Endpoint Protection

 View Only
  • 1.  Policy based disabled feature end in warning on clients

    Posted Jun 04, 2012 07:42 AM

    Hi

    We upgraded from SEP 11 to SEP 12.1 RU1MP1 and activated the flag "Remove all previous logs and policies, and reset the client-server communication settings" and on the first view, everything works without any problem.

    But now we would like to disable the SONAR and the Download-Insight feature on some groups in the Policies. SEPM creates a new ID for the policy, the new policy is applied to the clients, but all these clients shows then a warning message in the systray that the Download-Insight feature is disabled. Yes it is disabled and we want it to be disabled, so how can we teach the systray that it should not show it up as a warning anymore?

    Thx, Wayne



  • 2.  RE: Policy based disabled feature end in warning on clients

    Trusted Advisor
    Posted Jun 04, 2012 07:51 AM

    Hello,

    Virus and Spyware Protection includes a feature that is called Download Insight. Download Insight relies on reputation information to make detections. If you disable Insight lookups, Download Insight runs but cannot make detections. Other protection features, such as Insight Lookup and SONAR, use reputation information to make detections; however, those features can use other technologies to make detections.

    Download Insight has the following dependencies:

    • Auto-Protect must be enabled

      If you disable Auto-Protect, Download Insight cannot function even if Download Insight is enabled.

    • Insight lookups must be enabled

      Symantec recommends that you keep the Insight lookups option enabled. If you disable the option, you disable Download Insight completely.

    So, in case if you disable Download Insight, the clients would surely receive the Warning message.

     

    Check this Article:

    How Symantec Endpoint Protection protection features work together

    http://www.symantec.com/docs/HOWTO55268 

    How Symantec Endpoint Protection uses reputation data to make decisions about files

    http://www.symantec.com/docs/HOWTO55275

    Hope that helps!!



  • 3.  RE: Policy based disabled feature end in warning on clients

    Posted Jun 04, 2012 08:09 AM

    Hi and thanx for the fast reply!

    I understand for the Download-Insight, but we have the same behaviour on the "Microsoft Outlook Auto-Protect" feature on our servers. If we disable the feature in the policy, we get on all servers the warning that Auto-Protect for Outlook is disabled. It should be possible to disable this feature withouth getting a warning right? Because we don't have any Outlook installed on the servers?

    Regards, Wayne



  • 4.  RE: Policy based disabled feature end in warning on clients
    Best Answer

    Trusted Advisor
    Posted Jun 04, 2012 08:19 AM

    Hello,

    Disabling the Policies, would not disable the Feature from the SEP client machines.

    When installing the SEP client, you would have to create a custom package and choose the correct features to Install.

    In your case, if you want the Outlook Protection to be disabled, you would have to remove the feature on the SEP client machines.

    Check this Articles:

    Creating custom client installation packages in the Symantec Endpoint Protection Manager console version 12.1

    http://www.symantec.com/docs/TECH165801

    How to add or remove features to existing Symantec Endpoint Protection (SEP) client installations

    http://www.symantec.com/docs/TECH90936

    Also, check these Articles below:

    See About the types of threat protection that Symantec Endpoint Protection provides.

    See Configuring client installation package features.

    After installation, you can enable or disable the protection technologies in the security policies.

    See About enabling and disabling protection.

    See Performing tasks that are common to all security policies.

    Hope that helps!!



  • 5.  RE: Policy based disabled feature end in warning on clients

    Posted Jun 04, 2012 05:57 PM

    Hi Wayne,

    a lot of settings at the SEPM console (especially in the AV/AS policy) can be locked by a padlock.  If you don't close these padlocks and simultaneously disable (for example) the SONAR and Download Insight settings, the SEP client will warn you.

    The philosophy behind this behavior may be to call attention to the fact that the user is in full charge of these settings.

    The resolution is easy: At the SEPM, just close the padlocks for Download Insight and SONAR. Whether  they are turned on or off, you won't get warnings any longer.

    HTH!