Symantec Endpoint Protection 12.0 User guide

Category
Antivirus security software
Type
User guide
Client Guide for Symantec
Endpoint Protection Small
Business Edition
The software described in this book is furnished under a license agreement and may be used
only in accordance with the terms of the agreement.
Documentation version 12.00.00.00.00
Legal Notice
Copyright © 2009 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, LiveUpdate, Symantec Protection Center, and TruScan are
trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S.
and other countries. Other names may be trademarks of their respective owners.
This Symantec product may contain third party software for which Symantec is required
to provide attribution to the third party (Third Party Programs). Some of the Third Party
Programs are available under open source or free software licenses. The License Agreement
accompanying the Software does not alter any rights or obligations you may have under
those open source or free software licenses. Please see the Third Party Legal Notice Appendix
to this Documentation or TPIP ReadMe File accompanying this Symantec product for more
information on the Third Party Programs.
The product described in this document is distributed under licenses restricting its use,
copying, distribution, and decompilation/reverse engineering. No part of this document
may be reproduced in any form by any means without prior written authorization of
Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,
ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO
BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL
OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,
PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED
IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in
Commercial Computer Software or Commercial Computer Software Documentation", as
applicable, and any successor regulations. Any use, modification, reproduction release,
performance, display or disclosure of the Licensed Software and Documentation by the U.S.
Government shall be solely in accordance with the terms of this Agreement.
Symantec Corporation
20330 Stevens Creek Blvd.
Cupertino, CA 95014
http://www.symantec.com
Technical Support
Symantec Technical Support maintains support centers globally. Technical
Supports primary role is to respond to specific queries about product features
and functionality. The Technical Support group also creates content for our online
Knowledge Base. The Technical Support group works collaboratively with the
other functional areas within Symantec to answer your questions in a timely
fashion. For example, the Technical Support group works with Product Engineering
and Symantec Security Response to provide alerting services and virus definition
updates.
Symantecs maintenance offerings include the following:
A range of support options that give you the flexibility to select the right
amount of service for any size organization
Telephone and Web-based support that provides rapid response and
up-to-the-minute information
Upgrade assurance that delivers automatic software upgrade protection
Global support that is available 24 hours a day, 7 days a week
Advanced features, including Account Management Services
For information about Symantecs Maintenance Programs, you can visit our Web
site at the following URL:
www.symantec.com/techsupp/
Contacting Technical Support
Customers with a current maintenance agreement may access Technical Support
information at the following URL:
www.symantec.com/techsupp/
Before contacting Technical Support, make sure you have satisfied the system
requirements that are listed in your product documentation. Also, you should be
at the computer on which the problem occurred, in case it is necessary to replicate
the problem.
When you contact Technical Support, please have the following information
available:
Product release level
Hardware information
Available memory, disk space, and NIC information
Operating system
Version and patch level
Network topology
Router, gateway, and IP address information
Problem description:
Error messages and log files
Troubleshooting that was performed before contacting Symantec
Recent software configuration changes and network changes
Licensing and registration
If your Symantec product requires registration or a license key, access our technical
support Web page at the following URL:
www.symantec.com/techsupp/
Customer service
Customer service information is available at the following URL:
www.symantec.com/techsupp/
Customer Service is available to assist with the following types of issues:
Questions regarding product licensing or serialization
Product registration updates, such as address or name changes
General product information (features, language availability, local dealers)
Latest information about product updates and upgrades
Information about upgrade assurance and maintenance contracts
Information about the Symantec Buying Programs
Advice about Symantec's technical support options
Nontechnical presales questions
Issues that are related to CD-ROMs or manuals
Maintenance agreement resources
If you want to contact Symantec regarding an existing maintenance agreement,
please contact the maintenance agreement administration team for your region
as follows:
[email protected]Asia-Pacific and Japan
[email protected]Europe, Middle-East, and Africa
[email protected]North America and Latin America
Additional enterprise services
Symantec offers a comprehensive set of services that allow you to maximize your
investment in Symantec products and to develop your knowledge, expertise, and
global insight, which enable you to manage your business risks proactively.
