You’ve installed & set up the SEPM console. You’ve also deployed the SEP clients to PCs across the network. The job is done… or so you thought. While it can ‘run’ itself most of the time, there are some thing you will have to monitor the health of the computers and also the network to ensure you are fully protected.
Note: This is based on SEPM v12.1.5 console.
Does the clients communicate to the server OK? Are they picking up any viruses/malware? Is it downloading the latest definitions OK? This is where the Day to Day Administration work comes in. It will only take about 10-15 minutes of your time a day, depending on what the issue is. By doing this, you are making sure your network is in its best of health.
I will give you an example of what I do first thing in the morning…
I log on to the console and look at the ‘Home Page’. I make sure that both ‘Latest from Symantec’ and also ‘Latest on Manager’ are up to date. You can cross reference the dates & revision number with http://www.symantec.com/security_response/definitions.jsp if needed so you know it’s downloading the definitions without any issue.
I then look at under ‘Virus and Risks Activity Summary’ – see if there is anything you need to do, especially under ‘Still Infected’ table – this is where you do some work if it cannot get rid of the virus.
It will be also helpful to keep your eyes on the ‘Symantec Security Response’ and find out what level it is for the ThreatCon. Most of the time, it will be between 1 (Normal) and 2 (Increased alertness) but anything more than 2, you will need to be prepare for any attacks.
If you want ‘in depth’ details of the status of your network, you can use the Reports feature to run some reports to your needs and take action if needed based on the reports you generated. This can also be set up as scheduled reports to be emailed to you so you don’t have to do it manually. (Reports icon -> Scheduled Reports tab)
Under ‘Endpoint Status’, check to see if there is anything need to be looked at for ‘Out of date’, ‘Disabled’ and also ‘Host Integrity Failed’ – click on the numbers to get the full details.
There are other things you may want to do, which are:
Top source of attack
Disk space size where SEPMN is installed on (Full disk will prevent from new definitions being downloaded & extracted)
Out of date SEP client
Computers needing a restart
'Left Alone' risk needs to be looked at
Is there anything else you do as part of your Day to Day Administration work on SEPM? Please do share with us!