Documente Academic
Documente Profesional
Documente Cultură
20090506
University of Texas at Arlington Office of Information Technology Information Security Office Personal Configuration Guide for Symantec Endpoint Protection
This guide is provided by the Office of Information Technology (OIT), Information Security Office as a basic and introductory guide for configuring the Symantec Endpoint Protection (SEP) software on personal devices. This guide is intended for use by UT Arlington Students, Staff, and Faculty on their personally owned computers. UT Arlington provides active students, faculty and staff one free copy of the SEP software for installation and use on their personally owned computer to help prevent and mitigate cross contamination of information and computing resources. The SEP client for personal use is preconfigured with the recommended default settings as specified by Symantec. However, these settings may not provide optimal security protection for all users. Each individual is encouraged to familiarize themselves with the settings and options for any software package in use on their personally owned computer. For example by default Symantec will detect spyware but will nor remove or quarantine said spyware. This guide will show the user where to configure this setting and many more. This guide does not provide a comprehensive summary of the settings and capabilities within SEP. The user is encouraged to read the official Symantec users guide for the software.
Contents Section 1 1.1 1.2 Section 2 2.1 2.2 2.3 Section 3 3.1 3.2 3.3 Section 4 4.1 Section 5 5.1 5.2 5.3 5.4 5.5 Section 6 What is SEP Symantec Endpoint Protection SEP Client Getting the Software On-Line BlazeWare Report Piracy Installation Installation First Time Installation Update Installation The SEP GUI GUI Client Configuration Default Configuration Scheduled Scan Antivirus Spyware Configuration Proactive Threat Configuration Other Settings Links and References pg. 4 pg. 4 pg. 5 pg. 5 pg. 5 pg. 6 pg. 7 pg. 12 pg. 17 pg. 19 pg. 19 pg. 25 pg. 28 pg. 30 pg. 31
1 - What is SEP
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
2.1 - On-Line
OIT will maintain a password protected web site with the most current software version available for personal use. The web site can be found at www.uta.edu/antivirus. Once you have opened the web site in a browser, navigate to the option for the Personal / Home version and follow the link to the file download. You will be prompted for your UTA NetID and password. Lastly, save the file to a location of your choosing. Individuals that are active students, faculty, or staff of UT Arlington are permitted one copy of SEP for use on their personally owned computer. ------------------------------------------------------------------------------------------------
2.2 - BlazeWare
OIT provides the campus with a software and documentation distribution CD named BlazeWare. BlazeWare can be obtained at the UT Arlington Computer Store in Ransom Hall for the ultra low cost of $5. * The fee charged is for the physical media and printing services, all software on the BlazeWare CD is free to active UT Arlington students, faculty and staff. BlazeWare can also be obtained at various campus and security events throughout the year, such as student orientation and the student activities fair. ------------------------------------------------------------------------------------------------
3 - Installation
------------------------------------------------------------------------------------------------
3.1 - Installation
Before installing SEP on your computer it is recommended that you fully uninstall and delete any pre-existing antivirus and/or host based security products that may be on your computer. If you are currently using a security software package from Symantecs Norton product line it is recommended that this also be removed prior to installing SEP. ** SEP will work with passive spyware programs such as LavaSoft Ad-Aware or Safer Networking Spybot Search and Destroy. However SEP will have conflicts with active antivirus and firewall programs like McAfee Antivirus, TrendMicro Internet Security, and avast! Antivirus to name a few. After removing any conflicting antivirus and/or host based security products your computer should be rebooted. Installation of the SEP software is your typical Windows double click and follow the prompts installation. For our demonstration we will assume you are installing SEP from the latest version of the BlazeWare CD. The exact file name may vary. If you have downloaded the software file to your desktop you should see an icon as in figure 00.
Figure 00
Or if you prefer to install directly from the BlazeWare CD you should see a Windows Explorer window as in figure 01.
Figure 01 ------------------------------------------------------------------------------------------------
Figure 02
Figure 03 You will be prompted with the Symantec End Users License Agreement (EULA). Select your acceptance choice Select Next
Figure 04
8 UT Arlington - Windows XP Operating System Security Guide
Figure 05 You will see a status screen with various messages throughout the install process.
Figure 06
Once the installation has completed you will be prompted with the finish prompt. Select Finish.
Figure 07 Immediately following the software installation SEP will initiate a LiveUpdate of the software. During this process your computer will attempt to contact the servers at Symantec.com to download the latest virus and content definitions.
Figure 08
10
Finally you will be prompted to reboot you computer. The antivirus components of SEP will begin protecting your computer before it is rebooted however the network components like the firewall and IPS will not take effect until after a reboot.
Figure 09 Once you have completely installed SEP and logged back into your computer following the reboot you will see a new icon in the lower right corner of your task bar.
Figure 12
12
You will be prompted for the type of software install. Most users will select Modify to upgrade the older version of SEP.
