Symantec 20032623 - Endpoint Protection Small Business Edition, Endpoint Protection Small Business Edition Implementation Manual

Symantec™ Endpoint
Protection Small Business
Edition Implementation
Guide

Symantec™ Endpoint Protection Small Business Edition
Implementation Guide

The softwaredescribed inthis bookis furnishedunder alicense agreementand maybe used
only in accordance with the terms of the agreement.

Documentation version 12.01.00.00

Legal Notice

Copyright © 2011 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, Bloodhound, Confidence Online, Digital Immune System,
LiveUpdate, Norton, Sygate, and TruScan are trademarks or registered trademarks of
Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be
trademarks of their respective owners.

This Symantec product may contain third party software for which Symantec is required
to provide attribution to the third party (“Third Party Programs”). Some of the Third Party
Programs areavailable underopen sourceor freesoftware licenses. The License Agreement
accompanying the Software does not alter any rights or obligations you may have under
those opensource orfree software licenses. Please see the Third Party Legal Notice Appendix
to this Documentation or TPIP ReadMe File accompanying this Symantec product for more
information on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use,
copying, distribution, and decompilation/reverse engineering. No part of this document
may be reproduced in any form by any means without prior written authorization of
Symantec Corporation and its licensors, if any.

THE DOCUMENTATIONISPROVIDED "ASIS" AND ALLEXPRESS OR IMPLIEDCONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,
ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO
BE LEGALLYINVALID.SYMANTEC CORPORATIONSHALLNOT BELIABLEFOR INCIDENTAL
OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,
PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED
IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The LicensedSoftware andDocumentation aredeemed to be commercial computer software
as definedin FAR 12.212 and subject to restricted rights as defined in FAR Section52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in
Commercial Computer Software or Commercial Computer Software Documentation", as
applicable, and any successor regulations. Any use, modification, reproduction release,
performance, displayor disclosure of the Licensed Software and Documentation by the U.S.
Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation
350 Ellis Street
Mountain View, CA 94043

http://www.symantec.com

Technical Support

Symantec Technical Support maintains support centers globally. Technical
Support’s primary role is to respond to specific queries about product features
and functionality.The Technical Support group also creates content forour online
Knowledge Base. The Technical Support group works collaboratively with the
other functional areas within Symantec to answer your questions in a timely
fashion. Forexample, theTechnical Supportgroup works with Product Engineering
and SymantecSecurity Response to provide alerting services andvirus definition
updates.

Symantec’s support offerings include the following:

■ A range of support options that give you the flexibility to select the right

amount of service for any size organization

■ Telephone and/or Web-based support that provides rapid response and

up-to-the-minute information

■ Upgrade assurance that delivers software upgrades

■ Global support purchased on a regional business hours or 24 hours a day, 7

days a week basis

■ Premium service offerings that include Account Management Services

For information about Symantec’s support offerings, you can visit our Web site
at the following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreement
and the then-current enterprise technical support policy.

Contacting Technical Support

Customers with a current support agreement may access Technical Support
information at the following URL:

www.symantec.com/business/support/

Before contacting Technical Support, make sure you have satisfied the system
requirements that are listed in your product documentation. Also, you should be
at the computer on which the problem occurred, in caseit isnecessary to replicate
the problem.

When you contact Technical Support, please have the following information
available:

■ Product release level

■ Hardware information

■ Available memory, disk space, and NIC information

■ Operating system

■ Version and patch level

■ Network topology

■ Router, gateway, and IP address information

■ Problem description:

■ Error messages and log files

■ Troubleshooting that was performed before contacting Symantec

■ Recent software configuration changes and network changes

Licensing and registration

If yourSymantec product requires registration or a license key, accessour technical
support Web page at the following URL:

www.symantec.com/business/support/

Customer service

Customer service information is available at the following URL:

www.symantec.com/business/support/

Customer Service is available to assist with non-technical questions, such as the
following types of issues:

■ Questions regarding product licensing or serialization

■ Product registration updates, such as address or name changes

■ General product information (features, language availability, local dealers)

■ Latest information about product updates and upgrades

■ Information about upgrade assurance and support contracts

■ Information about the Symantec Buying Programs

■ Advice about Symantec's technical support options

■ Nontechnical presales questions

■ Issues that are related to CD-ROMs, DVDs, or manuals

Support agreement resources

If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:

customercare_apac@symantec.comAsia-Pacific and Japan

semea@symantec.comEurope, Middle-East, and Africa

supportsolutions@symantec.comNorth America and Latin America

Technical Support . ..... ..... ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... .. 4

Chapter 1 Introducing Symantec Endpoint Protection Small

Business Edition .. ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... 17

About Symantec Endpoint Protection Small Business Edition .. ..... ..... ... 17

What's new in version 12.1 ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... .. 18

About the types of threat protection that Symantec Endpoint

Protection Small Business Edition provides ......... ..... ..... ..... ..... .... 21

Protecting your network with Symantec Endpoint Protection Small

Business Edition ... ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... ... 25

Getting upand running on Symantec Endpoint Protection Small

Business Edition for the first time .. ..... ..... ..... ......... ..... ..... ... 26

Managing protection on client computers .. ..... .... ..... ..... ..... ..... .... 29

Maintaining the security of your environment .... ..... ..... ..... ......... . 30

Troubleshooting Symantec Endpoint Protection Small Business

Edition .. ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... . 31

Section 1 Installing Symantec Endpoint Protection

Small Business Edition .... ..... ..... ..... .... ..... ..... ..... . 33

Chapter 2 Planning the installation .... ..... ..... ..... ......... ..... ..... ..... ..... ... 35

Planning the installation . ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... 35

Components of Symantec Endpoint Protection Small Business

Edition .. ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... .. 37

Product license requirements ........ ..... ..... ..... ..... .... ..... ..... ..... ..... ..... 39

System requirements . ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... .... 41

About Symantec Endpoint Protection Manager compatibility with

other products . ..... ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... ....... 43

Chapter 3 Installing Symantec Endpoint Protection

Manager ... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ... 45

Installing the management server and the console ...... ..... ..... ..... ........ 45

Configuring the management server during installation ..... ..... ......... ... 47

Contents

Accepting theself-signed certificatefor Symantec Endpoint Protection

Manager . ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... . 47

Uninstalling Symantec Endpoint Protection Manager ... ..... ..... ..... ..... .. 48

Logging on to the Symantec Endpoint Protection Manager

console .... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... 49

What you can do from the console . ..... ..... ..... ..... .... ..... ..... ..... ..... ...... 51

Chapter 4 Managing product licenses .... ..... ..... ..... ......... ..... ..... ..... .... 55

Licensing Symantec Endpoint Protection .... ..... ..... ......... ..... ..... ..... .... 56

About the trialware license ... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... .... 58

Purchasing licenses .... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... .... 58

Where to buy a Symantec product license ... ..... ..... .... ..... ..... ..... ..... .... 59

Activating your product license .. ..... ..... ..... ......... ..... ..... ..... ..... ........ 59

Using the License Activation wizard ..... ..... ..... ..... ......... ..... ..... ..... .... 60

Required licensing contact information ..... ......... ..... ..... ..... ..... ......... . 61

About upgrading from trialware ..... ..... ..... ..... ..... ......... ..... ..... ..... .... 62

About product upgrades and licenses ... ..... .... ..... ..... ..... ..... ......... ..... . 62

About renewing your Symantec Endpoint Protection Small Business

Edition license .. ..... ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... ...... 63

About the Symantec Licensing Portal ..... .... ..... ..... ..... ..... ......... ..... .... 63

Maintaining your product licenses .... ..... ..... ......... ..... ..... ..... ..... ....... 64

Checking license status ...... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ..... . 64

Downloading a license file ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ... 65

Licensing enforcement rules ....... ..... ..... ..... ..... .... ..... ..... ..... ..... ....... 65

Backing up your license files ........ ..... ..... ..... ..... ......... ..... ..... ..... ..... . 66

Recovering a deleted license ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... . 67

Importing a license ..... ..... ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ........ 67

About multi-year licenses ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... .... 68

Licensing an unmanaged client . ..... ..... ......... ..... ..... ..... ..... ......... ..... . 68

Chapter 5 Preparing for client installation ..... ......... ..... ..... ..... ..... ..... 71

Preparing for client installation ... ..... ......... ..... ..... ..... ..... ......... ..... ... 71

Preparing Windows operating systems for remote deployment ..... ..... ... 72

Chapter 6 Installing the Symantec Endpoint Protection Small

Business Edition client ... ..... ..... ..... ......... ..... ..... ..... ..... .. 75

About client deployment methods .... ..... ......... ..... ..... ..... ..... ......... .... 75

Deploying clients using a Web link and email . ......... ..... ..... ..... ..... 76

Deploying clients by using Remote Push ... ..... ..... ..... ..... ......... .... 77

Deploying clients by using Save Package .. ..... ..... ..... ..... ......... ..... 79

Restarting client computers .... ..... ..... ..... ......... ..... ..... ..... ..... ......... .. 80

Contents8

About managed and unmanaged clients ..... ..... ..... ..... ..... ......... ..... .... 81

Installing an unmanaged client ..... ..... ..... .... ..... ..... ..... ..... ......... ..... .. 82

Uninstalling the client . ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... .. 82

Chapter 7 Upgrading and migrating to Symantec Endpoint

Protection Small Business Edition . ..... ..... ..... ......... ... 85

About migrating to Symantec Endpoint Protection Small Business

Edition . ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ... 86

Migrating from Symantec Client Security or Symantec

AntiVirus . ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ......... .... 87

About migrating computer groups .... ..... ......... ..... ..... ..... ..... ....... 88

Migrating group settings and policy settings ... ..... ..... ..... ......... .... 88

Upgrading to a new release .... ..... ..... ..... ......... ..... ..... ..... ..... ......... ... 90

Migrating a management server .... ......... ..... ..... ..... ..... .... ..... ..... ..... . 90

Stopping and starting the management server service .. ..... ..... ..... ..... .. 91

Disabling LiveUpdate in Symantec AntiVirus before migration ..... ..... ... 92

Disabling scheduled scans in Symantec System Center when you

migrate client computers ..... ..... ..... ..... ......... ..... ..... ..... ..... ........ 93

Turning off the roaming service .... ..... ......... ..... ..... ..... ..... ......... ..... .. 93

Uninstalling and deleting reporting servers ..... ..... ..... ..... ......... ..... .... 94

Unlocking server groups in Symantec System Center .... ......... ..... ..... ... 95

About upgrading client software .... ..... ..... ......... ..... ..... ..... ..... ......... . 95

Upgrading clients by using AutoUpgrade .... ..... .... ..... ..... ..... ..... ......... 96

Section 2 Managing protection on Symantec

Endpoint Protection Small Business

Edition . ..... ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... . 99

Chapter 8 Managing groups of client computers .... ..... ..... ..... ..... .. 101

Managing groups of computers .... ..... ..... ..... ......... ..... ..... ..... ..... ..... 101

How you can structure groups . .... ..... ..... ..... ..... ......... ..... ..... ..... ..... 103

Adding a group ... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... .... 104

Blocking clients from being added to groups . ..... ..... ..... ......... ..... ..... . 104

Viewing assigned computers ..... ..... ..... ......... ..... ..... ..... ..... .... ..... ... 105

Moving a client computer to another group . ..... ..... ..... .... ..... ..... ..... .. 105

Guidelines for managing portable computers .... ..... ..... ..... .... ..... ..... .. 105

9Contents

Chapter 9 Managing clients .... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... . 107

Managing client computers ..... ..... ..... ..... ..... ......... ..... ..... ..... ......... 107

About the client protection status icons . ..... .... ..... ..... ..... ..... ......... ... 108

Viewing the protection status of clients and client computers . ..... ..... .. 109

Viewing a client computer's properties . ..... ..... ..... ..... .... ..... ..... ..... ... 110

About enabling and disabling protection . ..... .... ..... ..... ..... ..... ......... .. 111

About commands you can run on client computers ... ..... ..... ..... ......... 113

Running commands on the client computer from the console .. ..... ..... . 114

Converting an unmanaged client to a managed client . ..... ..... ..... ........ 115

Chapter 10 Using policies to manage security .... ......... ..... ..... ..... ..... 117

The types of security policies . ..... .... ..... ..... ..... ..... ......... ..... ..... ..... .. 118

Performing tasks that are common to all security policies . ..... ......... ... 119

Adding a policy . ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... 121

Copying and pasting a policy ... ..... ......... ..... ..... ..... ..... ......... ..... ..... 121

Editing a policy . ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... . 122

Locking and unlocking policy settings ..... ..... ..... ..... ..... ......... ..... ..... 122

Assigning a policy to a group . ..... ..... ......... ..... ..... ..... ..... ......... ..... .. 123

Viewing assigned policies .... ..... ......... ..... ..... ..... ..... ......... ..... ..... .... 124

Testing a security policy ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... 124

Replacing a policy ........ ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ..... ..... 125

Exporting and importing policies .... ..... ..... ......... ..... ..... ..... ..... ....... 125

Deleting a policy permanently .... ......... ..... ..... ..... ..... ......... ..... ..... .. 126

How the client computers get policy updates .. ..... ..... ..... ......... ..... .... 126

Using the policy serial number to check client-server

communication . ..... ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... 127

Chapter 11 Managing Virus and Spyware Protection .... ..... ..... ..... .. 129

Preventing and handling virus and spyware attacks on client

computers ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ... 130

Remediating risks on the computers in your network . ..... ......... ..... .... 132

Identifying the infected and at-risk computers .... ..... ..... ......... .... 134

Checking the scan action and rescanning the identified

computers ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... . 135

Managing scans on client computers . ..... ..... ..... ..... ......... ..... ..... ..... . 136

About the types of scans and real-time protection .... ..... ..... ..... ... 139

About the types of Auto-Protect ..... ..... ..... ..... ......... ..... ..... ..... .. 142

About virus and security risks .... ..... ..... .... ..... ..... ..... ..... ......... .. 144

About the files and folders that Symantec Endpoint Protection

excludes from virus and spyware scans . .... ..... ..... ..... ..... ..... 146

Contents10

About submitting information about detections to Symantec

Security Response . ..... ..... ..... ..... ......... ..... ..... ..... ..... ........ 151

About submissions throttling .... .... ..... ..... ..... ..... ......... ..... ..... .. 152

About the default Virus and Spyware Protection policy scan

settings ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... 153

How Symantec Endpoint Protection Small Business Edition

handles detections of viruses and security risks .. ..... ..... ..... .. 156

Setting up scheduled scans that run on Windows computers . ..... ..... ... 157

Setting up scheduled scans that run on Mac computers .. ..... ..... ..... .... 159

Running on-demand scans on client computers . ..... ..... ..... .... ..... ..... . 160

Adjusting scans to improve computer performance ..... ..... ..... ..... ...... 161

Adjusting scans to increase protection on your client computers . ..... ... 163

Managing Download Insight detections . ..... ..... ......... ..... ..... ..... ..... .. 165

How Symantec Endpoint Protection Small Business Edition uses

reputation data to make decisions about files . ..... ..... ......... ..... ... 169

How SymantecEndpoint ProtectionSmall BusinessEdition protection

features work together . ......... ..... ..... ..... ..... ......... ..... ..... ..... .... 170

Enabling or disabling client submissions to Symantec Security

Response ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... .... 172

Managing the Quarantine ....... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... 174

Using the Risk log to delete quarantined files on your client

computers ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... . 175

Managing the virus and spyware notifications that appear on client

computers ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ... 176

Chapter 12 Customizing scans .... ..... ..... ......... ..... ..... ..... ..... ......... ..... ... 179

Customizing the virus and spyware scans that run on Windows

computers ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ... 180

Customizing the virus and spyware scans that run on Mac

computers ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ... 181

Customizing Auto-Protect for Windows clients . ..... ......... ..... ..... ..... .. 182

Customizing Auto-Protect for Mac clients ..... ......... ..... ..... ..... ..... ..... 183

Customizing Auto-Protect for email scans on Windows

computers ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ... 184

Customizing administrator-defined scans for clients that run on

Windows computers ... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... 185

Customizing administrator-defined scans for clients that runon Mac

computers ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ... 186

Randomizing scans toimprove computer performance in virtualized

environments ........ ..... ..... ..... ..... ......... ..... ..... ..... ......... ..... .... 187

