Category Archives: Symantec Products

Personalize Symantec endpoint protection client install

Facebookgoogle_plus

Symantec endpoint protection solution involves Personalize Symantec client install for be managed under the requested client group.
This can be achieved using a client install process which divided to 3 sub processes:
1. Client install package.
2. Client install settings.
3. Client install feature set.

To prepare Symantec endpoint protection client installations do the follow:

1. Open Symantec endpoint protection manager.
2. On the left pane < Go to “admin” < “install packages”
3. On bottom left pane point to “client install package”.
In default, Symantec endpoint protection comes out of the box with three main client installs: windows 32 bit, windows 64 bit and MAC.

To add additional client install:

1. Right click the white area in right pane (where you see the other 3 clients).
2. Click “add”.
3. Specify a name for the package.
4. Specify the source folder.
5. Click “ok” < the engine will now compile a new package for deployment.

To prepare Symantec endpoint protection client install settings do the follow:

1. Open Symantec endpoint protection manager.
2. On the left pane < Go to “admin” < “install packages”
3. On bottom left pane point to “client install settings”.
4. Right click the white area in right pane.
5. Click “add”
6. Give a name to the client install configuration.
7. Recommended to change configuration only if necessary, keep in mind that for deploying new client
It’s recommended to mark on the last section the option “remove all previous logs and policies”.
To prepare Symantec endpoint protection client install feature set do the follow:
1. Open Symantec endpoint protection manager.
2. On the left pane < Go to “admin” < “install packages”
3. On bottom left pane point to “client install settings”.
4. Right click the white area in right pane.
5. Click “add”.
6. Give a name to the client install feature set.
7. Mark and unmark features according to organization needs.
To preform client install process do the follow:

1. Open Symantec endpoint protection manager.
2. On the left pane < Go to “clients” < make sure you point to the requested group on the “clients” tree.
3. on the left pane click “add a client”.
4. Select “new package deployment” < Press next < choose the requested package < choose the requested feature set <
Choose the requested settings < choose “Basic” in the content options tab < press next.
5. Select the “remote push” option < press next.
6. Find the requested station using domain name or IP address and deploy the client.
7. The client should be installed in station, reboot and mark with green small rectangle that indicates that the client is now managed by Symantec endpoint protection server.

enabling or disabling Symantec Endpoint Firewall

Facebookgoogle_plus

Enabling or disabling Symantec Endpoint Firewall is needed when backup operations or any other programs needed to open files are corrupted .

1. Stop the Just Symantec Endpoint Protection agent first.
(Right Click “Symantec Endpoint Protection” client in tray < click “disable”.

2. Edit the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\smc_engine_status

so that:
smc_engine_status  value set to “0”  – Network Threat Protection  is Disabled.
smc_engine_status  value set to “1”  – Network Threat Protection  is enabled.

3. Reset the computer.

Norton ghost 15

Facebookgoogle_plus

Norton ghost 15 also know by the Symantec products that goes along with it, provide the ultimate solution in terms of backing up your computer (full disk) or part of it (partition), also includes advanced recovery service for restoring lost data and network services that can ease the process of dropping image to your files server or pulling an image from your file server.
The benefits of ghost 15 are enormous: the refreshing new GUI allows operating much easier then with the DOS GUI that we were used to in the old Norton ghost product.
In addition, the fully compatibility with windows 7 operation systems is great solved two major problems concerning windows 7 with ghost 12 and 14 product. First, the new product overcome the ghost 12 issue with windows 7 that asks you to force dismount the hard disk and may lose data. Is such scenario like working with brand computer like HP, Dell or IBM it solved the recovery disk issue. The issue was that when uploading ghost from disk to create or restore an image, ghost worn of the partition that is locked by other programs (this "program" is actually the recovery disk created by those brands companies as mentioned). Basically when uploading the Norton ghost 15 from disk it identifies all partitions and treats them as individual parts and not as one physical disk. In that way, recovery disk doesn’t concern Norton 15 as it acts as a separate disk and doesn’t affect the operation system or other data drives. In addition, Norton ghost 15 works with both 25G and 50G Blu-ray discs and supported by the windows 7 bitlocker to provide data protection encrypting disk data.
Norton ghost 15 is attentive to world’s progress and needs; therefore it supplies a great platform for dealing with cloud and VM machines, for example: it uses V2i files for imaging and can include and restore VM files such as VHD files as well.
Backup with Norton ghost 15
To backup your computer with Norton ghost 15 follow those instructions:
1.Insert the Norton ghost 15 boot disk and boot from CD to load the software.
2.Accept the license when asked and press OK.
3.Choose the service "backup my computer" and follow the instructions.
4.Choose the partition\s you want to backup.
5.Choose the local\network drive to store the .v2i file.
6.Press" OK" to finish the process.