Enterprise services that are available include the following:
These solutions provide early warning of cyber attacks, comprehensive threat
analysis, and countermeasures to prevent attacks before they occur.
Symantec Early Warning Solutions
These services remove the burden of managing and monitoring security devices
and events, ensuring rapid response to real threats.
Managed Security Services
Symantec Consulting Services provide on-site technical expertise from
Symantec and its trusted partners. Symantec Consulting Services offer a variety
of prepackaged and customizable options that include assessment, design,
implementation, monitoring, and management capabilities. Each is focused on
establishing and maintaining the integrity and availability of your IT resources.
Consulting Services
Educational Services provide a full array of technical training, security
education, security certification, and awareness communication programs.
Educational Services
To access more information about Enterprise services, please visit our Web site
at the following URL:
www.symantec.com
Select your country or language from the site index.
Technical Support ............................................................................................... 4
Chapter 1 Introducing the Symantec Endpoint Protection
Small Business Edition client ....................................... 9
About the Symantec Endpoint Protection Small Business Edition
client ..................................................................................... 9
Key features of Symantec Endpoint Protection Small Business
Edition ................................................................................. 11
Where to get more information ....................................................... 12
Accessing online Help ............................................................. 13
Accessing the Symantec Security Response Web site .................... 13
Technical Support resources .......................................................... 13
Chapter 2 Getting started with the client .......................................... 15
Getting started on the Status page ................................................... 15
About alert icons on the Status page ................................................ 17
About the notification area icon ...................................................... 18
Chapter 3 Responding to alerts and notifications .......................... 19
About responding to alerts and notifications ..................................... 19
About scan results ........................................................................ 20
Responding to a virus or risk detection ............................................ 21
Responding to messages that ask you to allow or block an
application ............................................................................ 23
Responding to messages about an expired license .............................. 24
About logs .................................................................................. 25
Viewing the logs .......................................................................... 27
Chapter 4 Making sure that your computer is protected ............... 29
Managing your computer's protection .............................................. 29
Scanning your computer immediately .............................................. 31
Pausing and delaying scans ...................................................... 32
About centrally managed clients and self-managed clients .................. 33
Contents
Checking whether the client is centrally managed or
self-managed ........................................................................ 34
Enabling and disabling protection technologies ................................. 35
Enabling or disabling Auto-Protect ............................................ 37
Enabling or disabling Proactive Threat Protection ........................ 38
Enabling or disabling Network Threat Protection ......................... 38
Updating the client's protection ...................................................... 39
Updating your protection immediately ....................................... 40
Updating your protection on a schedule ..................................... 40
Chapter 5 Managing scans ................................................................... 43
Managing protection scans ............................................................ 43
About viruses and security risks ..................................................... 45
About the types of protection scans ................................................. 48
How virus and spyware scans work .................................................. 51
How scans respond to a virus or risk detection .................................. 52
Scheduling a user-defined scan ....................................................... 53
Scheduling a scan to run on demand or when the computer starts
up ....................................................................................... 55
Adjusting virus and spyware scan settings ........................................ 56
About excluding items from being scanned ....................................... 58
Excluding items from being scanned ................................................ 58
Excluding a process from TruScan proactive threat scans .................... 60
About quarantining files ................................................................ 60
Quarantining a file from the Risk or Scan log .................................... 61
Managing a quarantined file .......................................................... 61
Chapter 6 Managing the firewall and intrusion prevention .......... 63
About Network Threat Protection ................................................... 63
Managing Network Threat Protection .............................................. 64
How the firewall works ................................................................. 65
How the firewall rules work ........................................................... 67
Adding a firewall rule ................................................................... 68
About the rule processing order ...................................................... 69
Changing the order of a firewall rule ................................................ 69
Index .................................................................................................................... 71
Contents8
Introducing the Symantec
Endpoint Protection Small
Business Edition client
This chapter includes the following topics:
About the Symantec Endpoint Protection Small Business Edition client
Key features of Symantec Endpoint Protection Small Business Edition
Where to get more information
Technical Support resources
About the Symantec Endpoint Protection Small
Business Edition client
The Symantec Endpoint Protection Small Business Edition client combines several
layers of protection to proactively secure your computer against known and
unknown threats and network attacks.