Modifying global scan settings for Windows clients . ..... ..... ..... ..... ..... 188

Customizing Download Insight settings . ..... ..... ..... ..... ......... ..... ..... .. 189

11Contents

Changing the action that Symantec Endpoint Protection Small

Business Edition takes when it makes a detection ..... ..... ......... .... 190

Allowing users to view scan progress and interact with scans ..... ........ 192

Chapter 13 Managing SONAR ........ ..... ..... ..... ..... ......... ..... ..... ..... ..... ..... 195

About SONAR .... ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... 195

About the files and applications that SONAR detects ..... ..... ..... ......... . 196

Managing SONAR . ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... ....... 196

Monitoring SONAR detection results to check for false positives . ..... ... 198

Enabling or disabling SONAR ..... ..... ..... ..... ..... ......... ..... ..... ..... ..... . 200

Chapter 14 Managing Tamper Protection ..... .... ..... ..... ..... ..... ......... ... 201

About Tamper Protection ..... ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ... 201

Changing Tamper Protection settings .... ..... ..... ......... ..... ..... ..... ..... . 202

Chapter 15 Managing firewall protection ..... ..... .... ..... ..... ..... ..... ........ 205

Managing firewall protection ......... ..... ..... ..... ..... ......... ..... ..... ..... ... 205

How a firewall works . ..... ..... ..... ......... ..... ..... ..... ..... .... ..... ..... .. 206

About the Symantec Endpoint Protection firewall ..... ..... ..... ..... .. 207

Creating a firewall policy .. ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ..... . 209

Enabling and disabling a firewall policy .... ..... ..... ......... ..... ..... ... 210

Adjusting the firewall security level . ..... ..... ..... ......... ..... ..... ..... . 211

About firewall rules . ..... ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... 212

About thefirewall rule, firewall setting, and intrusion prevention

processing order ... ..... ..... ..... ......... ..... ..... ..... ..... .... ..... .... 213

Changing the order of firewall rules . ..... ..... .... ..... ..... ..... ..... ...... 213

How the firewall uses stateful inspection . ..... ..... ..... ......... ..... .... 214

About firewall rule application triggers ... ..... ..... ..... ..... .... ..... .... 214

About firewall rule host triggers .... ..... ..... ..... ......... ..... ..... ..... ... 217

About firewall rule network services triggers ..... ..... ..... ......... ..... 219

Setting up firewall rules . ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ........ 219

Adding a new firewall rule ........ ..... ..... ..... ..... ......... ..... ..... ..... .. 220

Copying and pasting firewall rules . ..... .... ..... ..... ..... ..... ......... .... 221

Customizing firewall rules ... ..... ..... ..... ..... ......... ..... ..... ..... ..... . 221

Chapter 16 Managing intrusion prevention .... ..... ..... ..... ..... ......... ..... 229

Managing intrusion prevention on your client computers ..... ......... .... 229

How intrusion prevention works ....... ..... ..... ..... ..... ......... ..... ..... ..... 232

About Symantec IPS signatures .... ..... ......... ..... ..... ..... ..... .... ..... ..... . 233

Enabling or disabling network intrusion prevention or browser

intrusion prevention ... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... ..... 233

Contents12

Creating exceptions for IPS signatures ... ..... ..... ..... ......... ..... ..... ..... . 234

Chapter 17 Managing exceptions .... ..... ..... ......... ..... ..... ..... ..... .... ..... .... 237

About exceptions to Symantec Endpoint Protection Small Business

Edition ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... ..... .. 237

Managing exceptions for Symantec Endpoint Protection Small

Business Edition ..... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... .... 238

Creating exceptionsfor SymantecEndpoint Protection Small Business

Edition ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... ..... .. 240

Excluding a file or a folder from scans . ..... ..... ..... ..... ......... ..... ... 244

Excluding known risks from virus and spyware scans ... ..... ..... ..... 245

Excluding file extensions from virus and spyware scans .... ......... . 245

Forcing scans to detect an application ........ ..... ..... ..... ..... ......... . 246

Specifying how Symantec Endpoint Protection Small Business

Edition handlesan application that scans detect or thatusers

download .. ..... ..... ..... ......... ..... ..... ..... ..... .... ..... ..... ..... ..... 247

Excluding a trusted Web domain from scans .... .... ..... ..... ..... ..... .. 247

Creating a Tamper Protection exception .... ..... ..... ..... ..... .... ..... .. 248

Restricting thetypes of exceptions that users can configureon client

computers ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ... 249

Creating exceptionsfrom log events in Symantec Endpoint Protection

Manager ... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... . 249

Chapter 18 Configuring updates and updating client computer

protection . ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ..... .. 251

Managing content updates ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... . 251

How client computers receive content updates .... ..... ..... ..... ..... ... 253

Configuring the LiveUpdate download schedule for Symantec

Endpoint Protection Manager ......... ..... ..... ..... ..... ......... ..... ..... . 255

Downloading LiveUpdate content manually to Symantec Endpoint

Protection Manager . ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ... 256

Viewing LiveUpdate downloads ..... ..... ......... ..... ..... ..... ..... ......... ..... 256

Checking LiveUpdate server activity . ..... ......... ..... ..... ..... ..... ......... .. 256

Configuring Symantec Endpoint Protection Manager to connect to a

proxy server to access the Internet . ..... ..... ..... ......... ..... ..... ..... .. 257

Enabling and disabling LiveUpdate scheduling for client

computers ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ... 257

Configuring the LiveUpdate download schedule for client

computers ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ... 258

13Contents

Chapter 19 Monitoring protection with reports and logs . ..... ..... .... 261

Monitoring endpoint protection .... ..... ..... ..... ..... ......... ..... ..... ..... .... 261

Viewing a daily or weekly status report .. ..... ..... ..... ......... ..... ..... 263

Viewing system protection ... ..... .... ..... ..... ..... ..... ......... ..... ..... .. 264

Finding offline computers .. ..... ..... ..... ......... ..... ..... ..... ..... ........ 265

Finding unscanned computers . ..... ..... ..... ......... ..... ..... ..... ........ 265

Viewing risks . ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ... 266

Viewing client inventory . ......... ..... ..... ..... ..... ......... ..... ..... ..... .. 266

Viewing attack targets and sources .. ..... ..... ..... ......... ..... ..... ..... . 267

Configuring reporting preferences .... ..... ..... ..... .... ..... ..... ..... ..... ...... 268

About the types of reports . ..... ..... ......... ..... ..... ..... ..... .... ..... ..... ..... . 268

Running and customizing quick reports . ..... ..... ..... ......... ..... ..... ..... . 270

Saving and deleting custom reports . ......... ..... ..... ..... ..... ......... ..... ... 272

Creating scheduled reports .... ..... ..... ......... ..... ..... ..... ..... .... ..... ..... .. 273

Editing the filter used for a scheduled report . ..... ..... ..... ..... ......... ..... 274

Printing and saving a copy of a report ........ ..... ..... ..... ..... ......... ..... .. 275

Viewing logs .. ..... ..... ..... ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ........ 275

About logs ..... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... .. 277

Saving and deleting custom logs by using filters .... ..... ..... ......... .. 279

Running commands on the client computer from the logs . ..... ..... ....... 280

Chapter 20 Managing notifications .... ..... ..... ..... ......... ..... ..... ..... ..... .... 283

Managing notifications .... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... .. 283

How notifications work ..... ..... ..... ......... ..... ..... ..... ..... ......... .... 284

About the preconfigured notifications . ..... ..... ..... ..... ......... ..... ... 285

About partner notifications .. ..... ..... ..... ......... ..... ..... ..... ..... ...... 288

Establishing communication between the management server and

email servers .... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... 289

Viewing and acknowledging notifications ... ..... ..... ..... ..... ......... ..... .. 289

Saving and deleting administrative notification filters .. ..... ..... ..... ..... 290

Setting up administrator notifications .... ..... ..... ......... ..... ..... ..... ..... . 291

How upgrades from another version affect notification

conditions . ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... ...... 292

Chapter 21 Managing administrator accounts . ..... ..... ..... ..... ......... ... 295

Managing administrator accounts . ..... ..... ..... ..... .... ..... ..... ..... ..... .... 295

About administrator accounts ........ ..... ..... ..... ..... ......... ..... ..... ..... ... 296

Adding an administrator account ... ......... ..... ..... ..... ..... ......... ..... .... 297

About access rights . ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ..... . 298

Configuring the access rights for a limited administrator ..... ..... ..... .... 299

Changing an administrator password .... ..... ......... ..... ..... ..... ..... ....... 299

Contents14

Allowing administrators to save logon credentials . ......... ..... ..... ..... ... 300

Allowing administrators to reset forgotten passwords . ..... ..... ..... ....... 300

Resetting a forgotten password .. ..... ..... ..... ..... ......... ..... ..... ..... ..... .. 301

Resetting the administrator user name and password to admin ..... ..... . 302

Section 3 Maintaining your security

environment . ..... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... . 303

Chapter 22 Preparing for disaster recovery .... ..... ......... ..... ..... ..... ..... 305

Preparing for disaster recovery .. ..... ..... ..... ......... ..... ..... ..... ..... ....... 305

Backing up the database and logs ..... ..... ......... ..... ..... ..... ..... .... ..... .. 306

Section 4 Troubleshooting Symantec Endpoint

Protection ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... .. 309

Chapter 23 Performing disaster recovery . ..... ......... ..... ..... ..... ..... ....... 311

Performing disaster recovery ... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... 311

Restoring the database . ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... ..... 312

Reinstalling or reconfiguring Symantec Endpoint Protection

Manager ... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... . 313

Chapter 24 Troubleshooting installation and communication

problems ........ ..... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... . 315

Downloading the Symantec Endpoint Protection Support Tool to

troubleshoot computer issues ..... ..... ..... ..... ......... ..... ..... ..... ..... 315

Identifying the point of failure of an installation . ..... ..... ..... ..... ......... 316

Troubleshooting communication problemsbetween themanagement

server and the client .... ......... ..... ..... ..... ..... ......... ..... ..... ..... .... 316

Viewing the client connection status on the client .. ..... ..... ..... ..... 318

How to determine whether the client is connected and

protected ........ ..... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... .... 318

Investigating protectionproblems using the troubleshooting file

on the client . ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... ....... 319

Stopping and starting the Apache Web server ..... ..... ..... ..... ..... ... 320

Using the ping command to test the connectivity to the

management server ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ... 320

Checking the debug log on the client computer .... ..... ..... ..... ....... 320

Checking the inbox logs on the management server .... ..... ..... .... .. 321

15Contents

Recovering client communication settings by using the

SylinkDrop tool . ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ... 321

Troubleshooting communication problemsbetween themanagement

server and the console or the database .... ..... ..... ..... ..... .... ..... .... 322

Verifying the connection with the database . ..... ..... ..... ......... ..... . 323

Chapter 25 Troubleshooting reporting issues .... ..... ..... ..... ..... ......... . 325

Troubleshooting reporting issues . ......... ..... ..... ..... ..... .... ..... ..... ..... . 325

Troubleshooting context-sensitive help for the reporting

console . ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ..... ..... ..... . 327

Changing reporting fonts to display Asian languages . ..... ..... ..... ..... ... 327

Accessing reporting pages when the use of loopback addresses is

disabled . ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... 328

About recovering a corrupted client System Log on 64-bit

computers ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ... 329

Appendix A Migration and client deployment reference ..... ..... ..... .. 331

Where to go for information on upgrading and migrating .... ..... ..... .... 331

Supported server upgrade paths ..... ..... ..... ......... ..... ..... ..... ..... ........ 333

Supported client upgrade paths ... ..... ..... ..... ..... ......... ..... ..... ..... ..... . 333

Migrations that are supported and unsupported for the Mac

client . ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ..... ... 334

Feature mapping between 12.0 clients and 12.1 clients . ..... .... ..... ..... .. 335

Client protection features by platform . ..... ......... ..... ..... ..... ..... .... ..... 338

Management features by platform .. ..... ..... ..... ......... ..... ..... ..... ..... ... 339

Virus and Spyware Protection policy settings available for Windows

and Mac . ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... ..... 340

LiveUpdate policy settings available for Windows and Mac ....... ..... .... 341

Increasing SymantecEndpoint Protection Manager disk space before

upgrading to version 12.1 .... ..... ..... ......... ..... ..... ..... ..... ......... .. 342

Index ..... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... ........ 345

Contents16

Introducing Symantec
Endpoint Protection Small
Business Edition

This chapter includes the following topics:

■ About Symantec Endpoint Protection Small Business Edition

■ What's new in version 12.1

■ About the types of threat protection thatSymantec EndpointProtection Small

Business Edition provides

■ Protecting your network with Symantec Endpoint Protection Small Business

Edition

About Symantec Endpoint Protection Small Business
Edition

Symantec Endpoint Protection Small Business Edition is a client-server solution

that protects laptops, desktops, Mac computers, and servers in your network

against malware. Symantec Endpoint Protection combines virus protection with

advanced threat protection to proactively secure your computers against known

and unknown threats.

Symantec Endpoint Protection protects against malware such as viruses, worms,

Trojan horses, spyware, and adware. It provides protection against even the most

sophisticated attacks that evade traditional security measures such as rootkits,

zero-day attacks, and spywarethat mutates. Providinglow maintenance andhigh

power, SymantecEndpoint Protection Small Business Edition communicates over

1

Chapter

your network to automatically safeguard computers against attacks for both
physical systems and virtual systems.

This comprehensive solution protects confidential and valuable information by
combining multiple layers of protection on a single integrated client. Symantec
Endpoint Protection reduces management overhead, time, and cost by offering a
single management console and the single client.

See “About the types of threat protection that Symantec Endpoint Protection

Small Business Edition provides” on page 21.

What's new in version 12.1

The current release includes the following improvements that make the product
easier and more efficient to use.

Table 1-1 displays the new features in version 12.1.

Introducing Symantec Endpoint Protection Small Business Edition

What's new in version 12.1

18

Table 1-1

New features in version 12.1

DescriptionFeature

The most significant improvements include the following policy features to provide better
protection on the client computers.

■ The Virusand SpywareProtection policydetects threatsmore accuratelywhile itreduces

false positives and improves scan performance with the following technologies:

■ SONAR replaces the TruScan technology to identify malicious behaviorof unknown

threats using heuristics and reputation data. While TruScan runs on a schedule,
SONAR runs at all times.

See “Managing SONAR” on page 196.

■ Auto-Protect providesadditional protectionwith DownloadInsight, whichexamines

the files that users try to download through Web browsers, text messaging clients,
and other portals. Download Insight uses reputation information from Symantec
Insight to make decisions about files.

See “Managing Download Insight detections” on page 165.
See “How Symantec Endpoint Protection Small Business Edition uses reputation

data to make decisions about files” on page 169.

■ Insight lets scans skip Symantec and community trusted files, which improves scan

performance.
See “Modifying global scan settings for Windows clients” on page 188.

■ Insight Lookup detects the application files that might not typically be detected as

risks and sends information from the files to Symantec for evaluation. If Symantec
determines that the application files are risks, the client computer then handles the
files as risks. Insight Lookup makes malware detection faster and more accurate.

See “Customizing administrator-defined scans for clients that run on Windows

computers” on page 185.

■ The Firewall policy includes firewall rules to block IPv6-based traffic.

See “Customizing firewall rules” on page 221.

■ The Intrusion Prevention policy includes browser intrusion prevention, which uses IPS

signatures to detect the attacks that are directed at browser vulnerabilities.
See “Enablingor disablingnetwork intrusionprevention orbrowser intrusion prevention”

on page 233.

Better securityagainst
malware

19Introducing Symantec Endpoint Protection Small Business Edition

What's new in version 12.1

Table 1-1

New features in version 12.1 (continued)

DescriptionFeature

Symantec EndpointProtection Managerhelps youmanage theclient computers more easily
with the following new features:

■ Centralized licensing lets you purchase, activate, and manage product licenses from

the management console.
See “Licensing Symantec Endpoint Protection” on page 56.

■ The Symantec Endpoint Protection Manager logon screen enables you to have your

forgotten password emailed to you.
See “Logging on to the Symantec Endpoint Protection Manager console” on page 49.

