting a statement, condition, or function .............................. Displaying a message dialog box .................................................... Downloading a file ...................................................................... Setting a registry value ................................................................ Incrementing a registry DWORD value ........................................... Running a program ..................................................................... Running a script ......................................................................... Setting the timestamp of a file ...................................................... Specifying a wait time for the custom requirement script ..................

696 697 698 699 700 700 700 700 701 701 703 703 703 704 704 704 705 706 706 707 708 709 710 711

Chapter 36

Introducing the Symantec Network Access Control Enforcer appliances .................................................... 713About the Symantec Network Access Control Enforcer appliances ........................................................................... 713 Support for third-party enforcement solutions ................................ 714

Chapter 37

Installing all types of Enforcer appliances ................... 715About installing an Enforcer appliance ........................................... Installing an Enforcer appliance .................................................... About the Enforcer appliance indicators and controls ....................... Setting up an Enforcer appliance ................................................... Logging on to an Enforcer appliance .............................................. Configuring an Enforcer appliance ................................................ 715 716 716 718 719 720

24

Contents

Chapter 38

Upgrading and reimaging all types of Enforcer appliance images ......................................................... 723About upgrading and reimaging Enforcer appliance images ............... Enforcer hardware compatibility matrix ......................................... Determining the current version of an Enforcer appliance image ................................................................................. Upgrading the Enforcer appliance image ........................................ Reimaging an Enforcer appliance image ......................................... 723 724 725 725 726

Chapter 39

Performing basic tasks on the console of all types of Enforcer appliances ................................................ 727About performing basic tasks on the console of an Enforcer appliance ............................................................................ Configuring a connection between an Enforcer appliance and a Symantec Endpoint Protection Manager ................................... Configuring SPM .................................................................. Checking the communication status of an Enforcer appliance on the Enforcer console .................................................................. Remote access to an Enforcer appliance .......................................... 727 728 729 731 731

Chapter 40

Planning for the installation of the Gateway Enforcer appliance ...................................................... 733Installation planning for a Gateway Enforcer appliance ..................... Where to place a Gateway Enforcer appliance ............................ Guidelines for IP addresses on a Gateway Enforcer appliance ...................................................................... About two Gateway Enforcer appliances in a series ..................... Protection of VPN access through a Gateway Enforcer appliance ...................................................................... Protection of wireless access points through a Gateway Enforcer appliance ...................................................................... Protection of servers through a Gateway Enforcer appliance ...................................................................... Protection of non-Windows servers and clients through a Gateway Enforcer appliance ............................................. Requirements for allowing non-Windows clients without authentication ............................................................... Gateway Enforcer appliance NIC settings ........................................ Failover planning for Gateway Enforcer appliances .......................... How failover works with Gateway Enforcer appliances in the network ........................................................................ 733 735 737 737 738 738 738 739 740 741 742 742

Contents

25

Where to place Gateway Enforcer appliances for failover in a network with one or more VLANs ...................................... 743 Setting up Gateway Enforcer appliances for failover ................... 745 Fail-open and fail-closed planning for a Gateway Enforcer appliance ............................................................................ 745

Chapter 41

Configuring the Symantec Gateway Enforcer appliance from the Symantec Endpoint Protection Manager .................................................... 747About configuring the Symantec Gateway Enforcer appliance on the Symantec Endpoint Protection Manager Console ........................ Changing Gateway Enforcer appliance configuration settings in Symantec Endpoint Protection Manager ................................... About general settings on a Gateway appliance ................................ Adding or editing the description of a Gateway Enforcer appliance group ........................................................................... Adding or editing the description of a Gateway Enforcer appliance ...................................................................... Adding or editing the IP address or host name of a Gateway Enforcer appliance ......................................................... Establishing communication between a Gateway Enforcer appliance and a Symantec Endpoint Protection Manager through a management server list and the conf.properties file ............................................................................... About authentication settings on a Gateway appliance ...................... Authentication settings on a Gateway appliance ........................ About authentication sessions on a Gateway Enforcer appliance ...................................................................... About client authentication on a Gateway Enforcer appliance ...................................................................... Specifying the maximum number of challenge packets during an authentication session ................................................ Specifying the frequency of challenge packets to be sent to clients .......................................................................... Specifying the time period for which a client is blocked after it fails authentication ......................................................... Specifying the time period for which a client is allowed to retain its network connection without reauthentication ................. Allowing all clients with continued logging of non-authenticated clients .......................................................................... Allowing non-Windows clients to connect to a network without authentication ............................................................... 748 748 751 751 752 752