Figure 1-1 displays how the protection technologies work together to protect your
computer.
1
Chapter
Figure 1-1
Protection layers
Network Threat Protection
Proactive Threat Protection
Virus and Spyware Protection
File System
Auto-Protect
Internet Email
Auto-Protect
Microsoft Outlook
Auto-Protect
TruScan
Firewall
Intrusion
Prevention
Administrator-
Defined Scans
Table 1-1 describes each layer of protection.
Table 1-1
Types of protection
DescriptionLayer
This layer combats a wide range of threats, including
spyware, worms, Trojan horses, rootkits, and adware. File
System Auto-Protect continuously inspects all computer
files for viruses and security risks. Internet Email
Auto-Protect scans the incoming and outgoing email
messages that use the POP3 or SMTP communications
protocol over the Secure Sockets Layer (SSL). Microsoft
Outlook Auto-Protect scans incoming and outgoing
Outlook email messages.
See Managing protection scans on page 43.
Virus and Spyware Protection
Introducing the Symantec Endpoint Protection Small Business Edition client
About the Symantec Endpoint Protection Small Business Edition client
10
Table 1-1
Types of protection (continued)
DescriptionLayer
This layer uses a unique Symantec technology called
TruScan proactive threat technology. TruScan proactive
threat scans protect against unknown, or zero-day, threats
by analyzing suspicious behavior from an application or
process.
If your administrator enabled TruScan proactive threat
scans, the scans run in the background. You can specify
the scan to ignore certain files.
See Excluding a process from TruScan proactive threat
scans on page 60.
Proactive Threat Protection
This layer comprises firewall and intrusion prevention
protection. The rules-based firewall prevents
unauthorized users from accessing your computer. The
intrusion prevention system automatically detects and
blocks network attacks.
See Managing Network Threat Protection on page 64.
Network Threat Protection
Your administrator manages the protection technologies and uses a management
server to download them to your client computer.
The client automatically downloads virus definitions and product updates from
a management server at your company. Users who travel with portable computers
can get virus definitions and product updates directly from .
See Updating the client's protection on page 39.
Key features of Symantec Endpoint Protection Small
Business Edition
Table 1-2 displays the main features that the client includes to protect your
computer.
11Introducing the Symantec Endpoint Protection Small Business Edition client
Key features of Symantec Endpoint Protection Small Business Edition
Table 1-2
Key features of the client
DescriptionFeature
The client uses the protection technologies to protect your computer
in the following ways:
See About the Symantec Endpoint Protection Small Business Edition
client on page 9.
Scans client computers for known viruses and security risks.
See About the types of protection scans on page 48.
Detects and repairs the effects of known viruses and security risks.
See How scans respond to a virus or risk detection on page 52.
Protects Microsoft Exchange servers against email-borne viruses,
spam, and security risks.
See Adjusting virus and spyware scan settings on page 56.
Analyzes application behaviors and network communications to
detect and actively block against unknown threats.
Automatically detects and blocks network attacks.
See About Network Threat Protection on page 63.
Prevents unauthorized users from accessing the computers and
networks that connect to the Internet.
See How the firewall works on page 65.
Protection
technologies
Your administrator installs the client so that either you or your
administrator manages your computer's protection.
See About centrally managed clients and self-managed clients
on page 33.
Centrally managed
or self-managed
client
The client informs you when the client detects a virus or blocks a
network attack. You can also respond to a virus or security risk
detection.
See About responding to alerts and notifications on page 19.
Alerts and
notifications
Where to get more information
If you need more information, you can access the online Help.
You can obtain additional information about viruses and security risks from the
Symantec Security Response Web site at the following URL:
http://securityresponse.symantec.com
Introducing the Symantec Endpoint Protection Small Business Edition client
Where to get more information
12
Accessing online Help
The client online Help system has general information and procedures to help
you keep your computer safe from viruses and security risks.
Note: Your administrator may have elected not to install the Help files.