■ The Monitors page includes a set of preconfigured email notifications that inform you

of the most frequently used events. The events include when new client software is
available, when a policy changes, license renewal messages, and when themanagement
server locates unprotected computers. The notifications are enabled by default and
support the BlackBerry, iPhone, and Android.

See “About the preconfigured notifications” on page 285.

■ Improved status reporting automatically resets the Still Infected Status for a client

computer once the computer is no longer infected.

Faster and more
flexible management

To increase the speed between the management server and the management console,
database, and the client computers:

■ Virus and spyware scans use Insight to let scans skip safe files and focus on files at risk.

Scans that use Insight are faster and more accurate, and reduce scan overhead by up to
70 percent.

See “Modifying global scan settings for Windows clients” on page 188.
See “Customizing Auto-Protect for Windows clients” on page 182.
See “About commands you can run on client computers”on page 183 on page 183.
See “Adjusting scans to improve computer performance” on page 161.

■ LiveUpdate can run when the client computer is idle, has outdated content, or has been

disconnected, which uses less memory.

Better server and
client performance

In SymantecEnterprise ProtectionSmall BusinessEdition, youcan nowdeploy andmanage
Mac clients on Symantec Endpoint Protection Manager for Symantec Endpoint Protection
Small Business Edition.

See “Deploying clients using a Web link and email” on page 76.

Support for Mac
clients

Introducing Symantec Endpoint Protection Small Business Edition

What's new in version 12.1

20

Table 1-1

New features in version 12.1 (continued)

DescriptionFeature

You caninstall the product faster and easier than before with the following new installation
features:

■ You can upgrade to the current version of the product while the legacy clients stay

connected and protected.

■ A new quick report for deployment shows which computers have successfully installed

the client software.
See “Running and customizing quick reports” on page 270.

Improved installation
process

Symantec Endpoint Protection Manager now supports the following additional operating
systems:

■ VMware Workstation 7.0 or later

■ VMware ESXi 4.0.x or later

■ VMware ESX 4.0.x or later

■ VMware Server 2.0.1

■ Citrix XenServer 5.1 or later

Symantec Endpoint Protection Manager now supports the following Web browsers:

■ Internet Explorer 7.0, 8.0, 9.0

■ Firefox 3.6, 4.0

See “System requirements” on page 41.

Support for additional
operating systems

About the types of threat protection that Symantec
Endpoint Protection Small Business Edition provides

Symantec Endpoint Protection Small Business Edition uses state-of-the-art

protection to integrate multiple types of protection on each computer in your

network. It offers advanced defense against all types of attacks for both physical

systems and virtual systems. You need combinations of all the protection

technologies to fully protect and customize the security in your environment.

Symantec Endpoint Protection Small Business Edition combines traditional

scanning, behavioral analysis, intrusion prevention, and community intelligence

into a superior security system.

Table 1-2 describes the types of protection that the product provides and their

benefits.

21Introducing Symantec Endpoint Protection Small Business Edition

About the types of threat protection that Symantec Endpoint Protection Small Business Edition provides

Table 1-2

Layers of protection

BenefitDescriptionProtection

type

Virus and Spyware Protection detects new
threats earlier and more accurately using not
just signature-based and behavioral-based
solutions, but other technologies.

■ Symantec Insight provides faster and more

accurate malwaredetection todetect thenew
and the unknown threats that other
approaches miss. Insight identifies new and
zero-day threats by using the collective
wisdom of over millions of systems in
hundreds of countries.

■ Bloodhound uses heuristics to detect a high

percentage of known and unknown threats.

■ Auto-Protect scansfiles from a signature list

as they are read from or written to the client
computer.

Virus and Spyware Protection protects
computers from viruses and security risks, and
in many cases can repair their side effects. The
protection includes real-time scanning of files
and email as well as scheduled scans and
on-demand scans. Virus and spyware scans
detect viruses and the security risks that can
put a computer, as well as a network, at risk.
Security risks include spyware, adware, and
other malicious files.

See “Managing scans on client computers”
on page 136.

Virus and
Spyware
Protection

■ The rules-based firewall engine shields

computers from malicious threats before
they appear.

■ The IPS scans network traffic and files for

indications of intrusions or attempted
intrusions.

■ Browser Intrusion Prevention scans for

attacks that are directed at browser
vulnerabilities.

■ Universal download protection monitors all

downloads from the browser and validates
that the downloads are not malware.

Network Threat Protection provides a firewall
and intrusion prevention protection to prevent
intrusion attacks and malicious content from
reaching the computer that runs the client
software.

The firewall allows or blocks network traffic
based on the various criteria that the
administrator sets.If the administrator permits
it, end users can also configure firewall policies.

The IntrusionPrevention System(IPS) analyzes
all the incoming and the outgoing information
for the data patterns that are typical of an
attack. It detects and blocks malicious traffic
and attempts by outside users to attack the
client computer. Intrusion Prevention also
monitors outbound traffic and prevents the
spread of worms.

See “Managingfirewall protection”on page205.

See “Managing intrusion prevention on your

client computers” on page 229.

Network Threat
Protection

Introducing Symantec Endpoint Protection Small Business Edition

About the types of threat protection that Symantec Endpoint Protection Small Business Edition provides

22

Table 1-2

Layers of protection (continued)

BenefitDescriptionProtection

type

SONAR examines programs as they run, and
identifies and stops malicious behavior of new
and previously unknown threats. SONAR uses
heuristics as well as reputation data to detect
emerging and unknown threats.

Proactive Threat Protection uses SONAR to
protect against zero-day attack vulnerabilities
in yournetwork. Zero-day attack vulnerabilities
are the new vulnerabilities that are not yet
publicly known. Threats that exploit these
vulnerabilities can evade signature-based
detection, suchas spywaredefinitions. Zero-day
attacks may be used in targeted attacks and in
the propagation of malicious code. SONAR
provides real-time behavioral protection by
monitoring processes and threats as they
execute.

See “Managing SONAR” on page 196.

Proactive Threat
Protection

The management server enforces each protection by using an associated policy

that is downloaded to the client.

Figure 1-1 shows the categories of threats that each type of protection blocks.

23Introducing Symantec Endpoint Protection Small Business Edition

About the types of threat protection that Symantec Endpoint Protection Small Business Edition provides

Figure 1-1

An overview of protection layers

Virus and Spyware Protection

Endpoint

Network Interface Card

Back doors
DoS attacks
Port scans
Stack attacks
Trojans
Worms

Internet

Memory / peripherals

File system

Proactive Threat Protection

File/process/

registry
modifications

Firewall
policy

Intrusion
Prevention
policy

Application and
Device Control
policy

Company

Network

Virus and Spyware
Protection policy
(SONAR)

Adware
Back doors
Mutating threats
Spyware
Trojans
Worms
Viruses

Insider threats
Keyloggers
Retro viruses
Spyware
Targeted attacks
Trojans
Worms
Zero day threats
DNS and host

file changes

Network
Threat
Protection

Application

vulnerabilities
Back doors
OS vulnerabilities
Trojans
Worms

Virus and Spyware
Protection policy

See “Components of Symantec Endpoint Protection Small Business Edition”
on page 37.

Introducing Symantec Endpoint Protection Small Business Edition

About the types of threat protection that Symantec Endpoint Protection Small Business Edition provides

24

Protecting your network with Symantec Endpoint
Protection Small Business Edition

You protect the computers in your network by installing and managing the
Symantec Endpoint Protection Manager and the Symantec Endpoint Protection
Small Business Edition client.

Table 1-3 outlines the main high-level tasks that you need to do to use Symantec

Endpoint Protection Small Business Edition.

Table 1-3

Steps to set up, configure, and manage Symantec Endpoint
Protection Small Business Edition

DescriptionTask

You caninstall SymantecEndpoint ProtectionManager and
the Symantec Endpoint Protection Small Business Edition
client and protect your network in a few easy steps.

See “Getting up and running on Symantec Endpoint

Protection Small Business Edition for the first time”

on page 26.

Setting up Symantec
Endpoint Protection Small
Business Edition

Symantec EndpointProtection Managercomes with default
settings and policies so that your network is protected
immediately afteryou install.You can modify these settings
to suit your network environment.

See “Managingprotection on client computers” on page 29.

Managing Symantec
Endpoint Protection Small
Business Edition

You might need to perform some ongoing maintenance to
keep your network environment running smoothly at peak
performance. For example, you must back up the database
in case you need to perform disaster recovery.

See “Maintaining the security of your environment”
on page 30.

Maintaining a secure
network environment

If you have problems installing or using the product,
Symantec EndpointProtection Managerincludes resources
to help fix common issues, such as client-server
communication and virus outbreaks.

See “Troubleshooting Symantec Endpoint ProtectionSmall

Business Edition” on page 31.

Troubleshooting Symantec
Endpoint Protection Small
Business Edition

See “Components of Symantec Endpoint Protection Small Business Edition”
on page 37.

25Introducing Symantec Endpoint Protection Small Business Edition

Protecting your network with Symantec Endpoint Protection Small Business Edition

Getting up and running on Symantec Endpoint Protection Small
Business Edition for the first time

You should assess your security requirements and decide if the default settings
provide the balance of performance and security you require. Some performance
enhancements can be made immediately after you install Symantec Endpoint
Protection Manager.

Table 1-4 lists the tasks you should perform to install and protect the computers

in your network immediately.

Table 1-4

Tasks to install and configure Symantec Endpoint Protection Small
Business Edition

DescriptionAction

Whether you install the product for the first time, upgrade from a previous version, or
migrate from another product, you install Symantec Endpoint Protection Manager first.

See “Installing the management server and the console” on page 45.

See “Aboutmigrating toSymantec EndpointProtection SmallBusiness Edition” on page 86.

Install or migrate the
management server

You can add the groups that contain computers based on the level of security or function
the computers perform. For example, you should put computers with a higher level of
security in one group, or a group of Mac computers in another group.

See “How you can structure groups” on page 103.

See “Adding a group” on page 104.

See “Guidelines for managing portable computers” on page 105.

Create groups

Change the following default scan settings:

■ For the servers group, change the scheduled scan time to a time when most users are

offline.
See “Setting up scheduled scans that run on Windows computers” on page 157.

Modify the Virus and
Spyware Protection
policy

Purchase and activate a license within 30 days of product installation.

See “Activating your product license” on page 59.

Activate the product
license

Before you install the client software, perform the following tasks, if necessary:

■ Uninstall third-party virus protection software from your computers.

For more information on a tool to uninstall any competitive product automatically,
see the knowledge base article, SEPprep competitive product uninstall tool.

■ If you deploy client softwareremotely, first modify the firewall settings on your client

computers to allow communication between the computers and the management
server.

See “Preparing for client installation” on page 71.

Prepare computers for
client installation
(optional)

Introducing Symantec Endpoint Protection Small Business Edition

Protecting your network with Symantec Endpoint Protection Small Business Edition

26

Table 1-4

Tasks to install and configure Symantec Endpoint Protection Small
Business Edition (continued)

DescriptionAction

Deploy the client software.

See “Deploying clients using a Web link and email” on page 76.

Install the client
software withthe Client
Deployment Wizard

In the management console, on the Computers > Computers page:

1

Change the view to Client status to make sure that the client computers in each
group communicate with the management server.

Look at the information in the following columns:

■ The Computer column displays a green dot for the clients that are connected to

the management server.

■ The Last Time Status Changed column displays the time that the client last

communicated with the management server.

■ The RestartRequired column displays whichclient computers you need to restart

to enable protection.
See “Restarting client computers” on page 80.

■ The PolicySerial Number column displays themost currentpolicy serialnumber.

The policy might not update for one to two heartbeats.
See “Using the policy serial number to check client-server communication”

on page 127.

2

Change tothe Protection technology view and ensure thatthe following protections
are On:

■ Antivirus status

■ Firewall status

See “Viewing the protection status of clients and client computers” on page 109.

3

On the client, check that the client is connected to a server, and check that the policy
serial number is the most current one.

See “Viewing the client connection status on the client” on page 318.

See “Troubleshooting communication problems between the management server and the

client” on page 316.

Check that the
computers are listed in
the groups that you
expected and that the
client communicates
with the management
server

Make sure that the content updates download to client computers at a time that affects
users the least.

See “Configuring the LiveUpdate download schedule for Symantec Endpoint Protection

Manager” on page 255.

Check the LiveUpdate
schedule and adjust if
necessary

27Introducing Symantec Endpoint Protection Small Business Edition

Protecting your network with Symantec Endpoint Protection Small Business Edition

Table 1-4

Tasks to install and configure Symantec Endpoint Protection Small
Business Edition (continued)

DescriptionAction

Alerts and notifications are critical to maintaining a secure environment and can also
save you time.

See “Managing notifications” on page 283.

Configure Symantec
Endpoint Protection
Manager to send email
alerts

Create anotification for a Singleriskevent and modify the notification forRiskOutbreak.

For these notifications, do the following:

1

Change the Risk severity to Category 1 (Very Low and above) to avoid receiving
emails about tracking cookies.

2

Keep the Damper setting at Auto.

See “Setting up administrator notifications” on page 291.

Configure notifications
for a single risk
outbreak and when a
new risk is detected

Table 1-5 displays the tasks to perform after youinstall and configure the product

to assess whether the client computers have the correct level of protection.

Table 1-5

Tasks to perform two weeks after you install

DescriptionAction

You can increase performance so that the client does not scan certain folders and files.
For example, the client scans the mail server every time a scheduled scan runs.

You can also exclude files by extension for Auto-Protect scans.

See “Creating exceptions for Symantec Endpoint Protection Small Business Edition”
on page 240.

See “Customizing Auto-Protect for Windows clients” on page 182.

See “About commands you can run on client computers”on page 183 on page 183.

Exclude applicationsand
files frombeing scanned

Run the quick reports and scheduled reports to see whether the client computers have
the correct level of security.

See “About the types of reports” on page 268.

See “Running and customizing quick reports” on page 270.

See “Creating scheduled reports” on page 273.

Run a quick report and
scheduled report after
the scheduled scan

Review monitors, logs, and the status of client computers to make sure that you have the
correct level of protection for each group.

See “Monitoring endpoint protection” on page 261.

Check to ensure that
scheduled scans have
been successful and
clients operate as
expected

Introducing Symantec Endpoint Protection Small Business Edition

Protecting your network with Symantec Endpoint Protection Small Business Edition

28

Managing protection on client computers

You use a single management console to manage the protection on the client
computers. Although the client computers are protected immediately, you might
need to modify the protection to suit your needs.

Table 1-6 outlines the tasks that you can perform if you need to adjust the default

settings.

Table 1-6

Modifying protection on the client computer

DescriptionTask

You apply protection to the client computers based on the group that you place a computer
in. The computers in each group have the same level of security.

You can import your company's existing group structure. You can also create new groups.

To determinewhich groups to add, first consider the structure of the network. Or, ifyou create
a new group structure, you base your group structure on function, role, geography, or a
combination ofcriteria. Forexample, consider the number of computers at the site, or whether
the computers are the same type, such as Windows or Mac computers.

See “Managing groups of computers” on page 101.

See “Managing client computers” on page 107.

Organizing and
managing groups

Symantec Endpoint Protection Manager includes default policies for each type of protection.
The policies balance the need for protection with performance. Out of the box, the default
policies provide appropriate settings for large and small organizations. You may want to
adjust settings over time based on your company needs.

See “The types of security policies” on page 118.

See “About the types of threat protection that Symantec Endpoint Protection Small Business

Edition provides” on page 21.

See “Managing scans on client computers” on page 136.

See “Managing firewall protection” on page 205.

See “Managing intrusion prevention on your client computers” on page 229.

Modifying
protection

Security policies must be applied to a group before the clients apply the policies to the client
computer. You can create policies that all groups share or that apply to only one group.
Symantec Endpoint Protection Manager makes it easy to add and modify policies for all the
security needs of your company.

See “Performing tasks that are common to all security policies” on page 119.

Managing policies

29Introducing Symantec Endpoint Protection Small Business Edition

Protecting your network with Symantec Endpoint Protection Small Business Edition

Table 1-6

Modifying protection on the client computer (continued)

DescriptionTask

Client computers need to receive periodic updates to protection content such as virus
definitions, intrusion prevention signatures, and product software. You can configure the
method, type of content, and schedule that Symantec Endpoint Protection Small Business
Edition uses to download the content to the client computers.