753 754 754 758 758 759 760 761 762 762 763

26

Contents

Checking the policy serial number on a client ............................ Sending a message from a Gateway Enforcer appliance to a client about non-compliance ..................................................... Redirecting HTTP requests to a Web page ................................. Authentication range settings ....................................................... Client IP address ranges compared to trusted external IP addresses ...................................................................... When to use client IP address ranges ....................................... About trusted IP addresses ..................................................... Adding client IP address ranges to the list of addresses that require authentication .................................................... Editing client IP address ranges on the list of addresses that require authentication .................................................... Removing client IP address ranges from the list of addresses that require authentication .................................................... Adding a trusted internal IP address for clients on a management server ........................................................................... Specifying trusted external IP addresses ................................... Editing trusted internal or external IP address ........................... Removing a trusted internal or trusted external IP address .......... IP address range checking order .............................................. About advanced Gateway Enforcer appliance settings ....................... Specifying packet types and protocols ...................................... Allowing a legacy client to connect to the network with a Gateway Enforcer appliance ......................................................... Enabling local authentication on a Gateway Enforcer appliance ...................................................................... Enabling system time updates for the Gateway Enforcer appliance using the Network Time Protocol ...................................... Using the Gateway Enforcer appliance as a Web server ............... Using the Gateway Enforcer as a DNS spoofing server ................

764 765 767 768 768 769 770 772 773 773 774 775 776 776 777 778 778 780 780 781 781 782

Chapter 42

Installation planning for the LAN Enforcer appliance ....................................................................... 785Planning for the installation of a LAN Enforcer appliance .................. Where to place LAN Enforcer appliances .................................. Failover planning for LAN Enforcer appliances ................................ Where to place LAN Enforcer appliances for failover in a network ........................................................................ 785 786 789 789

Contents

27

Chapter 43

Configuring the LAN Enforcer appliance on the Symantec Endpoint Protection Manager ................ 791About configuring the Symantec LAN Enforcer on the Symantec Endpoint Protection Manager Console ...................................... About configuring RADIUS servers on a LAN Enforcer appliance ............................................................................ About configuring 802.1x wireless access points on a LAN Enforcer appliance ............................................................................ Changing LAN Enforcer configuration settings in Symantec Endpoint Protection Manager .............................................................. Using general settings ................................................................. Adding or editing the name of a LAN Enforcer appliance group with a LAN Enforcer ........................................................ Specifying a listening port for communication between a VLAN switch and a LAN Enforcer ............................................... Adding or editing the description of an Enforcer group with a LAN Enforcer ................................................................. Adding or editing the IP address or host name of a LAN Enforcer ....................................................................... Adding or editing the description of a LAN Enforcer ................... Connecting the LAN Enforcer to a Symantec Endpoint Protection Manager ....................................................................... Using RADIUS server group settings .............................................. Adding a RADIUS server group name and RADIUS server ............ Editing the name of a RADIUS server group .............................. Editing the friendly name of a RADIUS server ........................... Editing the host name or IP address of a RADIUS server .............. Editing the authentication port number of a RADIUS server ......... Editing the shared secret of a RADIUS server ............................ Enabling support for Windows Network Policy Server (NPS) on the LAN Enforcer ........................................................... Deleting the name of a RADIUS server group ............................. Deleting a RADIUS server ...................................................... Using switch settings .................................................................. Switch settings .................................................................... About the support for attributes of switch models ...................... Adding an 802.1x switch policy for a LAN Enforcer appliance with a wizard ................................................................. Editing basic information about the switch policy and 802.1x-aware switch ....................................................... Editing information about the 802.1x-aware switch .................... Editing VLAN information for the switch policy ......................... 792 792 793 794 796 797 797 798 798 798 799 800 800 802 803 804 804 805 806 806 807 807 808 809 811 819 824 825