Figure 13 You will be prompted to select the components for installation. By default your installation should have all components enabled with the exception of Outlook and Lotus Notes protection.
Figure 14
13 UT Arlington - Windows XP Operating System Security Guide
Select Next
Figure 16
14
You will see a status screen with various messages throughout the install process.
Figure 17 Once the installation has completed you will be prompted with the finish prompt. Select Finish.
Figure 18
15
Immediately following the software installation SEP will initiate a LiveUpdate of the software. During this process your computer will attempt to contact the servers at Symantec.com to download the latest virus and content definitions.
Figure 19 Finally you will be prompted to reboot you computer. The antivirus components of SEP will begin protecting your computer before it is rebooted however the network components like the firewall and IPS will not take effect until after a reboot.
Figure 20 ------------------------------------------------------------------------------------------------
16
4.1 - GUI
You can open the SEP GUI by double clicking on the gold shield on the system task bar or by using the Start menu option (Start Programs Symantec Endpoint Protection Symantec Endpoint Protection).
Figure 21 The main view of the SEP GUI is your typical dashboard style interface with green, yellow, and red color indicators. As you can see in figure 22 our SEP client is all green and therefore a happy fully updated client.
Figure 22 To explore the GUI you can use the menu options on the left frame which are static and remain the same on each view of the GUI. Optionally you can choose the individual Options buttons on the right side of each of the three major components.
17
In the event you need assistance with your SEP software the first thing you will need to know is how to find the version number. To do this... Select the yellow Help and Support button in the upper right of the main window.
Figure 23 Then select About The version number will be immediately under the software name. In our example we have version 11.0.4.4014.26
Figure 24 ------------------------------------------------------------------------------------------------
18
5 - Client Configuration
------------------------------------------------------------------------------------------------
Figure 25
19
It is recommended that the system perform an Active Scan once a day and a Full Scan once a week as a minimum. SEP is configurable to run an Active Scan at the time the computer is booted up as seen in Figure 25. **Note this scan is present but disabled by default. This however may add time to the boot process of your computer depending on how many other applications are also running at startup. You can optionally configure SEP to run an active scan each time that new definitions are downloaded. **This is a default action. With the system performing an Active Scan with each new definition set we can simply add a Weekly Full Scan. The Active Scan only looks at certain locations on the hard drive, it is sometimes referred to as a quick scan. A Full Scan looks at the entire hard drive, although it is more complete it will take longer to run. With this in mind you will want to choose a time for your Weekly Full Scan that your computer will be powered up but possibly while you are not actively using. For example if you are the active socialite something like Friday night at 8 PM while you are going out to eat. Or if you are a gamer something like 6 AM Saturday morning while you are still asleep after the Friday night tournament. Select Full Scan and Next
Figure 26
20
One the following screen we can delve into Actions and define if SEP logs, quarantines, or removes various types of detected risks. On the Notifications menu we can define how much we want SEP to talk to us. Do we want SEP to perform its functions silently or do we want to see a message every step along the way. With the Advanced and Centralized Exceptions we can further control how SEP behaves and remove specific files or folders from a scan. First select Actions
Figure 27 Recommended Settings Macro virus First Action: Clean risk / If first action fails: Quarantine risk. Non-macro virus First Action: Clean risk / If first action fails: Delete risk. Security Risks First Action: Delete risk / If first action fails: Quarantine risk. Select OK
Figure 28
21
Now lets enable notifications so that we get a warning if a virus is detected. Select Notifications Then select all three options Display a notification message when a security risk is detected: Terminate processes automatically Stop services automatically Select OK and Next
Figure 29 Next we will select the time for the scan Select At specified times and Next
Figure 30
22 UT Arlington - Windows XP Operating System Security Guide
In figure 31 we have selected Friday at 10 PM. Enter your preferred time. Select Next
Figure 32
23
Figure 33 ------------------------------------------------------------------------------------------------
24
Figure 34
25
Figure 35 Recommended Settings Macro virus First Action: Clean risk / If first action fails: Quarantine risk. Non-macro virus First Action: Clean risk / If first action fails: Delete risk. Security Risks First Action: Delete risk / If first action fails: Quarantine risk. Select OK
Figure 36
26 UT Arlington - Windows XP Operating System Security Guide
Figure 37 Recommended Settings Macro virus First Action: Clean risk / If first action fails: Quarantine risk. Non-macro virus First Action: Clean risk / If first action fails: Delete risk. Security Risks First Action: Delete risk / If first action fails: Quarantine risk. Select OK
Figure 38
27 UT Arlington - Windows XP Operating System Security Guide
------------------------------------------------------------------------------------------------
Figure 39
28
In the lower right corner of the window. Change the setting for When a commercial keylogger is detected from Log to Quarantine Select OK
Figure 40 ------------------------------------------------------------------------------------------------
29
Figure 41 Or see the SEP Client Users Guide available on BlazeWare, client_guide.pdf ------------------------------------------------------------------------------------------------
30
31