Hi all,
Over the past few months, a small group of people from across Symantec have helped put together a
document that demonstrates how to best use Symantec Endpoint Protection when dealing with an outbreak. Our technicians have been using it with success, so we'd thought we'd make it public and share it with the general community.
There are a few technologies that will need to be in place before you can fully use the steps in the document: Application and Device Control (only works for non-64-bit systems), IPS, and the Client Firewall.
One last thing of note, as the threat landscape has changed considerably since Symantec Endpoint Protection was released, we've gone through and made some recommendations as to updating the
security policy in the Symantec Endpoint Protection Manager. I'd recommend looking through these recommendations and seeing what might work. When we were working on the policy updates, our first thought was protection, then peformance. That said, some of these changes could affect performance...
References
Best practices for responding to active threats on a network
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010011510455048
Security Response recommendations for Symantec Endpoint Protection settings
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010020308592948