28

Contents

Editing action information for the switch policy ......................... Using advanced LAN Enforcer appliance settings ............................. Allowing a legacy client to connect to the network with a LAN Enforcer appliance ......................................................... Enabling local authentication on the LAN Enforcer appliance ...................................................................... Enabling system time updates for the Enforcer appliance using the Network Time Protocol ............................................... Configuring MAC addresses and MAC authentication bypass (MAB) on the LAN Enforcer ............................................................. Using 802.1x authentication ......................................................... About reauthentication on the client computer ..........................

828 832 833 833 834 834 835 838

Chapter 44

Managing Enforcers on the Symantec Endpoint Protection Manager .................................................... 841About managing Enforcers on the management server console ........... About managing Enforcers from the Servers page ............................ About Enforcer groups ................................................................ How the console determines the Enforcer group name ................ About failover Enforcer groups ............................................... About changing a group name ................................................ About creating a new Enforcer group ....................................... About the Enforcer information that appears on the Enforcer console ............................................................................... Displaying information about the Enforcer on the management console ............................................................................... Changing an Enforcers name and description ................................. Deleting an Enforcer or an Enforcer group ...................................... Exporting and importing Enforcer group settings ............................. Pop-up messages for blocked clients .............................................. Messages for the computers that are running the client ............... Messages for Windows computers that are not running the client (Gateway Enforcer only) .................................................. Setting up the Enforcer messages ............................................ About client settings and the Enforcer ............................................ Configuring clients to use a password to stop the client service ........... About Enforcer reports and logs .................................................... Configuring Enforcer log settings .................................................. Disabling Enforcer logging on the Symantec Endpoint Protection Manager Console ............................................................ Enabling the sending of Enforcer logs from an Enforcer to the Symantec Endpoint Protection Manager ............................. 842 842 843 843 843 844 844 844 845 846 846 847 848 848 848 849 850 850 850 851 853 853

Contents

29

Setting up the size and age of Enforcer logs ............................... 854 Filtering the Traffic logs for an Enforcer ................................... 854

Chapter 45

Introducing the Symantec Integrated Enforcers ........ 857About the Symantec Network Access Control Integrated Enforcer for Microsoft DHCP Servers ........................................................ 857 About the Symantec Network Access Control Integrated Enforcer for Microsoft Network Access Protection ....................................... 858

Chapter 46

Installing the Symantec Network Access Control Integrated Enforcer for Microsoft DHCP Servers ........................................................................... 859Process for installing the Symantec Network Access Control Integrated Enforcer for Microsoft DHCP Servers ........................ System requirements for an Integrated Enforcer for Microsoft DHCP Servers ............................................................................... Components for an Integrated Enforcer for Microsoft DHCP servers ............................................................................... Placement requirements for an Integrated Enforcer for Microsoft DHCP Servers ...................................................................... How to get started with the installation of an Integrated Enforcer for Microsoft DHCP servers ........................................................ Installing an Integrated Enforcer for Microsoft DHCP Servers ............ Uninstalling the Symantec Network Access Control Integrated Enforcer for Microsoft DHCP servers ................................. Upgrading the Integrated Enforcer for Microsoft DHCP Servers ......................................................................... 859 860 861 862 864 865 867 868

Chapter 47

Configuring the Symantec Integrated Enforcers on the Enforcer console ................................................... 869About configuring Integrated Enforcers on an Enforcer console .......... Establishing or changing communication between an Integrated Enforcer for Microsoft DHCP servers and a Symantec Endpoint Protection Manager .............................................................. Configuring automatic quarantine ................................................. Editing a Symantec Endpoint Protection Manager connection ............ Configuring Integrated Enforcer communication settings in Symantec Endpoint Protection Manager ................................................. Configuring a trusted vendor list ................................................... Viewing Enforcer logs on an Enforcer console .................................. 870