See “Managing content updates” on page 251.

Scheduling and
managing updates

You can configure the client to display different client features and protection features. How
you configure these features depends on how much control you want client computer users
in each group to have.

See “Locking and unlocking policy settings” on page 122.

Controlling user
access

Symantec recommends that you analyze which computers need which type of security. If you
did notdeploy the client installation package at the time that you installed Symantec Endpoint
Protection Manager, you can deploy the client software later.

You have the option to look for unprotected computers.

See “Preparing for client installation” on page 71.

See “Deploying clients using a Web link and email” on page 76.

Managing client
deployment

You use reports and logs to view the security status of the client computers. The reports and
logs help you to handle virus outbreaks and to increase the security and performance of your
company's network.

You canalso configurenotifications toalert administratorsand computerusers aboutpotential
security problems.

See “Monitoring endpoint protection” on page 261.

See “Managing notifications” on page 283.

Monitoring and
responding tostatus
changes

You can add administrator accounts so that different administrators have different levels of
control over managing the groups, policies, commands, and reports in Symantec Endpoint
Protection Manager.

See “Managing administrator accounts” on page 295.

Managing
administrators

Maintaining the security of your environment

After you have secured your network, you might want to modify the protection
and infrastructure to increase security or increase performance.

Introducing Symantec Endpoint Protection Small Business Edition

Protecting your network with Symantec Endpoint Protection Small Business Edition

30

Table 1-7

Tasks you can perform to maintain the security of your network

DescriptionTask

You should periodically check the Home page to view the overall security status of your
network. Youcan use the notifications, reports, and logsto providethe details on the security
status.

See “Monitoring endpoint protection” on page 261.

See “Managing notifications” on page 283.

Checking the
security status of
your network

You cancheck whether your license is about to expire or if you have too many deployed clients
for what your license covers.

See “Maintaining your product licenses” on page 64.

Maintaining licenses

To help mitigate a case of data corruption or a hardware failure, you should back up the
database regularly and make a copy of specific management server files.

See “Preparing for disaster recovery” on page 305.

Preparing for
disaster recovery

You can update the settings for the mail server, proxy server, and LiveUpdate servers.

See “Establishing communication between the management server and email servers”
on page 289.

See “Configuring Symantec Endpoint Protection Manager to connect to a proxy server to

access the Internet” on page 257.

Reconfiguring
servers

Troubleshooting Symantec Endpoint Protection Small Business Edition

Table 1-8 displays the most common issues that you might encounter when you

install and use Symantec Endpoint Protection Small Business Edition.

Table 1-8

Common issues you can troubleshoot

DescriptionTask

You candownload andrun theSymantec EndpointProtection SmallBusiness EditionSupport
Tool to verify that your computers are ready for installation. The support tool is provided
with the management server and the client. It is also available on the Symantec Support Web
site.

See “Downloadingthe SymantecEndpoint ProtectionSupport Toolto troubleshootcomputer

issues” on page 315.

Fixing installation
problems

31Introducing Symantec Endpoint Protection Small Business Edition

Protecting your network with Symantec Endpoint Protection Small Business Edition

Table 1-8

Common issues you can troubleshoot (continued)

DescriptionTask

You can prevent threats from attacking computers on your network.

See “Preventing and handling virus and spyware attacks on client computers” on page 130.

See “Remediating risks on the computers in your network” on page 132.

If a threat does attack a client computer, you can identify and respond to the threat. See the
following knowledge base article:

Best practices for troubleshooting viruses on a network.

Handling virus
outbreaks

If the latest virus definitions do not update correctly on Symantec Endpoint Protection
Manager or the clients, see the following knowledge base article:

Symantec Endpoint Protection: LiveUpdate Troubleshooting.

Troubleshooting
content update
problems

The communicationchannels betweenall of the Symantec Endpoint Protection Small Business
Edition componentsmust beopen. Thesechannels include, server to client, server to database,
and server and client to the content delivery component, such as LiveUpdate.

See “Troubleshooting communication problems between the management server and the

client” on page 316.

See “Troubleshooting communication problems between the management server and the

console or the database” on page 322.

See the following knowledge base article:

Troubleshooting Symantec Endpoint Protection Manager communication problems.

Fixing
communication
errors

In case of database corruption or hardware failure, you can restore the latest snapshot of the
database if you have a database backup file.

See “Performing disaster recovery” on page 311.

Performing disaster
recovery

You can solve various report and log issues.

See “Troubleshooting reporting issues” on page 325.

Troubleshooting
reporting issues

See theknowledge base article, Top "Best Practices" Articles for Symantec Endpoint

Protection.

Introducing Symantec Endpoint Protection Small Business Edition

Protecting your network with Symantec Endpoint Protection Small Business Edition

32

Installing Symantec Endpoint
Protection Small Business
Edition

■ Chapter 2. Planning the installation

■ Chapter 3. Installing Symantec Endpoint Protection Manager

■ Chapter 4. Managing product licenses

■ Chapter 5. Preparing for client installation

■ Chapter 6.Installing the Symantec Endpoint Protection Small Business Edition

client

■ Chapter 7. Upgrading and migrating to Symantec Endpoint Protection Small

Business Edition

1

Section

34

Planning the installation

This chapter includes the following topics:

■ Planning the installation

■ Components of Symantec Endpoint Protection Small Business Edition

■ Product license requirements

■ System requirements

■ About Symantec Endpoint Protection Manager compatibility with other

products

Planning the installation

Table 2-1summarizes the high-level steps to install Symantec Endpoint Protection

Small Business Edition.

Table 2-1

Installation planning

DescriptionActionStep

Understand thesizing requirementsfor yournetwork. Inaddition toidentifying
the endpoints requiring protection, scheduling updates, and other variables
should be evaluated to ensure good network and database performance.

For information to help you plan medium to large-scale installations, see the
Symantec white paper, Sizing and Scalability Recommendations for Symantec

Endpoint Protection Small Business Edition.

Purchase a license within 30 days of product installation.

See “Licensing Symantec Endpoint Protection” on page 56.

See “Product license requirements” on page 39.

Plan network
architecture and review
and purchase a license
within 30 days of
product installation

Step 1

2

Chapter

Table 2-1

Installation planning (continued)

DescriptionActionStep

Make sure your computers comply with the minimum system requirements
and that you understand the product licensing requirements.

See “System requirements” on page 41.

See “Product license requirements” on page 39.

Review system
requirements

Step 2

Uninstall other virus protection software from your computers, make sure
system-level accessis available,and open firewalls to allow remote deployment.

See “Preparing for client installation” on page 71.

See “PreparingWindows operatingsystems for remote deployment” on page 72.

Prepare computers for
installation

Step 3

Remotely deploying the client requires that certain ports and protocols are
open andallowed between the Symantec Endpoint Protection Managerand the
endpoint computers.

Open ports and allow
protocols

Step 4

Identify the user names, passwords, email addresses, and other installation
settings. Have the information on hand during the installation.

Identify installation
settings

Step 5

Install Symantec Endpoint Protection Manager.

If the network that supports your business is small and located in one
geographic location,you needto installonly oneSymantec Endpoint Protection
Manager. If your network is geographically dispersed, you may need to install
additional management servers for load balancing and bandwidth distribution
purposes.

See “Installing the management server and the console” on page 45.

Install the management
server

Step 6

If you are running legacy Symantec protection, you usually migrate policy and
group settings from your older version.

See “Aboutmigrating toSymantec EndpointProtection SmallBusiness Edition”
on page 86.

Migrate Symanteclegacy
virus protectionsoftware

Step 7

Planning the installation

Planning the installation

36

Table 2-1

Installation planning (continued)

DescriptionActionStep

Prepare for client installation as follows:

■ Identify the computers on which to install the client software.

■ Identify themethods to use to deploy the client software to your computers.

■ Uninstall third-party virus protection software from your computers.

■ Modify or disable the firewall settings on your endpoint computers to allow

communication between the endpoints and the Symantec Endpoint
Protection Manager.

■ Set upthe consolecomputer groupsto matchyour organizational structure.

See “Preparing for client installation” on page 71.

See “Guidelines for managing portable computers” on page 105.

Prepare computers for
client installation

Step 8

Install theSymantec EndpointProtection Small Business Edition client on your
endpoint computers.

Symantec recommends that you also install the client on the computer that
hosts Symantec Endpoint Protection Manager.

See “Deploying clients using a Web link and email” on page 76.

Install clientsStep 9

See “Getting up and running on Symantec Endpoint Protection Small Business

Edition for the first time” on page 26.

Post-installation tasksStep 10

See “About the trialware license” on page 58.

Components of Symantec Endpoint Protection Small
Business Edition

Table 2-2 lists the product's components and describes their functions.

37Planning the installation

Components of Symantec Endpoint Protection Small Business Edition

Table 2-2

Product components

DescriptionComponent

Symantec Endpoint Protection Manager is a management
server that manages the client computers that connect to
your company's network.

Symantec Endpoint Protection Manager includes the
following software:

■ The consolesoftware coordinates and manages security

policies, clientcomputers, reports, and logs. The console
is the interface to themanagement server. It can also be
installed and used remotely on any computer with a
network connection to the management server.

■ The management server software provides secure

communication to and from the client computers and
the console.

Symantec Endpoint
Protection Manager

The database stores security policies and events. The
database is installed on the computer that hosts Symantec
Endpoint Protection Manager.

Database

The Symantec Endpoint Protection Small Business Edition
client protectsthe computerswith virus and spyware scans,
SONAR, Download Insight, a firewall, an Intrusion
Prevention System, and other protection technologies. It
runs on the servers, desktops, and portable computers that
you want to protect.

The Symantec Endpoint Protection Mac client protects the
computers with virus and spyware scans.

For moreinformation, seethe SymantecEndpoint Protection
Small Business Edition Client Guide.

See “About Symantec Endpoint Protection Small Business

Edition” on page 17.

Symantec Endpoint
Protection Small Business
Edition client

Planning the installation

Components of Symantec Endpoint Protection Small Business Edition

38

Figure 2-1

The product components in a network

Firewall

Computers running the
Symantec Endpoint
Protection client,
connecting through a
VPN tunnel

Internet

Local Ethernet Network

Symantec Endpoint Protection
Manager, with the Symantec
Endpoint Protection client
installed

Computers running the
Symantec Endpoint Protection
client

See “About the types of threat protection that Symantec Endpoint Protection

Small Business Edition provides” on page 21.

Product license requirements

If you want to use Symantec Endpoint Protection Small Business Edition after
the trial period expires, you must purchase a product license. Your purchase a
license according to the following requirements:

39Planning the installation

Product license requirements

Table 2-3

Product license requirements

RequirementProduct

You mustpurchase alicense thatcovers each deployed
client. One license covers all clients regardless of
platform and version.

See “Licensing enforcement rules” on page 65.

Paid license installation

Symantec EndpointProtection SmallBusiness Edition
accepts the license file from your Symantec legacy
virus protection software. You must purchase a new
license when the legacy license expires.

Symantec legacy virus protection
software

A 30-day trial license is included with Symantec
Endpoint ProtectionSmall BusinessEdition. Youmust
purchase a license when the trial license expires.

Trialware

The following terminology applies to Symantec product licenses:

A license contains a serial number that uniquely identifies your
license and associates the license with your company. The serial
number canbe usedto activate your Symantec Endpoint Protection
Small Business Edition license.

See “Activating your product license” on page 59.

Serial number

Deployed refers to the endpoint computers that are under the
protection of the Symantec Endpoint Protection Small Business
Edition clientsoftware. Forexample, "Wehave 50 deployed seats."
means that 50 endpoints have client software installed on them.

Deployed

You activate your Symantec Endpoint Protection Small Business
Edition productlicense toenable unrestrictedaccess toall program
functionality. You use the License Activation wizard to complete
the activation process.

See “Activating your product license” on page 59.

Activate

A seat is a single endpoint computer that is protected by the
Symantec Endpoint Protection Small Business Edition client
software. A license is purchased and is valid for a specificnumber
of seats. "Valid seats" refers to the total number of seats that are
specified in all of your active licenses.

Seat

See “Purchasing licenses” on page 58.Trialware

A license is over-deployed when the number of deployed clients
exceeds the number of licensed seats.

Over-deployed

Planning the installation

Product license requirements

40

After you have determined your license requirements you do the following tasks:

■ Purchase the license.

See “Purchasing licenses” on page 58.

■ Activate the license.

See “Activating your product license” on page 59.

Understanding licenserequirements is part of planning your Symantec Endpoint
Protection Small Business Edition installation and after installation, managing
your product licenses.

See “Planning the installation” on page 35.

See “Licensing Symantec Endpoint Protection” on page 56.

System requirements

In general, the system requirements for Symantec Endpoint Protection Manager
and the clients are the same as those of the supported operating systems.
Additional details are provided in the following tables.

Table 2-4 displays the minimum requirements for the Symantec Endpoint

Protection Manager.

Table 2-5 displays the minimum requirements for the Symantec Endpoint

Protection Small Business Edition client.

Table 2-4

Symantec Endpoint Protection Manager system requirements

RequirementsComponent

■ 32-bit processor: 1-GHz Intel PentiumIII or equivalentminimum

(Intel Pentium 4 or equivalent recommended)

■ 64-bit processor: 2-GHz Pentium 4 with x86-64 support or

equivalent minimum

Note: Intel Itanium IA-64 andPowerPC processorsare notsupported.

Processor

1 GB of RAM for 32-bit operating systems, 2 GB of RAM for 64-bit
operating systems, or higher if required by the operating system

Physical RAM

4 GB or more free spaceHard drive

800 x 600Display

41Planning the installation

System requirements

Table 2-4

Symantec Endpoint Protection Manager system requirements

(continued)

RequirementsComponent

■ Windows 7

■ Windows XP (32-bit, SP3 or later; 64-bit, all SPs)

■ Windows Server 2003 (32-bit, 64-bit, R2, SP1 or later)

■ Windows Server 2008 (32-bit, 64-bit)

■ Windows Small Business Server 2008 (64-bit)

■ Windows Small Business Server 2011 (64-bit)

■ Windows Essential Business Server 2008 (64-bit)

Operating system

■ Microsoft Internet Explorer 7, 8, or 9

■ Mozilla Firefox 3.6 or 4.0

Web browser

Note: Clients before version 12.1 can be managed by this version of the Symantec
Endpoint Protection Manager, regardless of the client operating system.

Table 2-5

Symantec Endpoint Protection Small Business Edition Windows and
Mac client system requirements

RequirementsComponent

■ 32-bit processor for Windows: 1-GHz Intel Pentium III or

equivalent minimum (Intel Pentium 4 or equivalent
recommended)

■ 32-bit processor for Mac: Intel Core Solo, Intel Core Duo

■ 64-bit processor for Windows: 2-GHz Pentium 4 with x86-64

support or equivalent minimum. Itanium processors are not
supported.

■ 64-bit processor for Mac: Intel Core 2 Duo, Intel Quad-Core Xeon

Processor

512 MB of RAM, or higher if required by the operating systemPhysical RAM

Hard disk: 700 MB or more free spaceHard drive

800 x 600Display

Planning the installation

System requirements

42

Table 2-5

Symantec Endpoint Protection Small Business Edition Windows and
Mac client system requirements (continued)

RequirementsComponent

■ Windows XP (32-bit, SP2 or later; 64-bit, all SPs)

■ Windows XP Embedded

■ Windows Vista (32-bit, 64-bit)

■ Windows 7 (32-bit, 64-bit)

■ Windows Server 2003 (32-bit, 64-bit, R2, SP1 or later)

■ Windows Server 2008 (32-bit, 64-bit)

■ Windows Small Business Server 2008 (64-bit)

■ Windows Small Business Server 2011 (64-bit)

■ Windows Essential Business Server 2008 (64-bit)

■ Mac OS X 10.5 or 10.6 (32-bit, 64-bit)

■ Mac OS X Server 10.5 or 10.6 (32-bit, 64-bit)

Operating system

About Symantec Endpoint Protection Manager
compatibility with other products

Some products may cause conflicts with Symantec Endpoint Protection Small
Business Editionwhen they are installed on the same server. Youneed to configure
the Symantec Endpoint Protection Manager installation if one or more of the
following products is installed on the same server:

■ Symantec Backup Exec 10, 10D, or 11D

■ Symantec Brightmail

■ Symantec Enterprise Vault

■ Symantec Ghost Solution Suite 2.0

■ Symantec Mail Security for Exchange

■ Symantec NetBackup

■ Microsoft Outlook Web Access

■ Microsoft SharePoint

■ Microsoft Windows Update Services

In most cases, port changes are required to allow these programs to run
concurrently with Symantec Endpoint Protection Small Business Edition.

