Symantec Endpoint Protection, SEP, is Symantec AntiVirus® combined with anti-spyware, firewall, intrusion prevention system, application control, device control, and proactive threat scanning into a single client, all managed by a single piece of management software.The combination allows instant upgrades without deploying specific software for each security technology. It protects from from both known threats and from threats that have not been seen before. Symantec Endpoint Protection protects against malware such as viruses, worms, Trojan horses, spyware, and adware. It protections against even against rootkits, zero-day attacks, and spyware that mutates.
Important notes before starting:
- You must uninstall all other antivirus software before you install Symantec Endpoint Protection.
- You must use an administrator account to install and set up Symantec Endpoint Protection.
- Be sure to check out the system requirements before beginning installation.
Installing Symantec Endpoint Protection
- Download Symantec Endpoint Protection from the WebStore
- It is recommended that you download the non-interactive version. You should not select interactive unless you know exactly what commands to write into the program.
- Please select either the 32 or 64-bit system depending on which your computer is using.
- Double-click on the installer file downloaded from the website and select run.
- This is a quiet installation. You will see one or two status dialog boxes saying what is being done with estimates of how much longer the installation will take, but that is it.
- At the end, a dialog box will open saying that your Antivirus Definitions are too old. (This may not happen if you are installing over SAV 10. Click to close this box.
- Check to make sure that LiveUpdate ran by default:
- Right-click on the SEP yellow shield icon in the system tray (or as Microsoft calls it, notification area, the end of the taskbar which is generally at the lower right-hand corner of your screen) and click Open Symantec Endpoint Protection.
- SEP opens with the Status tab (down the left side) selected:
- If there is a green bar which says Your computer is protected., then your computer is protected, and by default, it will run a scan again at around 8 pm tonight. (Either don't turn your computer off or change when the default scans are run if you must turn it off.)
- If there is a red bar that says you have a problem or a yellow bar saying the definitions are out of date, click the yellow Fix button.
Most likely the problem is that LiveUpdate was not run automatically and all that needs to be done is to run it. SEP will run it and that will fix the problem.
- LiveUpdate runs a little differently in SEP than it did in Symantec and Norton AntiVirus. By default, it runs automatically and closes itself when it finishes. So you may not see it run at all, and if you do, it might close itself before you see it finish.
Default Configurations and Actions
The default SEP Configuration is probably want you want. I only changed two things. But you might want to take a look at it anyway.
- Click on the Options button beside Antivirus and Antispyware Protection and Proactive Threat Protection, and select Change Settings..., or
- Click the Change Settings tab and click Configure Settings.
The default configuration is:
- All types of scans are turned on; these are: File System Auto-Protect, Internet Email Auto-Protect
- All scans scan all files.
- The default scanning frequency is every hour (Configure Settings for Proactive Threat Protection, Scan Frequency tab)
- Auto-Protect: Antivirus and Antispyware Protection Configure Settings > File System Auto-Protect > Advanced
- Starts at system start
- Runs on files when they are opened or modified
- Turns itself back on after 30 minutes when you turn it off (say to install something)
- Backs up files before attempting repair
- Enables Threat Tracer
- Turns on Heuristics -- searching for viruses and worms by their generic characteristics
- Internet Email: Antivirus and Antispyware Protection Configure Settings > Internet E-mail Auto-Protect > Advanced
- Scans files inside compressed files
- Uses Heuristics
- Protects incoming and outgoing email, using POP3 or SMTP protocols.
- And turns on Tamper Protection, which protects SEP and LiveUpdate from being tampered with by unauthorized sources. (Viruses have been known to break the antivirus program; that's a wise first step for them.)
Set Internet Email Auto-Protect to Scan SSL Email
There are two things that you should change:
- Click Configure Settings for Proactive Threat Protection, then the Scan Details tab.
- At the bottom, in the Commercial Applications box, select Terminate or Quarantine for When a commercial keylogger is detected: and When a commercial remote control application is detected:.
- Click Configure Settings for Antivirus and Antispyware Protection, then select the Internet E-Mail Auto-Protect tab.
- Click Enable Internet E-mail Auto-Protect if it isn't already selected.
- Click the Advanced button on the right. Click both Allow encrypted POP 3 connections and Allow encrypted SMTP connections.