Norton ghost 15 also provides a platform which allows you to restore files to local or network drive using the networking services. Once operated, those services can gain you access to some nice networking tools to control your restore data: ping to remote computer, map network drive and much more. 
 

Symantec endpoint error 1324

Facebookgoogle_plus

This article goes for those who tried to uninstall or repair the Symantec endpoint client using control panel and add\remove programs.

The error we got was "The path in ‘My Documents’ contains an invalid character".
From what we know, the problem is the Teefer2 driver. Try the following procedure:
  1. Click ‘start’ > ‘settings’ > ‘control panel’ > ‘network connections’ < right click the blue highlighted connection < properties <uncheck the Teefer2 Driver to disable it.
  2. Or
  3. right click ‘my network placed’ <’properties’ < right click the blue highlighted connection < properties <uncheck the Teefer2 Driver to disable it.  
  4. Reset your pc.

export Symantec endpoint antivirus and antispyware protection logs to excel file

Facebookgoogle_plus

You can export Symantec endpoint logs to excel file using the following method:
1. Open the Symantec endpoint protection client.
2. Go to > view logs.
3. Press "view logs" under "antivirus and antispyware protection" tab.
4. Choose scan logs, risk logs or system logs to view.
5. Press the export button on the down left corner.
6. Fill in a file name and save the file as CSV file for excel.

How to configure Symantec endpoint scan frequency?

Facebookgoogle_plus

You can configure Symantec endpoint scan frequency to match your needs. For example: if you run a backup job during the night and the Symantec endpoint scan can stop the process – you can just "tell" the Symantec  endpoint to stop scanning in the night when the backup takes place.
Follow this procedure:

1. Open the Symantec endpoint protection client.
2. Go to > change settings.
3. Press "configure settings" under "Proactive threat protection".
4. Under "scan frequency" tab, press the "at a custom scanning frequency" and fill in the time you want.

How to create centralized exceptions with Symantec endpoint client ?

Facebookgoogle_plus

Sometimes, in a Symantec endpoint based network, the Symantec endpoint client\server detects files that
It suspects as viruses but they are not. For example: if you download and install a casino program on your computer,
The Symantec endpoint client will likely count this program as virus or some other security risk.
If you have files that you know that the Symantec endpoint will block or suspect them as virus, you should create centralized exception in the client or server side.
To create centralized exceptions follow this procedure:

1. Open the Symantec endpoint protection client.
2. Go to > change settings.
3. Press "configure settings" under the "centralized exceptions" tab.
4. If you want to add a known risk:
 Press add > security risk exceptions > known risk and point the known risk from the list you get.
5. If you want to add a file:
Press add > security risk exceptions > file and point the file you want the Symantec endpoint mark as Unsuspicious.
6. If you want to add a folder:
Press add > security risk exceptions > folder and point the folder you want the Symantec endpoint mark as Unsuspicious.
7. If you want to add a known extension:
Press add > security risk exceptions > extension and add the extensions you want the Symantec endpoint mark as Unsuspicious.

How to change Symantec endpoint file cache setting?

Facebookgoogle_plus

You can change the Symantec endpoint client file cache settings by follows this procedure:

1. Open the Symantec endpoint protection client.
2. Go to > change settings.
3. Press "configure settings" under "Antivirus and antispy protection".
4. Go to "file system auto protect" and press "advanced".
5. Under "file cache" change the setting you want.
Important to know: it is not recommended to change those settings, but some solutions or 3th
party tools  requires disabling the file cache.
Anyway, you can also change the cache size and decide whether to rescan the cache when a new definition loaded.

How to change Symantec endpoint virus notification message?

Facebookgoogle_plus

Symantec endpoint client and protection manager lets you decide what will be the message that
Will be presented to user when a virus detected.
you can change those configuration both in Symantec endpoint client and protection manager.
In the server you can change the configuration to group, and that affects all computers under this group.
In client you simply do the following:

1. Open the Symantec endpoint protection client.
2. Go to > change settings.
3. Press "configure settings" under "Antivirus and antispy protection".
4. Go to "file system auto protect" and press "notifications".
5. make sure the "display a notification message when a security risk is detected" is enabled.
6. Change the text under to whatever you want and that is the text that the user will see when any security risk is detected.