To access online Help
In the main window, do one of the following:
Click Help, and then click Help Topics.
Click Help on any of the individual dialog boxes.
Context-sensitive Help is available only in screens on which you can
perform actions.
Press F1 in any window. If there is context-sensitive Help available for
that window, context-sensitive Help appears. If context-sensitive Help is
not available, the full Help system appears.
Accessing the Symantec Security Response Web site
If you are connected to the Internet, you can visit the Symantec Security Response
Web site to view items such as the following:
The Virus Encyclopedia, which contains information about all known viruses
Information about virus hoaxes
White papers about viruses and virus threats in general
General and detailed information about security risks
To access the Symantec Security Response Web site, use the following URL:
In your Internet browser, type the following Web address:
http://securityresponse.symantec.com
Technical Support resources
Table 1-3 lists the Symantec Web sites where you can find more information .
13Introducing the Symantec Endpoint Protection Small Business Edition client
Technical Support resources
Table 1-3
Symantec Web sites
Web addressTypes of information
http://www.symantec.com/business/products/
downloads/
Symantec Endpoint Protection Small
Business Edition trialware
http://www.symantec.com/business/support/
overview.jsp?pid=55357
Public Knowledge Base
Releases
Manuals and documentation updates
Contact options
Release Notes and additional
post-release information
http://securityresponse.symantec.comVirus and other threat information
and updates
http://enterprisesecurity.symantec.comProduct news and updates
http://www.symantec.com/communitySymantec Endpoint Protection Small
Business Edition forums
http://www.symantec.com/education/
endpointsecurity
Free online technical training
Introducing the Symantec Endpoint Protection Small Business Edition client
Technical Support resources
14
Getting started with the
client
This chapter includes the following topics:
Getting started on the Status page
About alert icons on the Status page
About the notification area icon
Getting started on the Status page
When you open the client, the main window and the Status page appears.
Table 2-1 displays the main tasks that you can perform from the client's menu
bar and Help option.
2
Chapter
Table 2-1
Client main window
To do these tasksClick this
option
Access the main online Help and perform the following tasks on the client:
View information about your computer, the client, and the client's
protection.
View information about the client's connection status with the
management server. You can also try to connect to the server, if
necessary.
View any client log.
Import and export security policies and communication settings on a
self-managed client.
View and export debugging logs and a troubleshooting file to help your
administrator diagnose a problem with the client or the client's
protection.
Download a support utility tool to diagnose common issues with the
client.
Help
View whether the computer is protected and whether the computer's
license is current. The colors and alert icons in the Status page show you
which technologies are enabled and protecting the client.
See About alert icons on the Status page on page 17.
You can:
Enable or disable one or more protection technologies.
See Enabling and disabling protection technologies on page 35.
View whether you have the latest definitions files for Virus and Spyware
Protection, Proactive Threat Protection, and Network Threat Protection.
Run an active scan.
See Scanning your computer immediately on page 31.
View the threat list and view the results of the last virus and spyware
scan.
Status
Enable you to do the following tasks:
Run an active scan or full scan immediately.
See Scanning your computer immediately on page 31.
Create a scheduled, startup, or on-demand scan.
See Scheduling a user-defined scan on page 53.
See Scheduling a scan to run on demand or when the computer starts
up on page 55.
Scan for
threats
Getting started with the client
Getting started on the Status page
16
Table 2-1
Client main window (continued)
To do these tasksClick this
option
Configure settings for the following protection technologies and features:
Enable and configure Auto-Protect settings.
See Adjusting virus and spyware scan settings on page 56.
Configure the firewall settings and the intrusion prevention system
settings (self-managed client only).
View and add exceptions to scans.
See About excluding items from being scanned on page 58.
Display the notification area icon (self-managed client only).
See About the notification area icon on page 18.
Create a schedule to download content and product updates to the
client (self-managed client only).
See Updating your protection on a schedule on page 40.
Change
settings
View the viruses and security risks that the client has detected and
quarantined. You can restore, delete, clean, export, and add files in the
quarantine.
See About quarantining files on page 60.
