SLAC Computer Security
Search SLAC
Symantec Endpoint Protection V11 - Overview

Symantec Endpoint Protection (SEP) can protect your computer from destructive programs known as viruses and Trojan horses, and can protect against malicious Active X and Java applets.

For centrally-managed Windows computers at SLAC, the software is automatically installed and configured. There is no installation or configuration needed by the user. If you have any questions, please contact your local administrator.

“How do I topics on SEP:

o     Know its installed,

o     Know it as the latest definitions?

o     Do a 'Live Updates' for off-site computers?

o     Do a scan?


How are 'LiveUpdates' done for off-site computers?

1.    Checks for the installed program

a.     On your local drive (typically C:\), select Program Files directory->Symantec > Symantec Endpoint Protection > SymCorpUI.exe program is present.

b.    Go to 'Start' button, select 'Control Panel', select Performance and Maintenance’, select 'Administrative Tools', and select 'Services'.

c.     Symantec services:’Symantec Endpoint Protection’, ‘Symantec Event Manager’, ‘Symantec Management Clien’t, and ‘Symantec Settings Manager’ appear under 'Services(local)', with 'Status: Started' and 'Startup Type: Automatic'.

Figure 1 - Services Window

d.    Press Control/Alt/Delete keys to bring up the 'Windows Security' dialog box, select 'Task Manager'.  Under 'Processes', six (6) Symantec processes (ccApp.exe, ccSvcHst.exe, Rtvscan.exe, Smc.exe, Smcgui.exe, SymCorpUI.exe) should be listed.

Figure 2 - Task Manager

2.    Is it running properly?

a.     Right click on the Symantec “shield” in the lower right of the task bar, select Open Symantec Endpoint Protection, the Symantec Endpoint Protection window should come up. The ‘Status’ should be green, ‘Your computer is protected.  No problems detected’. (Item 1 in Figure 4.)

Figure 3 - Open SEP

Figure 4 - SEP Window

Note: If you have any problems, please contact your local administrator.

Check for up-to-date 'Virus Definition File'

1.     In the SEP window (see Figure 4), check that the date next to 'Definitions:' is recent. (Item 2 in Figure 4.)

Note: 'LiveUpdate' (Item 3 in Figure 4) is pre-configured to check for updates hourly, if there is a network connection.  You can click on the 'LiveUpdate' button to do a manual update.

If you have any problems, please contact your local administrator.

How are 'LiveUpdates' done for off-site computers?

1.    'LiveUpdate' (Item 3 in Figure 4) is configured to first check the SLAC server for downloads, and if that is not available it will go to the Symantec server for downloads.  Therefore computers within the SLAC internal network will primarily use the SLAC server, and computers off-site will go to the Symantec server. 'LiveUpdate' is pre-configured for you to check for updates hourly. You can click on the 'LiveUpdate' button to do a manual update.

How do I do a scan?

1.    To scan you local drives, you can right click on the drive, folder or file you want to scan within 'Windows Explorer' window.

Figure 5 – Window Explorer

a.     Select 'Scan for viruses'.

Figure 6 – SEP Scan File

2.    You can do an ‘Active Scan’’ or ‘Full Scan’ within the SEP program. 

a.     Bring up the SEP window (See Is it running properly?’ above). Click on ‘Scan for threats’ (Item 4 on Figure 4).

Figure 7 – SEP Scan for Threats/span>

Note: There is a weekly scan scheduled for local drives on a user's computer.  A user cannot currently schedule scans, but can scan at any time.

Users will not be able to scan the network drives (e.g., V drive or home directory Z drive) since this will impede performance on the servers, and anti-virus procedures on the servers are maintained by the Computing Division (CD) system administrators. The real time scanner on the local computer automatically scans every file that has been opened, moved, copied, or executed. In addition, the servers are also running Antivirus software.

 

Last Updated: August 09, 2010
Maintainer: SLAC Computer Security Group
Feedback: Please send it to SLAC Security Critical Issues Feedback