Tag Archives: SEP Manager

MaaadIT 12:50 pm on December 11, 2015
Tags: , , , , SEP 12.1.6, SEP Manager, , , SEPM 12.1.6, ,   

Symantec Endpoint Protection Windows 10 Compatability

Is Symantec Endpoint Protection compatible with Windows 10?

Only if it is the latest Symantec Endpoint Protection version 12.1.6.  Symantec Endpoint Protection 12.1.5 and previous versions are not compatible with Windows 10.

With Microsoft upgrading Windows 7 and Windows 8 to their newest OS platform, Windows 10, businesses are evermore challenged in keeping their security solutions up to date.

Scenario:

We recently upgraded to SEP 12.1.5 and rolled out mostly unmanaged client and a few managed ones. Our organization is now ordering PCs with Winows 10 preinstalled and we need to update Symantec yet again for compatibility. Problem is, our organization does not have proper bandwidth resources to push out the SEP 12.1.6 client to all PCs. On top of that, most of our users are on thin clients. Our newest thin client images for HP t620 already include the SEP 12.1.5 client.

The question is this: Can I update SEPM to 12.1.6 to create the new package for Windows 10 PCs but leave all existing PCs/ thin clients on 12.1.5?  Will the 12.1.5 managed clients still talk to SEPM 12.1.6 and continue to download definitions without the need to update?   As long as the base version is the same (i.e 12.1.x) then SEPM and SEP client can be on different versions

http://www.symantec.com/connect/forums/sepm-client-different-version

 

Additionally, posts on the official Symantec forum state that an unmanaged SEP 12.1.6 client can be installed on Windows 10 machines by downloading Symantec_Endpoint_Protection_12.1.6_MP3_All_Clients_EN.zip instead of updating SEPM to 12.1.6 .

http://www.symantec.com/connect/blogs/symantec-endpoint-protection-and-windows-10-compatibility

Symantec Endpoint Protection (SEP) adds support for Windows 10 with 12.1.6 MP1.

For Symantec Endpoint Protection 12.1, a maintenance patch has been released on July 29, 2015. Customers will need to be current on maintenance to receive the maintenance patch update. For more information, visit our SEP 12.1 Windows 10 Knowledge Base.

You can upgrade to Windows 10 with Symantec Endpoint Protection 12.1.6 MP1 installed. You must uninstall earlier versions of Symantec Endpoint Protection. The operating system upgrade stops if it detects an earlier version of Symantec Endpoint Protection.

The following operating system upgrade paths are supported with 12.1.6 MP1 installed:

  • Windows 8.1 to Windows 10

  • Windows 8 to Windows 10

  • Windows 7 to Windows 10

 

Symantec_Endpoint_Protection_12.1.6_MP3_All_Clients_EN.zip can be downloaded from the link below by entering your Symantec product serial number.

https://symantec.flexnetoperations.com/control/symc/registeranonymouslicensetoken

#antivirus-2, #security-2, #sep-12-1-5, #sep-12-1-5-to-12-1-6, #sep-12-1-6, #sep-manager, #sep-windows-10-compatability, #sepm, #sepm-12-1-6, #symantec-endpoint-protection, #symantec-endpoint-protection-windows-10-compatability

MaaadIT 12:58 pm on November 16, 2015
Tags: , , , , , SEP Manager, , , , , , ,   

Symantec Endpoint Protection (SEP) 12.1.5 Antivirus Exclusion – Windows Server 2012 R2 – Citrix XenApp 7.6

Antivirus exclusions are an important step in deploying server based technologies.  Organization’s performance needs are just as critical as security.  Antivirus protection on physical XenApp servers hosting applications and shared desktops can be a challenge when the appropriate exclusions are not set up because performance and availability can suffer drastically.  Some of the issues that can be avoided by exclusion include hanging user sessions, long delays at logon and logoff, long delays launching apps, server unresponsiveness, etc.

Looking at a deployment of XenApp 7.6 VDA on Windows Server 2012 R2 platform for a healthcare organization, the following resources were reviewed in identifying what to add to the exclusion policy in Symantec Endpoint Protection Manager.  The following links refer to best practices as recommended by Symantec, Citrix, Microsoft and in the case of a healthcare organization using Intergy, Sage.

(SEP) 12.1.5 Antivirus Exclusion – Windows Server 2012 R2 – Citrix XenApp 7.6

SEP_12.1.5_Exceptions

SEP_12.1.5_Exceptions

https://support.symantec.com/en_US/article.TECH91070.html

https://www.citrix.com/blogs/2013/09/22/citrix-consolidated-list-of-antivirus-exclusions/

https://support.citrix.com/article/CTX127030

http://social.technet.microsoft.com/wiki/contents/articles/18439.terminal-server-antivirus-exclusions.aspx

http://www.millennium-mb.com/files/Sage_Intergy_EHR_EMR_New_Jersey_York_Medical_Billing.pdf

Note that the registry fix described in the first link is performed after the SEP 12.1.5 client is installed on the XenApp 7.6 VDA server.

The fourth link down refers to Antivirus Exclusions recommended by Microsoft for Terminal Servers.  We were unable to find an updated list for Remote Desktop Services on Windows Server 2012 R2 but some of the previous exclusions will still apply.

The same is true for Intergy/ Intergy EHR exclusions.  Previous exclusions for earlier versions of Intergy still apply for newer versions.

Lastly, while all of the previous file exclusion recommendations come from the product vendors mentioned earlier, it is worth noting that some exclusions will technically make your server more vulnerable to attacks.  Thus, antivirus software on XenApp 7.6 VDA servers should only be part of a larger, more robust enterprise security plan.

#antivirus-2, #citrix, #exception-policy, #security-2, #sep-12-1-5, #sep-manager, #sepm, #shared-desktop, #symantec-endpoint-protection, #vda-7-6-0, #virtualization-2, #windows-server, #xenapp-7-6-2

MaaadIT 1:01 pm on November 5, 2015
Tags: , , , , SEP Manager, , ,   

Verify Symantec Endpoint Protection Manager Created Exception Policy is Applied to Client

Consider the following scenario:

You recently deployed a couple of Citrix XenApp servers. You created a new group in SEP 12.1.5 manager and modified an exception policy to exclude individual files, extensions and processes from being harassed by SEP 12.1.5. Then, you created an unmanaged client install package using that new group so that the exception policy would be included. You installed the client on the server and under User defined Exceptions the window is blank. How can you know for sure that the exception policy you applied to the group in SEP 12.1.5 Manager carried over and is being applied on the machine?

Thx to Reddit Symantec gurus we know that user defined exceptions section in the SEP client is for user added exception only and not the SEP Manager. Thus, that section will not show you what you configured in the exclusion policy created in SEP Manager and included in the install package.

To verify that Symantec Endpoint Protection Manager created exception policies are being applied to the client:

Open SEP on client machine and at the top-right, go to Help and select Troubleshooting from the drop-down menu that appears.  In the Management window, click on Export under the Policy Profile. This will allow you to export an XML file that you can then search for the exclusions.

Yet another way to verify that Symantec Endpoint Protection Manager created exception policy is applied to client is to open regedit and manually inspect those exclusions through registry.  Browse to the registry key: •HKEY_LOCAL_MACHINE\SOFTWARE\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\AV\EXCLUSIONS

Note: On 64bit window machines the registry path is: HKEY_LOCAL_MACHINE\Software\WOW6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions

https://support.symantec.com/en_US/article.TECH105814.html

 

 

#antivirus-2, #exception-policy, #security-2, #sep-12-1-5, #sep-manager, #sepm, #symantec-endpoint-protection, #windows-server