43Planning the installation

About Symantec Endpoint Protection Manager compatibility with other products

For information about the configuration changes, see the Symantec Support
knowledge base article, Addressing Symantec Endpoint Protection compatibility

issues.

See “System requirements” on page 41.

Planning the installation

About Symantec Endpoint Protection Manager compatibility with other products

44

Installing Symantec
Endpoint Protection
Manager

This chapter includes the following topics:

■ Installing the management server and the console

■ Configuring the management server during installation

■ Accepting theself-signed certificatefor Symantec Endpoint Protection Manager

■ Uninstalling Symantec Endpoint Protection Manager

■ Logging on to the Symantec Endpoint Protection Manager console

■ What you can do from the console

Installing the management server and the console

You perform several tasks to install the server and the console. In the installation
wizard, a green check mark appears next to each completed task.

See “System requirements” on page 41.

See “Preparing for client installation” on page 71.

See “Getting up and running on Symantec Endpoint Protection Small Business

Edition for the first time” on page 26.

3

Chapter

To install the management server and the console

1

If you have physical media, insert and display the product disc.

The installation should start automatically. If it does not start, double-click

Setup.exe.

If youdownloaded the product, unzip the folder and extractthe entire product
disc image to a physical disc, such as a hard disk. Run Setup.exe from the
physical disc.

2

Click Install. On the sub-menu that is displayed, click Install Symantec
Endpoint Protection Manager.

3

Review the sequence of installation events and click Next.

4

In the License Agreement panel, click I accept the terms in the license
agreement, and then click Next.

5

In the Destination Folder panel, accept the default destination folder or
specify another destination folder, and then click Next.

6

Click Install.

The installationprocess begins with the installation of the Symantec Endpoint
Protection Manager and console. This part of the installation completes
automatically.

7

In the installation summary panel, click Next.

The Management Server Configuration Wizard starts automatically.

8

You configure the management server according to your requirements and
then click Next.

See “Configuring the management server during installation” on page 47.

9

In the SymantecAntiVirusMigration (optional) panel, click Noif youdo not
need to migrate from Symantec AntiVirus or Symantec Client Security.

10

The Client Deployment Wizard starts automatically. You can deploy client
software at any time. You can safely cancel client deployment if you do not
want to deploy client software at this time.

See “About client deployment methods” on page 75.

See “Deploying clients using a Web link and email” on page 76.

Installing Symantec Endpoint Protection Manager

Installing the management server and the console

46

Configuring the management server during
installation

The Management Server Configuration Wizard automatically starts after the
Symantec Endpoint Protection Manager installation.

See “Installing the management server and the console” on page 45.

You can also start the Management Configuration Wizard at any time after
installation fromStart > All Programs > Symantec Endpoint Protection Manager
> Symantec Endpoint Protection Manager Tools.

To configure the server, you specify the following information:

■ Whether you want to use a recovery file.

Note: If this is your first installation of Symantec EndpointProtection Manager,
there is no recovery file.

See “Performing disaster recovery” on page 311.

■ The password for the default administrator account.

■ The email address that receives important notifications and reports.

■ The email server name and port number.

■ You can optionally add partner information if you have a Symantec Sales

Partner who manages your Symantec licenses.

See “Planning the installation” on page 35.

Accepting the self-signed certificate for Symantec
Endpoint Protection Manager

When youinstall Symantec Endpoint Protection Manager, a self-signed certificate
for the pages that are rendered in a browser is included as part of the installation.
When you first access these pages from a remote console, you must accept the
self-signed certificate for the pages to display.

The certificates are stored separately for each user. Each administrator account
must accept the certificate for each remote location from which they connect to
the management server.

See “Logging on to the Symantec Endpoint Protection Manager console”
on page 49.

47Installing Symantec Endpoint Protection Manager

Configuring the management server during installation

Uninstalling Symantec Endpoint Protection Manager

Uninstalling SymantecEndpoint ProtectionManager uninstallsthe server, console,
and database. You can optionally uninstall the database backup files.

If you plan to reinstall Symantec Endpoint Protection Manager, you should back
up the database before you uninstall it.

See “Backing up the database and logs” on page 306.

To uninstall Symantec Endpoint Protection Manager

1

On the server computer, on the Start menu, click Control Panel > Add or
Remove Programs.

2

In the Add or Remove Programs dialog box, select Symantec Endpoint
Protection Manager, and then click Remove.

In somecases, you may have to uninstallSymantec Endpoint Protection Manager
or clients manually.

For more information, see the Symantec Support knowledge base articles that
have instructions to manually uninstall Symantec Endpoint Protection Manager
and clients.

Table 3-1

List of manual uninstallation knowledge base articles

ArticleVersion

How to manually uninstall Symantec
Endpoint Protection Manager 11.0

Symantec Endpoint Protection Manager 11.0

How to manually uninstall Symantec
Endpoint Protection Manager 12.0

Symantec Endpoint Protection Manager 12.0

How to manually uninstall Symantec
Endpoint Protection client from Windows
2000, XP and 2003, 32-bit Editions

Symantec EndpointProtection Small Business
Edition clienton Windows2000, XPand 2003,
32-bit editions

How to manually uninstall Symantec
Endpoint Protection client from Windows
Vista, Windows7, andWindows 200832-bit
Editions

Windows Vista, Windows 7, and Windows
2008, 32-bit editions

Note: Search the Symantec technical support knowledge base for versions that
are not shown here.

Installing Symantec Endpoint Protection Manager

Uninstalling Symantec Endpoint Protection Manager

48

Logging on to the Symantec Endpoint Protection
Manager console

You can log on to the Symantec Endpoint Protection Manager console after you
install Symantec Endpoint Protection Manager. You can log on to the console in
either of two ways:

■ Locally, from the computer on which the management server is installed.

■ Remotely, fromany computerthat meets the system requirements for a remote

console and has network connectivity to the management server.
You can log on to the remote Web console or the remote Java console.

To log on remotely, you need to know the IP address or the host name of the
computer on which the management server is installed. You should also ensure
that your Web browser Internet options let you view content from the server you
log on to.

When you log on remotely, you can perform the same tasks as administrators
who log on locally. What you can view and do from the console depends on the
type of administrator you are. Most administrators in smaller organizations log
on as a system administrator.

See “About administrator accounts” on page 296.

Note: If you installed the remote Java consolewith an earlier version of the product,
you must reinstall it when you upgrade to a later version.

To log on to the console locally

1

Go to Start > Programs > Symantec Endpoint Protection Manager >
Symantec Endpoint Protection Manager.

2

In theSymantec Endpoint Protection Manager logon dialog box, type theuser
name (admin by default) and the password that were configured during the
installation.

3

Click Log on.

49Installing Symantec Endpoint Protection Manager

Logging on to the Symantec Endpoint Protection Manager console

To log on to the console remotely

1

Open Internet Explorer and type the following address in the address box:

http://host name:9090

where host name is the host name or IP address of the management server.

2

On the Symantec Endpoint Protection Manager console Web Access page,
click the desired console type.

Note: If you select Symantec Endpoint Protection Manager Console, the
computer from which you log on must have the Java 2 Runtime Environment
(JRE) installed. If it does not, you are prompted to download and install it.
Follow the prompts to install the JRE.

3

If a host name message appears, click Yes.

This messagemeans that the remote console URL thatyou specified does not
match the Symantec Endpoint Protection Manager certificate name. This
problem occurs if you log on and specify an IP address rather than the
computer name of the management server.

If the Web page security certificate warning appears, click Continue to this
website (not recommended) and add the self-signed certificate to Internet
Explorer.

For instructions to add the security certificate to Internet Explorer, see the
Symantec Technical Support knowledge base article, How to add the

self-signed certificate for Symantec Protection Center or Symantec Endpoint
Protection Manager to Internet Explorer.

Installing Symantec Endpoint Protection Manager

Logging on to the Symantec Endpoint Protection Manager console

50

4

Follow the prompts to complete the log on process. Depending on the log on
method, you may need to provide additional information.

Note: When you log on for the first time after installation, use the account
name admin

5

Click Log On.

You mayreceive oneor more security warning messages as the remote console
starts up. If you do, click Yes, Run, Start, or their equivalent, and continue
until the console appears.

You mayneed to accept the self-signed certificate that is requiredby Symantec
Endpoint Protection Manager.

See “Accepting the self-signed certificate for Symantec Endpoint Protection

Manager” on page 47.

What you can do from the console

The Symantec Endpoint Protection Manager console provides a graphical user
interface for administrators. You use the console to manage policies and
computers, monitor endpoint protection status, and create and manage
administrator accounts.

The console divides the functions and tasks that you perform by pages.

Table 3-2

Symantec Endpoint Protection Manager console pages

DescriptionPage

Display the security status of your network.

You can do the following tasks from the Home page:

■ Obtain a count of detected viruses and other security risks.

■ Obtain a count of unprotected computers in your network.

■ Obtain a count of computers that received virus definition and

other content updates.

■ View license status.

■ Adjust console preferences.

■ Get information about the latest Internet and security threats.

See “Configuring reporting preferences” on page 268.

See “Checking license status” on page 64.

Home

51Installing Symantec Endpoint Protection Manager

What you can do from the console

Table 3-2

Symantec Endpoint Protection Manager console pages (continued)

DescriptionPage

Monitor event logs that concern Symantec Endpoint Protection
Manager and your managed computers.

You can do the following tasks from the Monitors page:

■ View risk distribution graphs.

■ View event logs.

■ View the status of recently issued commands.

■ View and create notifications.

See “Viewing and acknowledging notifications” on page 289.

Monitors

Run reportsto getup-to-date information about computer and network
activity.

You can do the following tasks from the Reports page:

■ Run Quick Reports.

■ Run the Daily Summary Report.

■ Run the Weekly Summary Report.

See “Running and customizing quick reports” on page 270.

Reports

Display the security policies that define the protection technology
settings.

You can do the following tasks from the Policies page:

■ View and adjust the protection settings.

■ Create, edit, copy, and delete security policies.

■ Assign security policies to computer groups.

■ Configure client computers for LiveUpdate.

See “The types of security policies” on page 118.

See “Performing tasks that are common to all security policies”
on page 119.

See “Managing content updates” on page 251.

Policies

Installing Symantec Endpoint Protection Manager

What you can do from the console

52

Table 3-2

Symantec Endpoint Protection Manager console pages (continued)

DescriptionPage

Manage computers and groups.

You can do the following tasks from this page:

■ Create and delete groups.

■ Edit group properties.

■ View the security policies that are assigned to groups.

■ Run commands on groups.

■ Deploy the client software to computers in your network.

See “Managing groups of computers” on page 101.

Computers

Manage Symantec Endpoint Protection Manager settings, licenses,
and administrator accounts

You can do the following tasks from the Admin page:

■ Create, edit, and delete administrator accounts.

■ View and edit email and proxy server settings.

■ Import and purchase licenses.

■ Adjust the LiveUpdate schedule.

■ Download content updates from LiveUpdate.

■ View LiveUpdate status and recent downloads.

See “Managing administrator accounts” on page 295.

See “Managing content updates” on page 251.

Admin

Display the Symantec Support Web site where you can download a
tool to help you withinstallation problems on the managementserver
and the client.

See “Downloading the Symantec Endpoint Protection Support Tool

to troubleshoot computer issues” on page 315.

Support

53Installing Symantec Endpoint Protection Manager

What you can do from the console

Installing Symantec Endpoint Protection Manager

What you can do from the console

54

Managing product licenses

This chapter includes the following topics:

■ Licensing Symantec Endpoint Protection

■ About the trialware license

■ Purchasing licenses

■ Where to buy a Symantec product license

■ Activating your product license

■ Using the License Activation wizard

■ Required licensing contact information

■ About upgrading from trialware

■ About product upgrades and licenses

■ About renewing your Symantec Endpoint Protection Small Business Edition

license

■ About the Symantec Licensing Portal

■ Maintaining your product licenses

■ Checking license status

■ Downloading a license file

■ Licensing enforcement rules

■ Backing up your license files

■ Recovering a deleted license

■ Importing a license

4

Chapter

■ About multi-year licenses

■ Licensing an unmanaged client

Licensing Symantec Endpoint Protection

Symantec Endpoint Protection Small Business Edition is licensed according to
the number of Symantec Endpoint Protection Small Business Edition clients that
are needed to protect the endpoints at your site.

Once the Symantec Endpoint Protection Manager is installed, you have 30 days
to purchase enough license seats to cover all of your deployed clients.

Table 4-1 liststhe tasks that are required to purchase and activate your Symantec

product license.

Table 4-1

Licensing tasks

DescriptionTask

It is important to understand the license requirements
imposed by the system you want to protect. A license lets
you install the Symantec Endpoint Protection Small
Business Editionclient ona specifiednumber ofcomputers
and downloadvirus definitionsand productupdates from
LiveUpdate.

See “Product license requirements” on page 39.

Check the product license
requirements

You needto purchase a license in the following situations:

■ You want to purchase Symantec Endpoint Protection

Small Business Edition.

■ Your trialware license expired.

■ Your paid license expired.

■ Your license is over-deployed.

See “Checking license status” on page 64.

See “Purchasing licenses” on page 58.

See “About upgrading from trialware” on page 62.

Purchase a license

Managing product licenses

Licensing Symantec Endpoint Protection

56

Table 4-1

Licensing tasks (continued)

DescriptionTask

You use the License Activation wizard in the Symantec
Endpoint ProtectionManager toimport andactivate your
Symantec product license.

License activation requires either:

■ A Symantec license serial number

■ A Symantec License file (.SLF)

Note: You receive one or the other of these when you

purchase a license.

See “Activating your product license” on page 59.

Import and activate your
license

License notifications alert administrators about expired
licenses and other license issues.

See “About the preconfigured notifications” on page 285.

Review the default license
notifications

You can obtain the status for each license that you
imported into the console.

See “Checking license status” on page 64.

See “Aboutrenewing yourSymantec EndpointProtection

Small Business Edition license” on page 63.

Check license status

Backing up your license files preserves the license files
in case the database or the computer's hard disk is
damaged.

See “Backing up your license files” on page 66.

Back up your license files

Depending upon the license vendor, you receive either a product license serial
number or a Symantec License file. License files are either sent to you in email or
downloaded from a secure Web site. The license file uses the file extension .SLF
(Symantec license file ). When the license file is sent by email, it is attached to the
email as a .ZIP file. You must extract the .SLF file from the .ZIP file.

Save the license file to a computer that can be accessed from the Symantec
Endpoint ProtectionManager console.Many userssave the license on the computer
that hosts the Symantec Endpoint Protection Manager and also save a copy of the
license to a different computer or removable storage media for safekeeping.

Warning: To prevent corruption of the license file, do not open or alter the file
contents in any way. You may however, copy and store the license as desired.

57Managing product licenses

Licensing Symantec Endpoint Protection

Note: In some cases, you may only have a licenseserial number. This serial number
can beused to activate your Symantec product license and todownload theproduct
software.

About the trialware license

The trialware license lets you evaluate and test Symantec Endpoint Protection
Small Business Edition in your environment.

The trialwarelicense applies to the following Symantec Endpoint Protection Small
Business Edition components:

■ Symantec Endpoint Protection Manager

■ Symantec Endpoint Protection Small Business Edition client

■ Embedded database for storing security policies and events

■ Access to LiveUpdate content

You can download Symantec Endpoint Protection Small Business Edition from
the following Web site:

http://www.symantec.com/business/products/downloads/

After the trialware license expires, you must activate a paid license to retain full
product functionality. You do not have to uninstall the trial-licensed version to
convert your Symantec Endpoint Protection Small Business Edition installation
to a fully licensed installation.