View
quarantine
Run LiveUpdate immediately. LiveUpdate downloads the latest content
definitions and product updates from a management server that is located
within your company's network.
See Updating your protection immediately on page 40.
LiveUpdate
About alert icons on the Status page
The top of the Status page displays various alert icons to indicate the protection
status of the computer.
Table 2-2 displays the different types of alert icons and what the alert icons mean.
Table 2-2
Status page alert icons
DescriptionIcon
Shows that each protection is enabled.
Client computers that run Windows XP x64 Edition or Windows Server
2000, 2003, and 2008 do not support Proactive Threat Protection. On these
operating systems, the green alert notification remains green although
the status is Off.
17Getting started with the client
About alert icons on the Status page
Table 2-2
Status page alert icons (continued)
DescriptionIcon
Warns you that the client computer virus definitions are out of date. To
receive the most current virus definitions, you can run LiveUpdate
immediately.
See Updating the client's protection on page 39.
Shows that one or more protections are disabled or that the client has an
expired license. To enable a protection, you click Fix.
See Enabling and disabling protection technologies on page 35.
About the notification area icon
The client uses a notification area icon to indicate whether the client is online or
offline and whether the client computer is adequately protected. You can right-click
this icon to display frequently used commands. The icon is located in the
lower-right hand corner of the desktop.
Note: On centrally managed clients, the notification area icon does not appear.
Table 2-3 displays the Symantec Endpoint Protection Small Business Edition client
status icons.
Table 2-3
Symantec Endpoint Protection Small Business Edition status icons
DescriptionIcon
The client runs with no problems. It is either offline or self-managed.
Self-managed clients are not connected to a server.
The client runs with no problems. It is connected to and communicates with
the server. All components of the security policy protect the computer. The
icon displays a green dot.
The client has a minor problem. For example, the virus definitions may be
out of date. The icon displays a yellow dot with a black exclamation mark.
The client does not run, has a major problem, or has at least one protection
technology disabled. For example, Virus and Spyware Protection may be
disabled. The icon displays a white dot with a red outline and a red line across
the dot.
Getting started with the client
About the notification area icon
18
Responding to alerts and
notifications
This chapter includes the following topics:
About responding to alerts and notifications
About scan results
Responding to a virus or risk detection
Responding to messages that ask you to allow or block an application
Responding to messages about an expired license
About logs
Viewing the logs
About responding to alerts and notifications
The client works in the background to keep your computer safe from malicious
activity. Sometimes the client needs to notify you about an activity or to prompt
you for feedback.
Table 3-1 displays the types of messages you might see and need to respond to.
3
Chapter
Table 3-1
Types of alerts and notifications
DescriptionAlert
If a scan detects a virus or a security risk, the Detection Results
dialog box appears with details about the infection. The dialog
box also displays the action that the scan performs on the risk.
You usually do not need to take any further actions other than
to review the activity and to close the dialog box. You can take
action if necessary, however.
See About scan results on page 20.
Scan results or Detection
Results dialog box
You may see pop-up messages for the following reasons:
The client asks you to allow or block an application.
See Responding to messages that ask you to allow or block
an application on page 23.
The client's evaluation license has expired.
See Responding to messages about an expired license
on page 24.
Other message dialog
boxes
Notifications that appear above the notification area icon occur
in the following situations:
The client blocks an application. For example, you might see
the following notification:
Traffic has been blocked from this application:
(application name)
If the client is configured to block all traffic, these
notifications appear frequently. If your client is configured
to allow all traffic, these notifications do not appear.
When the client detects a network attack against your
computer. You might see the following type of notification:
Traffic from IP address 192.168.0.3 is blocked
from 10/10/2006 15:37:58 to 10/10/2006 15:47:58.
Port Scan attack is logged.
You do not need to do anything else other than to read the
messages.
Notification area icon
messages
About scan results
For centrally managed clients, your administrator typically configures a full scan
to run at least one time each week. For self-managed clients, an automatically
Responding to alerts and notifications
About scan results
20
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74

Symantec Endpoint Protection 12.0 User guide

Category
Antivirus security software
Type
User guide

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI