Symantec Endpoint Protection - 12.0 Best Practices

W H I T E P A P E R : B E S T P R A C T I C E S

Symantec Endpoint Protection

Small Business Edition 12

Best Practices

Bill Bowles

Senior Technical Product Manager

Endpoint Security

The latest version of this document can always be accessed via the following
Symantec webpage:

http://www.symantec.com/business/support/overview.jsp?pid=55357

Symantec Endpoint Protection Small Business Edition 12

TABLE OF CONTENTS

TABLE OF CONTENTS .......................................................................................................... 2

INTRODUCTION .................................................................................................................... 3

W

HAT IS

SEP SBE 12? ................................................................................................................... 3

G

ENERAL NOTE ON COMPATIBILITY

S

YSTEM REQUIREMENTS

S

UPPORTED PLATFORMS

.................................................................................................................. 4

.................................................................................................................. 5

................................................................................................... 4

INSTALLATION ..................................................................................................................... 6

M

IGRATION METHODOLOGY

P

HASE I PLANNING AND PREPARATION CONSIDERATIONS

P

HASE II SYMANTEC PROTECTION CENTER INSTALLATION

P

HASE

III P

OST INSTALLATION TASKS

.............................................................................................................. 6

.................................................................... 7

(SPC) ......................................................... 9

.............................................................................................. 22

WHAT TO EXPECT FROM THIS POINT ONWARD ............................................................... 28

RECOMMENDED BEST PRACTICE CONFIGURATION ........................................................ 29

M

ANAGER SETTINGS

...................................................................................................................... 29

Administrator Accounts ........................................................................................................ 30

R

ECOMMENDED CLIENT PROTECTION POLICIES

................................................................................ 31

Virus and Spyware Protection (AntiVirus) Policy ................................................................ 31

Firewall Policy ........................................................................................................................ 32

Intrusion Prevention Policy .................................................................................................. 35

LiveUpdate Policy .................................................................................................................. 35

Centralized Exceptions Policy .............................................................................................. 35

USEFUL ONLINE RESOURCES ............................................................................................ 36

APPENDIX A: COMMON MALICIOUS CODE PORTS ........................................................... 37

2

Symantec Endpoint Protection Small Business Edition 12

INTRODUCTION

This white paper focuses primarily on providing best practices guidance on how to
successfully deploy Symantec Endpoint Protection Small Business Edition 12 (SEP SBE 12)
Manager and Client protection components to Microsoft® Small Business Servers and
create basic security policies.

It is recommended that the getting_started.pdf, implementation_guide.pdf and
Client_guide_sbe.pdf be reviewed prior to deployment of SEP SBE 12. Pay particular
attention to the sections entitled: “Planning the Installation” in the getting_started.pdf
document as they will provide you with a roadmap for a successful SEP SBE 12
installation.

WHAT IS SEP S BE 12?

SEP SBE 12 combines Symantec Antivirus with advanced threat prevention to deliver
unmatched defense against malware for laptops, desktops and servers. It seamlessly
integrates essential security technologies in a single client and management console,
increasing protection and helping lower total cost of ownership. It includes the following
protection technologies:

 Antivirus and Antispyware

 The Antivirus Email Protection feature is aimed at providing additional email

protection to Clients. It is not necessary to install this function if added mail
security is not necessary or if Email filtering has already been implemented
in the environment

 Proactive Threat Protection (TruScan)

 This is currently not supported on server operating systems.

 Intrusion Prevention

 Firewall

The core components required to run in a centrally managed SEP SBE 12 Environment
includes the following:

 Symantec Protection Center (SPC) (A web server also referred to as the “Manager”

which utilizes Apache Tomcat)

 Database (An embedded database, based upon Sybase Adaptive Server Anywhere

version 9)

 SEP SBE 12 Client (Runs on each machine you wish to protect, including the

Manager)

3

Symantec Endpoint Protection Small Business Edition 12

 Symantec Protection Center Remote Console (Optional Java-based console that can

be run from anywhere with network access to the Manager)

GENERA L NOTE ON COMPATIB ILITY

It is very possible to run a Symantec Protection Center and the SEP SBE Client on the same
machine as a Microsoft Windows Small Business Server. By default, there are no technical
conflicts between the two - The key consideration is resource utilization on the target
machine, plus as a general best practice, good planning and preparation are also strongly
recommended.

SYSTEM REQUIREMENTS

While every environment varies, below are some high-level guidelines on recommended
hardware that will help to ensure the Windows Small Business Servers will run smoothly
with SEP SBE 12 installed:

SEP SBE 12 Manager

 32-bit processor: 1-GHz Intel Pentium III or equivalent minimum (Intel Pentium 4 or

equivalent recommended)

 64-bit processor : 2-GHz Pentium 4 with x86-64 support or equivalent minimum

 Intel Itanium processors are not currently supported

 1 GB of RAM minimum (2 GB of RAM recommended)

 4 GB or more of free disk space

SEP SBE 12 Client

 32-bit processor: 1-GHz Intel Pentium III or equivalent minimum (Intel Pentium 4 or

equivalent recommended)