This trialware expires 30 days after you install the product.

See “Planning the installation” on page 35.

See “Purchasing licenses” on page 58.

Purchasing licenses

Symantec Endpoint Protection Small Business Edition comes with a trialware
license that lets you install and evaluate the product in your environment. If you
want to use the product beyond the trial period, you must purchase a license.

You also need to purchase a license in the following situations:

■ Your current license is expired.

■ Your current license is over-deployed. Over-deployed means that you have

deployed more instances of the client or Symantec Endpoint Protection
Manager than your current license allows for.

Managing product licenses

About the trialware license

58

■ To upgrade to a new version after the version upgrade trial expires. When a

new version of Symantec Endpoint Protection Small Business Edition is
released, you are sent an email with an upgrade offer that includes a free
upgrade trial. If you decide to keep the new version beyond the upgrade trial
period, you need to purchase an upgrade license.

Use the following links to learn more about purchasing licenses:

See “Product license requirements”
on page 39.

To determine your licensing requirements

See “Purchasing licenses” on page 58.To find out where to buy product licenses

See “About upgrading from trialware”
on page 62.

To learn more about upgrading from the
trialware license that comes with Symantec
Endpoint Protection Small Business Edition

http://customercare.symantec.com/To gethelp withpurchasing licensesor learn

more about licenses

See “Licensing Symantec Endpoint Protection” on page 56.

Where to buy a Symantec product license

You can purchase a Symantec product license from the following sources:

■ The Symantec online store:

http://store.symantec.com/

■ Your preferred Symantec reseller:

To find a reseller, use the Partner locator
To find out more about Symantec partners, go to

http://www.symantec.com/partners/index.jsp

■ The Symantec sales team:

Visit the Symantec Ordering Web site for sales contact information.

Activating your product license

Activating a license saves the license file in the Symantec Endpoint Protection
Manager database.

See “Licensing Symantec Endpoint Protection” on page 56.

You can activate the following types of licenses:

■ Paid licenses

59Managing product licenses

Where to buy a Symantec product license

■ License renewal

■ License for over-deployed clients

You can activate a license file that you received from the following sources:

■ Symantec Licensing Portal

■ Symantec partner or preferred reseller

■ Symantec sales team

■ Symantec Business Store

See “Migratingfrom Symantec Client Security or Symantec AntiVirus” on page 87.

To activate a license

1

In the console, click Admin, and then click Licenses.

2

Under Tasks, click Activate license.

3

Follow the instructions in the License Activation Wizard to complete the
activation process.

See “Using the License Activation wizard” on page 60.

Using the License Activation wizard

The License Activation wizard is used to activate and manage your Symantec
Endpoint Protection Small Business Edition product licenses.

The LicenseActivation wizardis a component of the Symantec Endpoint Protection
Manager.

You start the wizard from either from the Symantec Endpoint Protection Small
Business Edition Welcome screen or from the Admin page of the Symantec
Endpoint Protection Manager console. On the console, select Licenses and then
under Tasks, select Activate license.

The wizardcontains instructions and additional information to help you complete
the activation process.

Note: The first time you license Symantec Endpoint Protection Small Business
Edition, the License Activation wizard begins by asking you to select which form
of licensing information you have. Thereafter, when you start the wizard, you are
first asked whether you want to activate additional licenses or renew an existing
license.

The License Activation wizard asks you to choose from the following options:

Managing product licenses

Using the License Activation wizard

60

Table 4-2

License activation options

When to useOption

Chose this option to activate a new license.

Note: If no license has been activated previously on the

Symantec Endpoint Protection Manager, a new license is
assumed and this option is not displayed.

Activate a new license

Use this option to renew an existing license.

Note: When you renew a license, the old license is deleted

and is replaced with the new license.

Renew an existing license

In manycases, afteryou purchase a license, you may receive
only the license serial number from the vendor. Use this
option to activate your license using the product license
serial number.

I have a serial number

Upon completing your license purchase, you may be sent a
Symantec License file. Symantec License files use the .SLF
extension. If you received a .SLF file from Symantec or a
Symantec vendor, use this option to activate your product
license.

Note: The .SLF file is usually attached to email as a

compressed .ZIP file.

I have a Symantec License
file (.slf)

In some cases, you may be asked to provide contact information during the
activation process.

See “Required licensing contact information” on page 61.

See “Licensing Symantec Endpoint Protection” on page 56.

Required licensing contact information

During theactivation process, you are asked to provide any missinglicense contact
information. Privacy statements are provided in the wizard that describe how
this information is used. You must indicate that the privacy conditions are
acceptable before you can complete the activation process.

Table 4-3 includes the information you need.

61Managing product licenses

Required licensing contact information

Table 4-3

Licensing contact information

DescriptionType of information

Contact information for the person who is in charge of the
technical activities that are concerned with installing or
maintaining your endpoint security infrastructure. The
contact's name, email address, and phone number are
required.

Technical Contact

Contact information for the person who represents your
company. The contact's name, email address, and phone
number are required.

Note: A checkbox is provided that lets you indicate when

the Technical Contact and Primary Contact are the same
person.

Primary Contact

Includes the company name, location, phone number, and
email address

Company Information

See “Licensing Symantec Endpoint Protection” on page 56.

About upgrading from trialware

When you initially install Symantec Endpoint Protection Small Business Edition,
a trialware license is provided and activated automatically. To continue using
Symantec Endpoint Protection Small Business Edition beyond the trial period,
you must purchase a license. You do not need to reinstall the software.

The trail license period is 30 days.

You perform the actual license upgrade using the License Activation wizard.

See “Using the License Activation wizard” on page 60.

Licenses may be purchased from the Symantec Store, through your Symantec
partner, or from your preferred Symantec reseller.

For information about the Symantec store, visit the Symantec Store web site

See “About the trialware license” on page 58.

See “Licensing Symantec Endpoint Protection” on page 56.

About product upgrades and licenses

When a new version of Symantec Endpoint Protection Small Business Edition is
released, youmay apply your existing active license to thenew version. You receive

Managing product licenses

About upgrading from trialware

62

an email notification that a new product is available for download that includes
instructions for downloading the new version of Symantec Endpoint Protection
Small Business Edition.

See the Version Upgrade FAQ at

http://www.symantec.com/business/products/upgrades/faq/index.jsp for more

information about licensing product upgrades.

About renewing your Symantec Endpoint Protection
Small Business Edition license

When your current license is about to expire, the Symantec Endpoint Protection
Manager beginssending license expiration notifications to the Symantec Endpoint
Protection Small Business Edition administrator. Symantec highly recommends
that you renew your license before it expires.

When you renew a license, the expired license is removed and is replaced with a
new license. To purchase renewal licenses, visit the Symantec Store, or contact
your Symantec partner or preferred Symantec reseller.

Visit the Symantec Store at the following online location:

http://store.symantec.com/

See “Using the License Activation wizard” on page 60.

In the event that you accidentally delete a license, you can recover it from the
Symantec Endpoint Protection Manager console.

See “Recovering a deleted license” on page 67.

About the Symantec Licensing Portal

You can use the Symantec Licensing Portal to purchase and activate product
licenses. However, you can activate licenses from the Symantec Endpoint
Protection Manager console, which is simpler and faster.

See “Activating your product license” on page 59.

The Symantec Licensing Portal is at the following location:

https://licensing.symantec.com

Additional information about using the Symantec Licensing Portal to manage
licenses is available at the Symantec Customer Care Web site

http://customercare.symantec.com/app/answers/list.

63Managing product licenses

About renewing your Symantec Endpoint Protection Small Business Edition license

Note: You must create an account before you can use the licensing portal. If you
do not have a Symantec Licensing Portal account, a link is provided on the main
page to create one.

See “Licensing Symantec Endpoint Protection” on page 56.

Maintaining your product licenses

License maintenance is a critical part of keeping your security infrastructure up
to date. The following tasks are part of maintaining your Symantec product
licenses:

■ Backing up your product licenses.

See “Backing up your license files” on page 66.

■ Keeping track of your license status.

See “Checking license status” on page 64.

■ Renewing your license.

See “About renewing your Symantec Endpoint Protection Small Business

Edition license” on page 63.

■ Recovering a deleted license.

See “Recovering a deleted license” on page 67.

You should also become familiar with the rules that govern how product licenses
are enforced.

See “Licensing enforcement rules” on page 65.

Checking license status

You can obtain thestatus foreach paidlicense that youimported intothe console.

You can obtain the following license information:

■ License serial number, total seat count, expiration date

■ Number of valid seats

■ Number of deployed seats

■ Number of seats that expire in 60 days and 30 days

■ Number of expired seats

■ Number of over-deployed clients

■ Associated serial numbers of shorter duration (multi-year licenses)

Managing product licenses

Maintaining your product licenses

64

License status is not available for a trialware license.

To determine if your installation uses a paid license or a trialware license

1

In the console, click Admin.

2

On the Admin page, click Licenses.

To check license status for paid licenses

1

In the console, click Home.

2

On the Home page, click Licensing Details.

See “Licensing Symantec Endpoint Protection” on page 56.

See “Importing a license” on page 67.

Downloading a license file

Versions of Symantec Endpoint Protection Small Business Edition before 12.1
required that you manually download license files in certain cases. Starting with
version 12.1, you do not need to manually download a license file. Symantec
Endpoint Protection Manager creates a copy of the license file and the recovery
file. The default path to the license file is installation

directory/inetpub/licensing.

See “Licensing Symantec Endpoint Protection” on page 56.

See “Preparing for disaster recovery” on page 305.

Licensing enforcement rules

Symantec Endpoint Protection Small Business Edition licenses are enforced
according to the following rules:

Table 4-4

Licensing enforcement rules

RuleWhere applies

The term of the license is from the time and date
of activation until midnight of the last day of the
licensing term. Time and date for license
expiration is based in the time and date for the
Symantec Endpoint Protection Manager where
activation takes place. In the case of multiple
sites, the date of license expiration is based on
the westernmost Symantec Endpoint Protection
Manager database.

Term of license

65Managing product licenses

Downloading a license file

Table 4-4

Licensing enforcement rules (continued)

RuleWhere applies

A Symantec Endpoint Protection Small Business
Edition license applies to the Symantec Endpoint
Protection Small Business Edition clients. For
instance, in a network with 50 endpoints, the
license must provide for a minimum of 50 seats.
Instances of the Symantec Endpoint Protection
Manager do not require a license.

License coverage- Symantec Endpoint
Protection Small Business Edition
components

Licensing seats apply regardless of platform. For
instance, thelicense makesno distinctionbetween
a computer that uses Windows and one that uses
Mac OS-X.

License coverage- platforms

License seats apply equally across product
versions. For instance, a license covers
installations where version 11.x and 12.x clients
are both deployed within the same site.

License coverage- products and
versions

Clients licensedas SymantecEndpoint Protection
Small Business Edition Small Business Edition
remained licensed as Small Business Edition
clients when the Symantec Endpoint Protection
Manager is upgraded to the enterprise edition.

Small Business Edition upgrades

See “Maintaining your product licenses” on page 64.

Backing up your license files

Symantec recommends that you back up your license files. Backing up the license
files preserves the license files in case the database or the console computer's
hard disk is damaged.

Your license files are located in the directory where you saved the files. If you
misplaced thelicense files, you can download the files from the Symantec Licensing
Portal Web site.

See “Licensing Symantec Endpoint Protection” on page 56.

To back up your license files

◆

Using Windows, copy the .slf license filesfrom thedirectory where you saved
the files to another computer of your choice.

See your company's procedure for backing up files.

Managing product licenses

Backing up your license files

66

Recovering a deleted license

In the event that you accidentally delete a license file, you can recover it from the
Symantec Endpoint Protection Manager console.

To recover a deleted license

1

On the Symantec Endpoint Protection Manager console Admin page, click
Licenses and then under Tasks, click Recover a deleted license.

2

On License recovery panel, put a checkmark next to the deleted license you
want to recover and then click Submit.

See “Maintaining your product licenses” on page 64.

Importing a license

Importing a license saves the license file in the Symantec Endpoint Protection
Manager database.

See “Licensing Symantec Endpoint Protection” on page 56.

You can import the following types of licenses:

■ License for a first-time installation

■ License to upgrade trialware

■ License renewal

■ License for over-deployed clients

■ License from your Symantec legacy virus protection software

You can import a license file that you received from the following sources:

■ Symantec Licensing Portal

■ Symantec partner

■ Symantec sales team

■ Symantec Business Store

■ Symantec legacy virus protection software

See “Migratingfrom Symantec Client Security or Symantec AntiVirus” on page 87.

67Managing product licenses

Recovering a deleted license

To import a license

1

Save the license file on a computer or network that is accessible from the
console computer.

2

In theconsole, click Admin > Licenses and under Tasks, click Activatelicense.

3

Follow the prompts in License Activation Wizard to import and activate your
license. Additionalinformation about your options are provided in thewizard.

About multi-year licenses

When you purchase a multi-year license, you receive a set of license files equal
to the number of years your license is valid. For instance, a three-year license
consists of three separate license files. When you activate a multi-year license,
you importall of the license files during the sameactivation session. The Symantec
Endpoint Protection Manager merges the separate license files into a single
activated license that is valid for the purchased duration.

While not recommended, it is possible to activate fewer than the full complement
of license files. In this case, the Symantec Endpoint Protection Manager merges
the files and applies the duration of the license file that expires last. For instance,
a three-year license that is activated with only the first two files indicates a
duration of only two years. When the third file is activated at a later date, the full
duration of the license is reported accurately as three years. In all cases, the
number of seats remains consistent with thenumber of seats that you purchased.

When the Symantec Endpoint Protection Manager merges files, the shortest
duration files are deleted and the longest duration file is kept for internal
license-keeping functions. Ifyou think that a license was deleted inappropriately,
use the Recover Deleted License procedure to recover and reactivate the deleted
license.

See “Recovering a deleted license” on page 67.

You can see the license serial numbers of shorter duration that are associated
with the active license. On the Admin tab, click Licenses and then right-click the
activated license and select Details.

See “Licensing Symantec Endpoint Protection” on page 56.

Licensing an unmanaged client

To enable the submission of reputation data from an unmanaged client, you must
install a paid license on the client. Use the following procedure to install a license
on an unmanaged client.

Managing product licenses

About multi-year licenses

68

To license an unmanaged client

1

Locate and create a copy of your current Symantec Licensing File (.SLF).

Use the same file that you used to activate your license on the Symantec
Endpoint Protection Manager.

2

On the client computer, place the copied license file into the Symantec
Endpoint Protection client inbox.

■ On theclients that use a pre-Vista version ofWindows, the inbox is located

at: Drive:\Documents and Settings\All Users\Application
Data\Symantec\Symantec Endpoint Protection\CurrentVersion\inbox

■ On the clients that use Vista or a newer version of Windows, the inbox is

located at: Drive:\ProgramData\Symantec\Symantec Endpoint
Protection\CurrentVersion\inbox\

If the license file is invalid, a folder named Invalid is created and the invalid
license isplaced into the folder. If the file is valid, it is automatically removed
from the inbox after it is processed.

You can also include the .SLF file as part of a third-party deployment package.

See “Downloading a license file” on page 65.

69Managing product licenses

Licensing an unmanaged client

Managing product licenses

Licensing an unmanaged client

70

Preparing for client
installation

This chapter includes the following topics:

■ Preparing for client installation

■ Preparing Windows operating systems for remote deployment

Preparing for client installation

Table 5-1 lists the actions that are required to prepare computers for client

installation.

Table 5-1

Client computer preparation

DescriptionAction

■ Uninstall any third-party virus protection software. In general, you can use the

Windows Add or Remove Programs tool to uninstall programs. However, some
programs have special uninstallation routines. See the documentation for the
third-party software.

■ Uninstall any legacy Symantec virus protection software if you do not plan to

migrate the settings.
See “About migrating to Symantec Endpoint Protection Small Business Edition”

on page 86.
See the Symantec documentation for your legacy Symantec virus protection

software for information about uninstallation.

Uninstall currentlyinstalled
virus protection software

5

Chapter

Table 5-1

Client computer preparation (continued)

DescriptionAction

Prepare your computers for remote client deployment.

■ Modify firewall settings to allow communication between Symantec Endpoint

Protection Small Business Edition components.
See “Preparing Windows operating systems for remote deployment” on page 72.

Prepare computers for
remote deployment
(optional)

You deploy the client software using any of the three available methods.

See “About client deployment methods” on page 75.

Deploy client software

Preparing Windows operating systems for remote
deployment

Table 5-2lists the associated tasks that you must do on clientcomputer operating

systems to successfully install the client remotely.

Table 5-2

Remote deployment actions

TasksOperating system

Windows XPcomputers that are installed in workgroups do
not accept remote deployment. To permit remote
deployment, disable Simple File Sharing.

Note: This limitation does not apply to computers that are

part of a Windows domain.

Prepare Windows XP
computers that are installed
in workgroups

Windows User Access Control blocks local administrative
accounts from remotely accessing remote administrative
shares such as C$ and Admin$.

Perform the following tasks:

■ Disable the File Sharing Wizard.

■ Enable network discovery by using the Network and

Sharing Center.

■ Enable the built-in administrator account and assign a

password to the account.

■ Verify that the account has administrator privileges.

Prepare Windows Vista,
Windows Server 2008, or
Windows 7 computers

Preparing for client installation

Preparing Windows operating systems for remote deployment

72

Table 5-2

Remote deployment actions (continued)

TasksOperating system

The SymantecEndpoint ProtectionManager requires access
to thesystem registryfor installation and normal operation.

To prepare a computer to install Symantec Endpoint
Protection Manager using a remote desktop connection,
perform the following tasks:

■ Configure a server that runs Windows Server 2003 to

allow remote control.

■ Connect to the server from a remote computer by using

a remoteconsole session, or shadow the console session.

Prepare Windows Server
2003 computers for
installation using a remote
desktop connection

See your Windows documentation for more information.

See “Preparing for client installation” on page 71.

73Preparing for client installation

Preparing Windows operating systems for remote deployment

Preparing for client installation

Preparing Windows operating systems for remote deployment

74

Installing the Symantec
Endpoint Protection Small
Business Edition client

This chapter includes the following topics:

■ About client deployment methods

■ Restarting client computers

■ About managed and unmanaged clients

■ Installing an unmanaged client

■ Uninstalling the client

About client deployment methods

You deploy the Symantec Endpoint Protection Small Business Edition client by
using the Client Deployment Wizard. You deploy the client software after the
Symantec Endpoint Protection Manager is installed.

See “Preparing for client installation” on page 71.

Table 6-1 displays the client deployment methods that you can use.

6

Chapter

Table 6-1

Client deployment options

DescriptionOptions

Users receive an email message that contains a link to
download and install the client software. The users must
have local administrator rights to their computers. Web
Link andEmail notificationinstallation isthe recommended
deployment method.

See “Deploying clients using a Web link and email”
on page 76.

Web link and email

Remote push installation lets you control the client
installation. Remote push installation pushes the client
software tothe computers that you specify. The installation
begins automatically.

See “Preparing Windows operating systems for remote

deployment” on page 72.

See “Deploying clients by using Remote Push ” on page 77.

Remote push

Custom installation creates an executable installation
package that you save to the management server and then
distribute to the client computers. Users run a setup.exe
file to install the client software.

See “Deploying clients by using Save Package” on page 79.

Save package

Deploying clients using a Web link and email

The Weblink and email method creates a URL for each client installation package.
You sendthe link to users in anemail or make it available froma network location.

You perform this procedure in two stages:

■ Select and configure the client installation packages. Client installation

packages arecreated for 32-bit and 64-bit Windows computers. The installation
packages are stored on the computer that runs Symantec Endpoint Protection
Manager.

■ Notify the computer users about the client installation packages. An email

message is sent to the selected computer users. The email message contains
instructions to download and install the client installation packages. Users
follow the instructions to install the client software.

The Mac client install package is automatically exported as a .zip file. To expand
the packageto the Apple install format .mpkg, you must useeither theMac Archive

Installing the Symantec Endpoint Protection Small Business Edition client

About client deployment methods

76

Utility or the ditto command. You cannot use either the Mac unzip command or
any Windows unzip application.

To deploy clients by using a Web link and email

1

On the Home page, in the Common Tasks menu, select Install protection
client to computers.

2

Select the type of deployment you want to use and then click Next.

The New Package Deployment option uses the packages that are stored on
the Symantec Endpoint Protection Manager. By default, two packages are
available. You can optionally create new packages with custom settings and
features. Existing Package Deployment lets you use the packages that have
been exported previously.

3

For a new package, select the package, the group, the installation feature set
and content options and then click Next.

The management server includes preconfigured packages.

4

Click Web Link and Email, and then click Next.

5

In the Email Recipients and Message panel, specify the email recipients and
the subject, and then click Next.

You can either specify who receives the URL by email, or copy the URL and
post it to a convenient online location. To specify multiple email recipients,
type a comma after each email address.

6

If you want to deliver the link in email, accept the default email subject and
body or edit the text, and then click Next.

7

Click Finish.

8

You or the computer users must restart the client computers.

See “Restarting client computers” on page 80.

9

Confirm that the computer users received the email message and installed
the client software.

See “Viewing client inventory” on page 266.

Deploying clients by using Remote Push

Remote Push lets you control the client installation. Remote Push pushes the
client software to the computers that you specify. Using Remote Push requires
knowledge of how to search networks to locate computers by IP address or
computer names.

See “About client deployment methods” on page 75.

77Installing the Symantec Endpoint Protection Small Business Edition client

About client deployment methods

Remote Push performs the following actions:

■ Select an existing client installation package or create a new installation

package.

■ For new installation packages, configure package deployment settings

■ Locate computers on your network.

Remote Push locates the computers that you specify or the computers that
are discovered to be unprotected.

■ Push the client software to the computers that you specify.

To push the client software, you should use a domain administrative account
if the client computer is part of an Active Directory domain. Remote Push
Installation requires elevated privileges.

See “PreparingWindows operatingsystems forremote deployment”on page72.

■ Install the client software on the computers.

The installation automatically begins on the computers.

You may start the client deployment from the console.

To deploy clients by using Remote Push

1

In the console, click Home.

2

On the Home page, in the Common Tasks menu, select Install protection
client to computers. The Client Deployment wizard starts.

3

In the Welcome to the Client Deployment Wizard pane, select whether a
new or an existing package is used and click Next.

4

For a new installation package, select the client version, the feature set, the
client group and content options, and then click Next.

5

Click Remote Push, and then click Next.

6

Locate the computers to receive the client software, and then click >> to add
the computers to the list.

To browse the network for computers, click Browse Network.

To find computers by IP address or computer name, click Search Network,
and then click Find Computers.

Authenticate with the domain or workgroup if prompted.

Note: You can set a timeout value to constrain the amount of time the server
applies to a search.

7

Click Next.

Installing the Symantec Endpoint Protection Small Business Edition client

About client deployment methods

78

8

Click Send to push the client software to the selected computers.

9

Wait while the client software is pushed to the selected computers.

10

Click Finish.

The installationstarts automatically on the client computers. Theinstallation
takes several minutes to complete.

11

Depending on the client restart settings of the deployed client, you or the
computer users may need to restart the client computers.

See “Restarting client computers” on page 80.

12

Confirm the status of the deployed clients.

See “Viewing client inventory” on page 266.

Deploying clients by using Save Package

Save Package creates installation packages that can be installed using third-party
deployment software or a login script.

Save Package performs the following actions:

■ Create 32-bit or 64-bit executable installation package.

The installation packagecan compriseone setup.exefile ora collectionof files
that includea setup.exe file. Computer users often find one setup.exe file easier
to use.

■ Save the installation package in the default directory or a directory of your

choice.
The default directory is as follows:
C:\temp\Symantec\ClientPackages
You must provide the installation package to the computer users. The users

run the setup.exe file to install the client software. You or the computer users
must restart the computers after installation.

See “About client deployment methods” on page 75.

You may start the client deployment from the console.

To deploy clients by using Save Package

1

In the console, click Home.

2

On the Home page, in the Common Tasks menu, select Install protection
client to computers.

3

In the ClientDeployment Wizard, selectNew Package Deployment to select
an installation package already on the server. Select Existing Package
Deployment to choose a package that was previously exported. Click Next.

79Installing the Symantec Endpoint Protection Small Business Edition client

About client deployment methods

4

Select thepackage, the group, the installation featureset and content options
and then click Next.

5

Click Save, and then click Next.

6

Check Single .exe file or Separate files.

Note: Use Single .exe file unless you require separate files for a third-party
deployment program.

7

In the Export folder box, accept the default directory or specify another
directory, and then click Next.

8

Review the settings summary, and then click Next.

9

Wait while the custom installation package is created.

10

Click Finish.

11

Provide the custom installation package to the computer users.

Save the installation package to a shared network, or email the installation
package to the computer users.

12

Confirm that the computer users installed the custom installation package.

Note: You or the computer users must restart the client computers.

See “Viewing client inventory” on page 266.

See “Restarting client computers” on page 80.

Restarting client computers

You need to restart client computers after you install the client software or other
third-party software.You can restart the client computers at any time byrunning
a restart commandfrom the management server. You can also schedule the client
computers to restart during a time that is convenient for users.

See “About commands you can run on client computers” on page 113.

See “Running commands on the client computer from the console” on page 114.

Installing the Symantec Endpoint Protection Small Business Edition client

Restarting client computers

80

To restart a selected client computer

1

In the console, click Computers.

2

On the Computers page, on the Computers tab, select a group.

3

On the Computers tab, select a computer, right-click Run Command on
Group, and then click Restart Client Computers.

To restart the client computers in a selected group

1

In the console, click Computers.

2

On the Computers page, on the Computers tab, select a group, right-click
Run Command on Group, and then click Restart Client Computers.

About managed and unmanaged clients

You install caninstall the client software as a managed client or as an unmanaged
client.

Table 6-2

Client computer types

DescriptionType

You administerthe clientsfrom theconsole. Managedclient
computers connect to your network. You use the console to
update the client software, security policies, and virus
definitions on the managed client computers.

In most cases, you install the client software as a managed
client.

You can install a managed client in either of the following
ways:

■ During initial product installation

■ From the console after installation

Managed client

The primary computer user must administer the client
computer. An unmanaged client cannot be administered
from the console. The primary computer user must update
the client software, security policies, and virus definitions
on the unmanaged client computer.

You install an unmanaged client directly from the product
disc.

See “Installing an unmanaged client” on page 82.

Unmanaged client

See “Converting an unmanaged client to a managed client” on page 115.

81Installing the Symantec Endpoint Protection Small Business Edition client

About managed and unmanaged clients

Installing an unmanaged client

Unmanaged clients do not connect to Symantec Endpoint Protection Manager.
You orthe primary computer users must administer the computers. In mostcases,
unmanaged clients connect to your network intermittently or not at all.

You or the primary computer users must maintain the computers. This
maintenance includes monitoring and adjusting the protection on the computers,
and updating security policies, virus definitions, and software.

See “About managed and unmanaged clients” on page 81.

To install an unmanaged computer

1

On the computer, insert the product disc.

The installation starts automatically. If it does not start automatically,
double-click Setup.exe.

2

Click Install an unmanaged client, and then click Next.

3

On the License Agreement Panel, click I accept the terms in the license
agreement, and then click Next.

4

Confirm that the unmanaged computer is selected, and then click Next.

This panel appears when you install the client software for the first time on
a computer.

5

On the Protection Options panel, select the protection types, and then click
Next.

6

On the Ready to Install the Program panel, click Install.

7

On the Wizard Complete panel, click Finish.

Uninstalling the client

You uninstall the Symantec Endpoint Protection Small Business Edition client by
using the Windows Add or Remove Programs utility.

If the client software uses a policy that blocks hardware devices, the devices are
blocked after you uninstall the software. Use the Windows Device Manager to
unblock the devices.

See your Windows documentation for more information.

See “Deploying clients using a Web link and email” on page 76.

Installing the Symantec Endpoint Protection Small Business Edition client

Installing an unmanaged client

82

To uninstall the client

1

On the client computer, on the Start menu, click Control Panel > Add or
Remove Programs.

2

In the Add or Remove Programs dialog box, select Symantec Endpoint
Protection Small Business Edition, and then click Remove.

3

Follow the onscreen prompts to remove the client software.

83Installing the Symantec Endpoint Protection Small Business Edition client

Uninstalling the client

Installing the Symantec Endpoint Protection Small Business Edition client

Uninstalling the client

84

Upgrading and migrating to
Symantec Endpoint
Protection Small Business
Edition

This chapter includes the following topics:

■ About migrating to Symantec Endpoint Protection Small Business Edition

■ Migrating from Symantec Client Security or Symantec AntiVirus

■ Upgrading to a new release

■ Migrating a management server

■ Stopping and starting the management server service

■ Disabling LiveUpdate in Symantec AntiVirus before migration

■ Disabling scheduledscans in Symantec System Center when you migrate client

computers

■ Turning off the roaming service

■ Uninstalling and deleting reporting servers

■ Unlocking server groups in Symantec System Center

■ About upgrading client software

■ Upgrading clients by using AutoUpgrade

7

Chapter

About migrating to Symantec Endpoint Protection
Small Business Edition

Symantec Endpoint Protection Small Business Edition detects and migrates
Symantec legacy virus protection software.

Table 7-1

Supported migrations

DescriptionProduct

You canoptionally migrateSymantec legacy virus protection
software.

Migration detectsand migratesinstallations ofthe following
Symantec legacy virus protection software:

■ Symantec AntiVirus Corporate Edition 9.x and 10.x.

■ Symantec Client Security 2.x and 3.x

■ Symantec Endpoint Protection Small Business Edition

Small Business Edition 12.0

See “Migrating from Symantec Client Security orSymantec

AntiVirus” on page 87.

Also check the following information:

Migration Web site

See “Where to go for information on upgrading and

migrating” on page 331.

You may skip migration as follows:

■ Uninstall theSymantec legacyvirus protectionsoftware

from your servers and client computers.

■ During Symantec Endpoint Protection Manager

installation, cancel the migration option.

■ After initialproduct installation,use SymantecEndpoint

Protection Manager to adjust the group settings and
policy settings.

■ Install theSymantec EndpointProtection SmallBusiness

Edition client on the unprotected legacy computers.

Symantec legacy virus
protection software

Installation detects and upgrades Symantec Endpoint
Protection Small Business Edition to a new maintenance
release.

See “Upgrading to a new release” on page 90.

Symantec Endpoint
Protection Small Business
Edition

Upgrading and migrating to Symantec Endpoint Protection Small Business Edition

About migrating to Symantec Endpoint Protection Small Business Edition

86

Migrating from Symantec Client Security or Symantec
AntiVirus

You can migrate the clients that run Symantec legacy virus protection software.
During migration, the database in Symantec Endpoint Protection Small Business
Edition is populated with the group data and policy data from the legacy
installation. Installation packages are created for the legacy clients.

Note: Management servers migrate the legacy clients.

See “About migrating to Symantec Endpoint Protection Small Business Edition”
on page 86.

Table 7-2

Migration summary

DescriptionActionStep

Prepare your legacy installation for migration as follows:

■ Disable scheduled scans.

The migration might fail if a scan is running during migration.
See “Disablingscheduled scansin SymantecSystem Centerwhen youmigrate

client computers” on page 93.

■ Disable LiveUpdate.

Conflicts might occur if LiveUpdate runs on the client computers during
migration.

See “Disabling LiveUpdate in Symantec AntiVirus before migration”
on page 92.

■ Turn off roaming service.

Migration might hang and fail to complete if the roaming service is running
on the client computers.

See “Turning off the roaming service” on page 93.

■ Unlock server groups.

If you are migrating from Symantec AntiVirus, unpredictable results might
occur if the server groups are locked.

See “Unlocking server groups in Symantec System Center” on page 95.

■ Turn off Tamper Protection.

Tamper Protection can cause unpredictable results during migration.

■ Uninstall and delete reporting servers.

Uninstall the reporting servers, and optionally delete the database files.
See “Uninstalling and deleting reporting servers” on page 94.

See your Symantec legacy virus protection software documentation for more
information.

Prepare Symantec
Client Security or
Symantec AntiVirus
for migration

1

87Upgrading and migrating to Symantec Endpoint Protection Small Business Edition

Migrating from Symantec Client Security or Symantec AntiVirus

Table 7-2

Migration summary (continued)

DescriptionActionStep

Migrate the legacy group settings and policy settings.

See “About migrating computer groups” on page 88.

See “Migrating group settings and policy settings” on page 88.

Migrate legacy group
and policy settings

2

Verify and optionally adjust the migrated group settings and policy settings.

See “Viewing assigned computers” on page 105.

See “Moving a client computer to another group” on page 105.

See “Viewing assigned policies” on page 124.

Verify migrated data3

Import yourlegacy licensefile intoSymantec EndpointProtection SmallBusiness
Edition.

See “Importing a license” on page 67.

Import legacy license4

Deploy the client to the legacy computers.

See “About client deployment methods” on page 75.

Deploy the client
software

5

Note: When you upgrade from Symantec Endpoint Protection Small Business
Edition Small Business Edition, your upgrade license activates new features on
previously installed clients.

About migrating computer groups

Migration creates a My Company child group for each legacy group. The My
Company child groupname is a concatenation of each legacy group and its legacy

child groups.

For example, suppose the legacy group Clients contains the legacy child groups
ClientGroup1 andClientGroup2. TheMy Company child group names are Clients,
Clients.ClientGroup1, and Clients.ClientGroup2.

See “Migratingfrom Symantec Client Security or Symantec AntiVirus” on page 87.

Migrating group settings and policy settings

The followingprocedure uses the Migration Wizard tomigrate the group settings
and thepolicy settings from Symantec AntiVirus Corporate Edition and Symantec
Client Security.

Upgrading and migrating to Symantec Endpoint Protection Small Business Edition

Migrating from Symantec Client Security or Symantec AntiVirus

88

The Migration Wizard automatically runs during initial product installation. You
can also run the Migration Wizard from the Start menu on the computer that
hosts Symantec Endpoint Protection Manager.

See “Migratingfrom Symantec Client Security or Symantec AntiVirus” on page 87.

To migrate group settings and policy settings

1

Start the Migration Wizard if necessary.

To startthe Migration Wizard from the console computer, onthe Start menu,
click All Programs > Symantec Endpoint Protection Manager > Symantec
Endpoint Protection Manager Tools > Migration Wizard.

2

In the Migration Wizard panel, click Next.

3

In the Migration Wizard panel, specify the following settings:

Specify where the server policy settings are configured.

Select one of the following options:

■ Server group

■ Each parent server

Server policy settings

Specify where the client policy settings are configured.

Select one of the following options:

■ Server group or client group

■ Each parent server

Client policy settings

4

Click Next.

5

In the Migration Wizard panel, select one of the following options:

This option imports the settings from all the servers. Type
the IP address of a computer that runs theSymantec System
Center.

Auto-detect Servers

This optionimports the settings from a single server and the
clients that it manages. Type the IP address of a computer
that runs a server.

Add Server

6

Click Next.

7

Follow the on-screen prompts to complete the migration.

89Upgrading and migrating to Symantec Endpoint Protection Small Business Edition

Migrating from Symantec Client Security or Symantec AntiVirus

Upgrading to a new release

You can upgrade to the latest release of the product. To install a new version of
the software, you must perform certain tasks to ensure a successful upgrade.

The information in this section is specific to upgrading software in environments
where a version of Symantec EndpointProtection 11.x or 12.0 isalready installed.

Table 7-3

Process for upgrading to the latest Small Business Edition release
update

DescriptionActionStep

Back up the database used by the Symantec Endpoint Protection Manager to
ensure the integrity of your client information.

See “Backing up the database and logs” on page 306.

Back up the databaseStep 1

The Symantec Endpoint Protection Manager service must be stopped during
the installation.

See “Stopping and starting the management server service” on page 91.

Stop the Symantec
Endpoint Protection
Manager service

Step 2

Install thenew versionof theSymantec EndpointProtection Managerin your
network. The existing version is detected automatically, and all settings are
saved during the upgrade.

See “Installing the management server and the console” on page 45.

Upgrade the Symantec
Endpoint Protection
Manager software

Step 3

Upgrade your client software to the latest version.

See “About upgrading client software” on page 95.

The easiest way to update clients in groups with the latest software is to use
AutoUpgrade. You should first update a group with a small number of test
computers before you update your entire production network.

See “Upgrading clients by using AutoUpgrade” on page 96.

You can also update clients with LiveUpdate if you permit clients to run
LiveUpdate and if the LiveUpdate Settings policy permits

See “Managing content updates” on page 251.

Upgrade Symantec client
software

Step 4

Migrating a management server

You must migrate all management servers before you migrate any clients.

Warning: You must follow the scenario that applies to your type of installation,
or your migration can fail.

Upgrading and migrating to Symantec Endpoint Protection Small Business Edition

Upgrading to a new release

90

The migration process is similar to a fresh installation.

Table 7-4 lists the tasks to migrate Symantec Endpoint Protection Manager.

Table 7-4

Migration tasks

DescriptionTask

Install themanagement serverby using the Management Server
Configuration Wizard.

See “Installing the management server and the console”
on page 45.

Install the new
management server

The Management Server Upgrade wizard starts automatically.
Follow the instructions in the wizard to configure the new
server.

Configure the
management server

When the Symantec Endpoint Protection Manager logon panel
appears, log on to the console by using your legacy logon
credentials.

Log onto the
management server

Note: You are not required to restart the computer after migration, but you may
notice performance improvements if you restart the computer and log on.

Stopping and starting the management server service

Before you upgrade, you must manually stop the Symantec Endpoint Protection
Manager serviceon the management server. After you upgrade, theservice starts
automatically.

Warning: If you do not stop the Symantec Endpoint Protection Manager service
before you upgrade the server, you risk corrupting your existing Symantec
Endpoint Protection Small Business Edition database.

See “Upgrading to a new release” on page 90.

To stop the Symantec Endpoint Protection Manager service

1

Click Start > Settings > Control Panel > Administrative Tools > Services.

2

In the Services window, under Name, scroll to and right-click Symantec
Endpoint Protection Manager.

3

Click Stop.

91Upgrading and migrating to Symantec Endpoint Protection Small Business Edition

Stopping and starting the management server service

4

Close the Services window.

Warning: Close the Services window or your upgrade can fail.

5

Repeat this procedure for all installations of Symantec Endpoint Protection
Manager.

To start the Symantec Endpoint Protection Manager service using the command
line

◆

From a command prompt, type:

net start semsrv

To stop the Symantec Endpoint Protection Manager service using the command
line

◆

From a command prompt, type:

net stop semsrv

Disabling LiveUpdate in Symantec AntiVirus before
migration

If LiveUpdate runs on client computers during migration, conflicts may occur.
Therefore, you must turn off LiveUpdate on client computers during migration.

See “Migratingfrom Symantec Client Security or Symantec AntiVirus” on page 87.

To disable LiveUpdate in Symantec AntiVirus

1

In the Symantec System Center, right-click a server group.

2

Click All Tasks > Symantec AntiVirus > Virus Definition Manager.

3

In the Virus Definition Manager dialog box, check Update only the primary
server of this server group, and then click Configure.

4

In the Configure Primary Server Updates dialog box, uncheck Schedule for
Automatic Updates, and then click OK.

5

In theVirus Definition Manager dialog box, uncheck thefollowing selections:

■ Update virus definitions from parent server

■ Schedule client for automatic updates using LiveUpdate

■ Enable continuous LiveUpdate

Upgrading and migrating to Symantec Endpoint Protection Small Business Edition

Disabling LiveUpdate in Symantec AntiVirus before migration

92

6

Check Do not allow client to manually launch LiveUpdate, and then click
OK.

7

Repeat this procedure for all server groups if you have more than one.

Disabling scheduled scans in Symantec System Center
when you migrate client computers

If a scan is scheduled to run and is running while the client migration occurs,
migration may fail. A best practice is to disable scheduled scans during migration
and then enable after migration.

See “Migratingfrom Symantec Client Security or Symantec AntiVirus” on page 87.

To disable scheduled scans

1

In the Symantec System Center, do one of the following actions:

■ Right-click a management server.

■ Right-click a client group.

2

Click All Tasks > Symantec AntiVirus > Scheduled Scans.

3

In the Scheduled Scans dialog box, on the Server Scans tab, uncheck all
scheduled scans.

4

On the Client Scans tab, uncheck all scheduled scans, and then click OK.

5

Repeat this procedure for all primary management servers, secondary
management servers, and all client groups.

Turning off the roaming service

If the roaming service is running on client computers, the migration might hang
and failto complete. If the roaming service is turned on, you must turn it off before
starting the migration.

Note: If your roaming clients run Symantec AntiVirus version 10.x, you must
unlock your server groups before you disable the roaming service. This practice
helps ensure that roaming clients are properly authenticated with certificates to
their parent server.

93Upgrading and migrating to Symantec Endpoint Protection Small Business Edition

Disabling scheduled scans in Symantec System Center when you migrate client computers

To turn off the roaming service

1

In the Symantec System Center, right-click a server group.

2

Click All Tasks > Symantec AntiVirus > Client Roaming Options.

3

In theClient Roaming Options dialog box, in the Validate parent every minutes
box, type 1.

4

In theSearch for the nearest parent every minutes box, type 1, and then press
OK.

5

Wait a few minutes.

6

In the Symantec System Center, right-click a server group.

7

Click All Tasks > Symantec AntiVirus > Client Roaming Options.

8

In theClient Roaming Options dialog box, uncheck Enable roaming on clients
that have the Symantec AntiVirus Roaming service installed.

9

Click OK.

See “Migratingfrom Symantec Client Security or Symantec AntiVirus” on page 87.

Uninstalling and deleting reporting servers

If you installed one or more reporting servers, you must uninstall these reporting
servers, and optionally delete the database files. You must also delete reporting
servers from the Symantec System Center. Complete reporting server
uninstallation information is available in the Symantec System Center Online
Help. Legacy settings were stored in the Windows registry. All settings are now
stored in a database along with the reporting data.

See “Migratingfrom Symantec Client Security or Symantec AntiVirus” on page 87.

To uninstall reporting servers

1

Log on to a computer that runs the reporting server.

2

Click Start > Settings > Control Panel > Add or Remove Programs.

3

In theAdd orRemove Programs dialog box, click SymantecReportingServer,
and then click Remove.

4

Follow the on-screen prompts until you delete the reporting server.

5

Repeat this procedure for all reporting servers.

To delete reporting servers from the Symantec System Center

1

In the Symantec System Center, right-click and expand Reporting.

2

Right-click each reporting server, and then click Delete.

Upgrading and migrating to Symantec Endpoint Protection Small Business Edition

Uninstalling and deleting reporting servers

94

Unlocking server groups in Symantec System Center

If you do not unlock server groups before migration, unpredictable results may
occur. Also, if the roaming service is enabled for clients, the unlocking the server
group helps ensure that the clients properly authenticate to a parent server.
Clients that properly authenticate to a parent server get placed in the database.
Clients that get placed in the database automatically appear in the correct legacy
group in the console after installation.

To unlock a server group

1

In the Symantec System Center, right-click a locked server group, and then
click Unlock Server Group.

2

In the Unlock Server Group dialog box, type the authentication credentials
if necessary, and then click OK.

See “Migratingfrom Symantec Client Security or Symantec AntiVirus” on page 87.

About upgrading client software

You can use several methods to upgradeSymantec client software. Some methods
can take up to 30 minutes. Therefore, you may want to upgrade client software
when most users are not logged on to their computers.

Table 7-5

Methods to upgrade Symantec Endpoint Protection Small Business
Edition and Symantec Network Access Control client software

DescriptionUpgrade method

Use AutoUpgrade to update clients in one or more groups from the
Symantec Endpoint Protection Manager console.

See “Upgrading clients by using AutoUpgrade” on page 96.

AutoUpgrade

Deploy a policy that allows clients to run LiveUpdate.

See “Enabling and disabling LiveUpdate scheduling for client

computers” on page 257.

LiveUpdate policy

Use the installation program on the product disc to install a new
version of the client.

Product disc

Use one of the other supported methods of installing client software.

See “About client deployment methods” on page 75.

Other methods

If theSymantec Network Access Control client is also installed, youshould upgrade
both the Symantec Endpoint Protection Small Business Edition client and the

95Upgrading and migrating to Symantec Endpoint Protection Small Business Edition

Unlocking server groups in Symantec System Center

Symantec Network Access Control client. You can assign both the Symantec
Endpoint Protection Small Business Edition package and the Symantec Network
Access Control package to the same group. In this case, make sure that the
Maintain Features option is selected.

See “Upgrading to a new release” on page 90.

Upgrading clients by using AutoUpgrade

The AutoUpgrade process lets you automatically upgradethe SymantecEndpoint
Protection Small Business Edition client software for all the clients that are
contained in a group. For example, you can use AutoUpgrade to upgrade clients
to a new maintenance release or product version.

You must test the AutoUpgrade process before you attempt to upgrade a large
number of clients in your production network. If you do not have a test network,
you can create a test group within your production network. For this kind of test,
you add a few non-critical clients to the test group and then upgrade them by
using AutoUpgrade. You confirm that the upgrade completed successfully by
verifying the version number of the client software. The version number is
displayed in the client's Help >About panel.

See “About upgrading client software” on page 95.

To upgrade clients by using AutoUpgrade

1

In theSymantec EndpointProtection Managerconsole, clickHome > Common
Tasks > Install protection client to computers.

2

On the Client Deployment Wizard, select the option for your deployment.
Use ServerPackage Deployment to use a package that is preinstalled on the
server. Use Existing Package Deployment to choose a package that you
exported from a Symantec Endpoint Protection Manager previously. View
the tutorial that is linked from the wizard to learn more. Click Next.after you
make a selection.

3

In the Select Group and Install Feature Sets panel, select the package, the
client groupyou want to upgrade, the installationfeature set, and the content
options for your deployment. Click Next.

4

Select a deployment method and then click Next.

See “Deploying clients by using Remote Push ” on page 77.

See “Deploying clients using a Web link and email” on page 76.

5

If youselect to post the package using emailor a Web-link, follow the prompts
to complete the wizard. You post the files after the wizard completes.

Upgrading and migrating to Symantec Endpoint Protection Small Business Edition

Upgrading clients by using AutoUpgrade

96

6

If you select the remote push option, you add computers to the Install
Protection Client list and then click Next. To select computers, you either

browse for computers, or search by IP address or computer name. To search,
click SearchNetwork > Find Computers and either enter IP addresses or the
computer name. When the computers are located, click Next.

Note: You must provide the credentials for a member of the administrator's
group that is authorized to manage the target computers.

7

To complete the push deployment process, click Send.

Note: The wizard creates the package, which can take two or three minutes.
During this time, no progress is indicated. After the package is created,
progress advances as the package is copied to the selected computers. It can
take severalminutes to send the package over the network. When the progress
shows 100%,the client package is fully copied on theselected computers and
the installer starts on the client computer. The wizard does not show the
progress of the actual installation process. Go to Reports > Report Type >
Computer Status > Deployment Report to gauge the progress of client
installation.

8

Click Finish

97Upgrading and migrating to Symantec Endpoint Protection Small Business Edition

Upgrading clients by using AutoUpgrade

Upgrading and migrating to Symantec Endpoint Protection Small Business Edition

Upgrading clients by using AutoUpgrade

98

Managing protection on
Symantec Endpoint
Protection Small Business
Edition

■ Chapter 8. Managing groups of client computers

■ Chapter 9. Managing clients

■ Chapter 10. Using policies to manage security

■ Chapter 11. Managing Virus and Spyware Protection

■ Chapter 12. Customizing scans

■ Chapter 13. Managing SONAR

■ Chapter 14. Managing Tamper Protection

■ Chapter 15. Managing firewall protection

■ Chapter 16. Managing intrusion prevention

■ Chapter 17. Managing exceptions

2

Section

■ Chapter 18. Configuring updates and updating client computer protection

■ Chapter 19. Monitoring protection with reports and logs

■ Chapter 20. Managing notifications

■ Chapter 21. Managing administrator accounts

100