"How to..." Series for Symantec Endpoint Protection - Part 3

Hello,

This is Part 3 of the "How to Series...", you can find the Part 1 here and Part 2 here.

Here are few popular "How to..." which would be assistance to the Symantec Endpoint Protection Users.

Series 3 contains the following "How to..."

1) How to create a GUP (Group Updater Provider) in SEP 12.1 RU2

2) How to Export a log report in Symantec Endpoint Protection Manager in .csv format

3) How to disable the "Active Scan on Startup" whenever different users log into a single computer on an unmanaged client.

4) How to Export SEP Client Package from Symantec Endpoint Protection Manager 12.1

======================================================================================================

1) How to create a GUP (Group Updater Provider) in SEP 12.1 RU2

    Step 1. Go to the Policies of that Group where that Systems are Stored in Symantec Console.

    Step 2. Click on Live Update Setting Policy (Fig-1)

      Step 3. Live Update Policy Screen Display. Choose the Server Setting (Fig-2)

                 (Figure-2)

     Step 4. There three option displays

                  a) Internal & External Live Update Setting

                  b) Group Updater Provider

                  c) Third Party Management

     Step 5. Check on the Use of Group Updater Provider. Now Group Updater Provider is Enable. Click on it.

     Step 6. Group Updater Provider Box Display. Fig (3)

                 (Figure-3)

        Step 7. Two options are available in Group Updater Provider

           a) Group Updater Provider Selection for Clients.

           b) Group Update Provider Settings

        Step 8. In the Group Updater Provider Selection for Clients, there are 3 options displayed as below:

      a)   Multiple Group Update Provider: Multiple Group Update Providers use a set of rules, or criteria, to elect themselves to serve groups of clients across subnets. To configure multiple Group Update Providers, you specify the criteria that client computers must meet to qualify as a Group Update Provider. If a client computer meets the criteria, the Symantec Endpoint Protection Manager adds the client to its list of Group Update Providers. Symantec Endpoint Protection Manager then makes the list available to all the clients in your network. Clients check the list and choose the Group Update Provider that is located in their subnet. You can also configure a single, dedicated Group Update Provider to distribute content to clients when the local Group Update Provider is not available.

      b)  Explicit Group Update Provider: Use an explicit list of Group Update Providers when you want clients to be able to connect to Group Update Providers that are on subnets other than the client's subnet. Clients that change location can roam to the closest Group Update Provider on the list.

NOTE: Clients from releases earlier than this release do not support the use of explicit Group Update Provider lists. Clients that communicate with Symantec Endpoint Protection Manager versions 12.1 and earlier do not receive any information about explicit Group Update Provider lists.

      c) Single Group Update Provider: A single Group Update Provider is a dedicated client computer that provides content for one or more groups of clients. A single Group Update Provider can be a client computer in any group. To configure a single Group Update Provider, you specify the IP address or host name of the client computer that you want to designate as the Group Update Provider.

Step 9. Choose Multiple Group Update Providers / Explicit Group Update Provider / Single Group Update Provider as per required and Update the Hostname/IP of Group Updater System.

Step 10. Click Ok.

Note: 1000 systems can be updated with Single GUP.

Check these articles:

About the types of Group Update Providers

http://www.symantec.com/docs/HOWTO80957

Understanding "Explicit Group Update Providers (GUPs) for Roaming Clients" in Symantec Endpoint Protection (SEP) 12.1.2

http://www.symantec.com/docs/TECH198640

====================================================================================

2) How to Export a log report in Symantec Endpoint Protection Manager in .csv format

Earlier in Symantec Endpoint Protection 11.x, the Log reports exported were in.txt format.

However, in Symantec Endpoint Protection 12.1, the Log reports are exported in.csv format.

 To look at all data for all clients follow these steps:

1. In the SEPM, click Monitors > Logs.
2. For Log type: select Computer Status.
3. Click the View Log button.
4. Click the Export link at the top of the page. 
5. In the window, click Open or Save as a .csv file.

Again, all the Reports (Quick / Scheduled) are saved in MHTML Web page archive format in the location you selected.

Check these articles:

Exporting a log report in Symantec Endpoint Protection Manager in .csv format

http://www.symantec.com/business/support/index?page=content&id=TECH179235

Printing and saving a copy of a report

http://www.symantec.com/docs/HOWTO55383

Running and customizing quick reports

http://www.symantec.com/docs/HOWTO55413

====================================================================================

3) How to disable the "Active Scan on Startup" whenever different users log into a single computer on an unmanaged client.

Different users get a new "Active Scan on Start up" within "Scan for threats" on the Symantec Endpoint Protection (SEP) client GUI whenever they log in into the same machine. You wish to know how to disable this scan on an unmanaged client.

To disable this scan, follow the steps below based on the version of Windows running on the client.

WARNING: In the next steps you edit the Windows registry. Back up the registry before you make any changes to it, because incorrect changes to the registry can result in permanent data loss or corrupted files. Modify or delete only the registry keys that are specified. For instructions, see the document How to back up the Windows registry.

On 32-bit versions of Windows:

1. Click on Start, then Run and type regedit into the run line. Click OK.
2. Navigate to the following registry key:HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\General
3. Change the StartupScansEnabled DWORD value to 0.

On 64-bit versions of Windows:

1. Click on Start, then Run and type regedit into the run line. Click OK.
2. Navigate to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\General
3. Change the StartupScansEnabled DWORD value to 0.
4. Close the Registry.

Check this article:

How to disable the "Active Scan on Startup" whenever different users log into a single computer on an unmanaged client.

http://www.symantec.com/docs/TECH173305

====================================================================================

4) How to Export SEP Client Package from Symantec Endpoint Protection Manager 12.1

You would like to know how to create new client installation packages using the Symantec Endpoint Protection Manager (SEPM) console.  

1) Login to SEPM console

2) Select a task – Install Protection client to computers

3) Select “New Package Deployment"

4) In the Select the Group and Install Features set window,

• Select the correct version of Install Package.
• Click on "Browse" to select the correct Group to which the client package should be meant to report to.
• Select the correct Install Feature Sets
• Select the correct Install Settings
• Select the correct Content Options
• Select the correct Preferred Mode
• Click Next

5)  Select : Save Package

6) Browse for the location to Save the Package and click Next

7) Select : Single .exe file (default) and Click Next

8)      Click Finish

Check these Articles:

====================================================================================