- Replace the 110 for the POP3 port with 995, and the replace the 25 for the SMTP port with either either 587 (if you are using Start TLS) or 465 (if you are using SSL and alternate port). (It might be the easiest thing to do is to check your email program and see what you have set for your SMTP outgoing email port.) SEP doesn't check the IMAP port, so it can not check incoming IMAP email.
- Click OK, OK.
- Close SEP.
When SEP finds a virus, worm, or expanded security threat -- spyware, adware and the like -- it has two actions that it can take. The first action is intended to fix the problem. It employs the second action when the first action fails.
The default actions are the same for each type of threat for each type of scan, but you can change the actions by scan or by file if you wish by clicking Antivirus and Antispyware Protection > Configure Settings > File System Auto-Protect > Actions.
- Worms, Viruses, and Macro Viruses:
- First: Clean
- Second: Quarantine
- Expanded Security Threat - adware, dialers, hack tools, joke programs, remote access, spyware, trackware, others
- First: Quarantine and clear any changes to the registry
- Second: Leave alone but Log
Schedule Regular Full Scans and LiveUpdate
You don't have to do this; SEP does it for you, a daily full scan at about 8 PM. Note that LiveUpdate in SEP is set up to run and close automatically. If you want it to wait until you close it, you have to click Start > Settings > Control Panel > Symantec LiveUpdate > Interactive Mode > OK.
How to Tell if Auto-Protect is Running
You can tell when Auto-Protect is running because you'll see the gold shield in the Windows system tray. (Generally the lower right corner of the Windows monitor screen.) When Auto-Protect is turned off, the gold shield with have a red circle with a crossed line over it its bottom.
Sometimes Auto-Protect will try to protect you from installing programs that you want to install. In this case, turn it off for a short period of time, while you install the program:
- Right-click on the gold shield icon, and un-check Enable Auto-Protect. To turn it back on, right-click it again and check Enable Auto-Protect to select it.
- Or in Symantec Endpoint Protection, click Change Settings, then Antivirus and Antispyware Protection Configure Settings. On the File System Auto-Protect tab, uncheck Enable Auto-Protect. Recheck it to turn it back on.
Double-clicking on the gold shield is an alternate way to open SEP.
More About SEP Scans
After you finish setting everything up, SEP will run your first automatic scan. To run scans manually or change the options on the scheduled scans, first you:
- Open Symantec Endpoint Protection: Start > Programs > Symantec Endpoint Protection > Symantec Endpoint Protection.
- Click Scan for Threats.
To run a manual scan in SEP:
Click Active Scan or Full Scan.
To create a new scan:
Click Create a New Scan.
- A Quick Scan scans system memory and all the common virus and security risk locations on your computer.
- A Full Scan scans system memory, boot sector, and all attached drives, including network drives.
- Custom user-defined Scan is limited to the files and folders that you specify.
You don't have to select the drives or files to search for Quick or Full Scans, though you can select files to skip. If you want to specify which files to scan, use User-defined Scan.
To change the schedule of the Daily Full Scan:
Right-click on its name and select Edit. Change the day and time on the Scan Schedule tab.
What to do if SEP finds a Virus
By default, SEP will try to clean up the virus from the infected file. If it's Auto-Protect or a manual scan that finds the file, it will offer the file to you if the first action fails. It it's a scheduled scan and the first action fails, it will automatically execute the second action, which by default is put it into Quarantine, where you won't accidentally access the file.
You can change these default settings to (1) delete the infected file when it's found, or (2) leave it alone and just log that you've found the the virus, which is called "log only".
When the clean action fails :
- Run LiveUpdate again: In SEP, click LiveUpdate. (If there is a new virus definition file, SEP might be able to clean up your file.)
- If the file is in Quarantine, in the left pane, click View Quarantine.
If it's the result of Auto-Protect or a manual scan, the worms, viruses, and security threats will be listed in a Results window.
- Double-click on the name of the virus or right-click and select Properties to see what the virus is, where it is, what type it is, and the status of the first action.
- Right-click on the name of the file you want to clean, and select Clean from the right-click menu.
If SEP cleans your file, you're done. Well, you'll have to move the file back where it came from, and SEP won't remember where that is.
If not, then right-click again and select either Delete Permanently or Move To Quarantine. (You should be cautious about deleting files; move them to quarantine and see whether the next virus update can clean them.)
To delete a file in Quarantine, do the same as above, only click Delete.