Thoughts on Managing Symantec

jshipman
New Contributor III

Hey Nation!

I am preparing to roll out Symantec Endpoint Protection to all 2600 of my Macs and I'm a little timid about it. I don't have much of a choice, but I was hoping that all of you could share with me your best practices and potential pitfalls before I dive head first and run into issues.

What settings do you have configured in your management console? What are best practices for deployment (I did successfully package and deploy SEP using the client package and it managed with no issue, but I'd still like to find out if there is anything I'm missing)?

Also, I'm running into a weird issue where the client says it's being managed and it's connected to the right server, but the management console isn't seeing it. In fact it isn't seeing any of the Mac clients that have SEP on them. Any ideas?

THANKS!!

8 REPLIES 8

hkim
Contributor II

If it's possible according to your security policies, see if you can skip compressed files / VMs as part of your policy for scheduled full scans.

donmontalvo
Esteemed Contributor III

Active scanning is a must on PC, but we disable on Mac. If there's an outbreak, it can be toggled on again.

Balancing risk and impact...

--
https://donmontalvo.com

Yoshimi
New Contributor II

Not knowing what versions you are using, I can only speculate based on our own experience. In our environment we are still on SEP 11 reporting in to a SEPM console.

One is that the SEP/SAV client is not location-aware. If you have any kind of network boundaries or segments in use in your SEPM console, they're useless on the Macs. They have no way of reporting where they are.

Two is that a lot of the SEPM functionality is lost on the Mac client. The Macs should be able to check in and report, and get LiveUpdate updates, but not much else.

rderewianko
Valued Contributor II

When packaging Sep, make sure you include the folder "additional resources" and then have a after script that acutally installs the pkg. If you don't you are not going to get sep playing nice.

mithunsanghavi
New Contributor

Hello,

Check these Articles:

How to deploy Mac client installation package ?
https://www-secure.symantec.com/connect/articles/how-deploy-mac-client-installation-package

Installing Symantec Endpoint Protection for Macintosh
http://www.symantec.com/docs/TECH131675

How to deploy the Symantec Endpoint Protection client for Macintosh using Apple Remote Desktop 3.x
http://www.symantec.com/docs/TECH160427

Symantec Endpoint Protection for Macintosh Frequently Asked Questions
http://www.symantec.com/docs/TECH134203

Hope that helps!!

asditsupport
New Contributor III

@ rderewianko
Could you please help me with this? I already have Symantec in .pkg, how would I include the Additional resources in to it?
Thanks!

Marcel_75
New Contributor

I've build it with 3 steps in one policy in the Casper Suite (works also to upgrade a normal installation of Symantec Endpoint Protection to a managed one, there is no need to uninstall before ... and if you ever have to do an uninstall, you have to use two scripts, but that's another story ... :)):

  1. My first policy is named "01_Install_SEP_Managed" and will install "SEP_Managed_12.2_sylink.pkg". I've build this PKG with Composer, it will install the sylink.xml into /Library/Application Support/Symantec/SMC/sylink.xml. Important: Check the correct file permissions of this XML file (on a Test-Mac you used to install the Managed SEP manually) and set the file permissions for this file also inside Composer before you build this PKG. The sylink.xml is the one and only important file from your "Additional Resources" folder, which you build and exported from the Symantec Console on Windows.
    In the advanced setting of this first step you trigger the next step, I do it with "/usr/sbin/jamf policy -trigger 02_Install_SEP_Managed".

  2. Now the policy named "02_Install_SEP_Managed" will run and install Symantec Endpoint Protection.pkg (the one from the Windows Console export). After installation it will trigger the 3rd policy called "03_Install_SEP_Managed".

  3. The third policy will install the virus definitions manually, you can download them from here: http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=nmc

Inside the zip file you will find the actual "SymantecAVDefs_Intel.pkg", which you use for this policy.

We do this because sometimes the LiveUpdater will run into an endless loop of updating his definitions database. If you install the full definitions package before the first Symantec LiveUpdater check, this will not happen - so it's the best way to avoid this behavior.

The last step is "Update Inventory" and all works fine.

Nix4Life
Valued Contributor

I agree with Yoshimi. Still on SEP 11, because it allows you to still maintain your own Mac liveupdate server (something for that old PowerPC box). Less stuff I have on the Windows side the better

LS