 64-bit processor: 2-GHz Pentium 4 with x86-64 support or equivalent minimum

 Intel Itanium processors are not currently supported

 256 MB of RAM minimum (1 GB of RAM recommended)

 700 MB or more free disk space

4

Symantec Endpoint Protection Small Business Edition 12

SUPPORT ED PLATFORM S

OPERATING SYSTEM 32-BIT 64-BIT

SPC SERVER

Windows 2003 X X

Windows XP X X

Windows 2000 (SP3 and later) X

Windows 2008 X X

Windows 2008 Small Business and Essential Business Servers

X

DATABASE

Embedded X X

CLIENT

Windows Vista X X

Windows 2003 X X

Windows XP X X

Windows 2000 (SP3 and later) X X

Windows 2008 X X

Windows 2008 Small Business and Essential Business Servers

5

X

Symantec Endpoint Protection Small Business Edition 12

INSTALLATION

MIGRATI ON METHODOLOGY

 Phase I Planning and Preparation Considerations

 Review existing environment

 Identify recovery and support procedures

 Obtain SEP SBE 12 Serial Number and Software

 Backup current Small Business Server environment

 Phase II Management Server and Client Installation

 Install the SEP SBE Management server

 Migrate SAV/SCS Legacy Groups and Settings if applicable

 Migrate SAV/SCS Reporting if applicable

 Configure Management Server

 (Groups, LiveUpdate Schedule, Notification Messages, Scheduled

Reports, Administrator Accounts)

 Client Installation

 If possible it is a good practice to test the client installation prior to

production deployment

 Phase III Post Installation Tasks

 Register serial number and import site license

 Backup SBS Server environment

NOTE: Symantec provides notification messages, scheduled reports and protection policies
out-of-the -box that can be leveraged for quick deployment if desired.

6

Symantec Endpoint Protection Small Business Edition 12

PHASE I PLANNING AN D PREP ARATION CON SIDERATIONS

 As a precaution, ensure you have a complete backup of your existing Microsoft

Windows Small Business Server environment, and ensure the backup has been
tested and confirmed to work.

 It is strongly recommend that you take some time to review the system resource

utilization on your Small Business Server before beginning deployment of SEP SEB

12. Detailed below is the typical resource usage you should expect once SEP SBE12
is running.

 Manager (including Database) – Approximately 150MBs

 Client – Between 25MBs (idle) and 50MBs (running LiveUpdate or scheduled

scan)

 Console (when in use) – Approximately 80MBs

 If possible test the deployment of the Manager and Client first in a non-production

test environment.

 It is highly recommended that you view the SEP SBE 12 instructional “Tours”

located at the following links:

 Admin UI Tour:

http://www.symantec.com/redirects/symantec/support_symantec_com/sepsbe/tour/

 Client Installation Tour:

http://eval.symantec.com/flashdemos/products/endpoint_protection/client_install_tour/

 It is recommended that installation be conducted at an off-peak time when there

will be no users or applications interacting with the server.

 Ensure you have registered your company with Symantec Technical Support and

have information on how to contact them to log a support case, so you’re prepared
for the unlikely event that you encounter issues.

 Ensure that you have obtained your SEP SBE 12 serial number to register and

download your license file. You will then import your license file into the Manager.

 The SEP SBE 12 Software can be downloaded at the following link or can be

obtained from your reseller:

https://fileconnect.symantec.com

7

Symantec Endpoint Protection Small Business Edition 12

 Installing the SEP SBE 12 Client with Network Threat Protection Technologies will

require a reboot to enable the technology.

 Installing the Manager will not replace/upgrade an existing SAV 10 or 9 parent

server nor will it install the Client.

 SEP SBE 12 Documentation can be found under the Documents folder on the

installation CD.

IMPORTANT: If another vendor’s antivirus or firewall product is currently running on the
Windows Small Business Server it will need to be removed in advance of installing the SEP
SBE 12 Manager. This also pertains to Clients that will have the SEP SBE 12 Client installed.

If you install the SEP SBE 12 Client on the SAV Parent Server it will remove the SAV Parent
Server and will orphan existing SAV/SCS Clients. This is only recommended if you plan on
migrating your SAV/SCS Clients at the time of the SEP SBE 12 Manager Client installation
otherwise they will need to run parallel with one another as part of a phased migration until
all Clients have been migrated.

The SEP SBE 12 Firewall is installed disabled and will not interfere with the Windows
Firewall if enabled. Once the SEP SBE 12 Firewall has been enabled the Windows Firewall
will be disabled and the SEP SBE 12 Firewall Policy will take effect.

If you have a Symantec System Center and/or SAV Reporting Server installed on the SBS
machine, they must be relocated through Add/Remove Programs before continuing. A
reboot is not required.

SEP SBE 12 does not support migration from SEP 11 SEPM to SEP SBE 12 SPC. The SEPM
will have to be uninstalled prior to installing SEP SBE 12 SPC. If desired the SEP 11 policies
can be exported and imported into the SEP SBE 12 SPC after installation.

8

Symantec Endpoint Protection Small Business Edition 12

PHASE I I SYMANTEC P ROTECT ION CENTER INSTA LLATION (SPC)

The installation of the Manager can be done within 20 minutes under normal
circumstances. Symantec has streamlined the manager installation process for Small
Business Environments requiring little input from the user during the Manager
installation. To install the Symantec Protection Center:

Locate and execute the Setup.exe file located on Disc 1 of the installation files. The
installation menu should appear. Select Install Symantec Endpoint Protection.

9

Symantec Endpoint Protection Small Business Edition 12

Select Next

Select “I accept the terms in the license agreement” and then select Next

10

Symantec Endpoint Protection Small Business Edition 12

(Select “Change” if you need to change the path from the default and then select

Next.

Select Install

11

Symantec Endpoint Protection Small Business Edition 12

Select Next

Enter your Company Name and Password. The User name will default to Admin which
can’t be changed at this time. Enter an Email address of an administrator that will receive
notification messages. Symantec provides multiple notification messages out-of-box that
will send Security Status information to designated administrators. These messages can
be reconfigured if desired from the management console. “REMEMBER YOUR
PASSWORD. IT WILL BE NEEDED TO LOG INTO THE MANAGEMENT CONSLE.”

12