Endpoint Protection

Hi all,

Over the past few months, a small group of people from across Symantec have helped put together a document that demonstrates how to best use Symantec Endpoint Protection when dealing with an outbreak. Our technicians have been using it with success, so we'd thought we'd make it public and share it with the general community.

There are a few technologies that will need to be in place before you can fully use the steps in the document: Application and Device Control (only works for non-64-bit systems), IPS, and the Client Firewall.

One last thing of note, as the threat landscape has changed considerably since Symantec Endpoint Protection was released, we've gone through and made some recommendations as to updating the security policy in the Symantec Endpoint Protection Manager. I'd recommend looking through these recommendations and seeing what might work. When we were working on the policy updates, our first thought was protection, then peformance. That said, some of these changes could affect performance...


References
Best practices for responding to active threats on a network
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010011510455048

Security Response recommendations for Symantec Endpoint Protection settings
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010020308592948

 Here's few Articles written by Connect Users / TAs / Sym Employees.

Find and Removing Threat. Handling Outbreaks.

https://www-secure.symantec.com/connect/articles/how-find-suspected-threats-your-computer

https://www-secure.symantec.com/connect/articles/virus-removal

https://www-secure.symantec.com/connect/articles/rootkit-intruder-living-your-kernel

https://www-secure.symantec.com/connect/articles/virus-remediation-procedures


Protection against threats. Proactive Approach.

https://www-secure.symantec.com/connect/articles/how-use-sep-protect-against-rogue-browser-helpers

https://www-secure.symantec.com/connect/articles/network-security-and-ways-protect-system

https://www-secure.symantec.com/connect/articles/security-may-be-illusion-risk-real-manage-it

https://www-secure.symantec.com/connect/articles/online-virus-and-behavioural-scan-engines

https://www-secure.symantec.com/connect/articles/what-do-p2p-applications-do-and-how-block-peer-peer-applications-p2p-using-symantec-endpoin

https://www-secure.symantec.com/connect/articles/more-how-disable-autoplay-feature-prevent-virus-spreading-way



https://www-secure.symantec.com/connect/articles/how-beat-w32downadup-infections-outbreak-scenario

https://www-secure.symantec.com/connect/articles/best-practice-downadupb-and-additional-information-same

Todd, while I am sure these recomendations from Security Response would improve security, I fear that performance of the PC may take a big hit.
Have you tried these out?
I will try this out on a sample population tomorow.

I think they are practical if you're having a malware problem (which most places seem to have), but if malware is a rare event (because of other security settings or well-trained users), then perhaps it is not practical for that environment.  I think you are going to have to test and see for yourself if the performance hits are negative enough to justify not using all of the settings--but I'd test in batches, add some settings, test; add some more, test again.  That way you can determine which settings are negligible and which ones cause dramatic changes, and you can at the very least implement all the changes that aren't going to cause any problems.

snekul - I agree with you that we need to test and add.
I am miserable because I have a number of PCs with 256 Mb or 512 Mb RAM.
They really cant take anything more.