872 874 876 877 878 879

30

Contents

Stopping and starting communication services between an Integrated Enforcer and a management server .......................................... 880 Configuring a secure subnet mask ................................................. 881 Creating DHCP scope exceptions ................................................... 882

Chapter 48

Configuring the Symantec Network Access Control Integrated Enforcer for Microsoft DHCP Server on the Symantec Endpoint Protection Manager ......................................................................... 883About configuring the Symantec Network Access Control Integrated Enforcer for Microsoft DHCP Server on the Symantec Endpoint Protection Manager .............................................................. Configuring Symantec Network Access Control Integrated Enforcer basic settings ....................................................................... Adding or editing the name of an Enforcer group for Symantec Network Access Control Integrated Enforcer ....................... Adding or editing the description of an Enforcer group with a Symantec Network Access Control Integrated Enforcer ......... Adding or editing the description of a Symantec Network Access Control Integrated Enforcer ............................................. Connecting the Symantec Network Access Control Integrated Enforcer to a Symantec Endpoint Protection Manager ........... Configuring Symantec Network Access Control Integrated Enforcer advanced settings ................................................................. Enabling servers, clients, and devices to connect to the network as trusted hosts without authentication .............................. Enabling local authentication on the Integrated Enforcer ............ Configuring Symantec Network Access Control Integrated Enforcer authentication settings .......................................................... About using authentication settings ......................................... About authentication sessions ................................................ Specifying the maximum number of challenge packets during an authentication session ................................................ Specifying the frequency of challenge packets to be sent to clients .......................................................................... Allowing all clients with continued logging of non-authenticated clients .......................................................................... Allowing non-Windows clients to connect to a network without authentication ............................................................... Having the Symantec Network Access Control Integrated Enforcer check the Policy Serial Number on a client ..............

884 884 885 885 886 886 887 888 889 890 890 891 893 893 894 895 895

Contents

31

Configuring logs for the Symantec Network Access Control Integrated Enforcer ............................................................................. 897

Chapter 49

Installing the Symantec Integrated Enforcer for Microsoft Network Access Protection ..................... 899Before you install the Symantec Integrated Enforcer for Microsoft Network Access Protection ..................................................... Process for installing the Symantec Network Access Control Integrated Enforcer for Microsoft Network Access Protection ........................................................................... System requirements for an Integrated Enforcer for Microsoft Network Access Protection ..................................................... Components of a Symantec Integrated Enforcer for Microsoft Network Access Protection ................................................................. Installing the Integrated Enforcer for Microsoft Network Access Protection ........................................................................... Uninstalling the Integrated Enforcer for Microsoft Network Access Protection ........................................................... Stopping and starting the Network Access Protection server manually ...................................................................... 899

900 901 903 904 905 906

Chapter 50

Configuring the Symantec Network Access Control Integrated Enforcer for Microsoft Network Access Protection on an Enforcer console ............. 907About configuring a Symantec Integrated Enforcer for Microsoft Network Access Protection on an Enforcer console ..................... Connecting a Symantec Integrated Enforcer for Microsoft Network Access Protection to a management server on an Enforcer console ............................................................................... Encrypting communication between a Symantec Integrated Enforcer for Microsoft Network Access Protection and a management server ................................................................................. Setting up an Enforcer group name on the Symantec Integrated Enforcer for Microsoft Network Access Protection console ........... Setting up an HTTP communication protocol on the Symantec Integrated Enforcer for Microsoft Network Access Protection console ............................................................................... 908

909

911 912

913

Chapter 51

Configuring the Symantec Network Access Control Integrated Enforcer for Microsoft Network

32

Contents

Access Protection on the Symantec Endpoint Protection Manager .................................................... 915About configuring the Symantec Integrated Enforcer for Microsoft Network Access Protection on the Symantec Endpoint Protection Manager ............................................................................. Enabling NAP enforcement for clients ............................................ Verifying that the management server manages the client ................. Verifying Security Health Validator policies .................................... Verifying that clients pass the Host Integrity check .......................... Configuring logs for the Symantec Integrated Enforcer for Network Access Protection .................................................................

916 917 918 918 919 919

Chapter 52

Setting up temporary connections for Symantec Network Access Control On-Demand clients ......... 921About the Symantec Network Access Control On-Demand Clients ................................................................................ Before you configure Symantec Network Access Control On-Demand clients on the console of a Gateway Enforcer ............................. Setting up guest access challenge using the Symantec Network Access Control DHCP Integrated Enforcer ........................................... Enabling Symantec Network Access Control On-Demand clients to temporarily connect to a network ............................................ Disabling Symantec Network Access Control On-Demand clients ................................................................................ Setting up authentication on the Gateway Enforcer console for Symantec Network Access Control On-Demand clients ................ Setting up user authentication with a local database ................... Setting up user authentication with a Microsoft Windows 2003 Server Active Directory ................................................... Setting up user authentication with a RADIUS server .................. Setting up the On-Demand client on Windows for authentication with the dot1x-tls protocol ............................................... Setting up the On-Demand client on Windows for authentication with the dot1x-peap protocol ............................................ On-Demand authentication commands ..................................... Editing the banner on the Welcome page ........................................ 922 922 924 928 930 930 931 931 932 933 934 935 942

Contents

33

Section 5

Troubleshooting Symantec Endpoint Protection and Symantec Network Access Control ....................................................... 945Performing disaster recovery .......................................... 947Performing disaster recovery ........................................................ 947 Restoring the database ................................................................ 948 Reinstalling or reconfiguring Symantec Endpoint Protection Manager ............................................................................. 949

Chapter 53

Chapter 54

Troubleshooting installation and communication problems ........................................................................ 951Downloading the Symantec Endpoint Protection Support Tool to troubleshoot computer issues ................................................. Identifying the point of failure of an installation .............................. Troubleshooting communication problems between the management server and the client ............................................................. Viewing the client connection status on the client ...................... How to determine whether the client is connected and protected ...................................................................... Investigating protection problems using the troubleshooting file on the client .................................................................. Enabling and viewing the Access log to check whether the client connects to the management server ................................... Stopping and starting the Apache Web server ............................ Using the ping command to test the connectivity to the management server ........................................................ Using a browser to test the connectivity to the management server on the client computer ........................................... Checking the debug log on the client computer .......................... Checking the inbox logs on the management server .................... Recovering client communication settings by using the SylinkDrop tool .............................................................. Troubleshooting communication problems between the management server and the console or the database ..................................... Verifying the connection with the database ............................... 951 952 952 954 954 956 956 957 958 958 959 959 960 961 962

34

Contents

Chapter 55

Troubleshooting reporting issues .................................. 965Troubleshooting reporting issues .................................................. Troubleshooting context-sensitive help for the reporting console ............................................................................... Changing reporting fonts to display Asian languages ........................ Changing timeout parameters for reviewing reports and logs ............. Accessing reporting pages when the use of loopback addresses is disabled .............................................................................. About recovering a corrupted client System Log on 64-bit computers ........................................................................... 965 967 968 968 970 971

Chapter 56

Troubleshooting the Enforcer appliance ...................... 973Troubleshooting communication problems between an Enforcer appliance and the Symantec Endpoint Protection Manager .......... Troubleshooting an Enforcer appliance .......................................... Frequently asked questions for the Enforcer appliances .................... Which virus protection and antivirus software is managed by Host Integrity? ............................................................... Can Host Integrity policies be set at the group level or the global level? ........................................................................... Can you create a custom Host Integrity message? ....................... What happens if Enforcer appliances cannot communicate with Symantec Endpoint Protection Manager? ............................ Is a RADIUS server required when a LAN Enforcer appliance runs in transparent mode? ............................................... How does enforcement manage computers without clients? ......... Troubleshooting the connection between the Enforcer and the On-Demand Clients ...........................