Thursday, April 21, 2011

Symantec End Point (SEP) moving clients to a new SEP Management Console

We recently installed a new SEPM as the other one malfunctioned and were faced with the task of either reinstalling the SEP client on every device or else find a way of simply modifying the client to point to the new manager. Obviously the path of least effort was preferred. Smile 

After doing some searching on Google the following steps were found on how to accomplish this:

clip_image001

This worked but we ran into one or two issues I would like to highlight:

  1. We had monitoring enabled on all servers so stopping the smc.exe service resulted in the ‘self-healing’ capability of the software simply restarting it again before we could paste the xml file onto the server. We resolved this by: 
    1. Setting the service to ‘Disabled’,
    2. Stopping the service,
    3. Pasting the file,
    4. Setting the service back to ‘Automatic’ and starting the service.
  2. The pasted xml file you require should be taken from a device of equal version and architecture e.g. Server 2008 R2 x64 to another Server 2008 R2 x64.
  3. Once the client has reported into the new SEPM it will show in its previous default location in the clients module on the SEPM. To enact the new policy simply move the client to the correct location and then update the policy on the device.

C

Posted by Chris Lazari at 4:45 PM 0 comments
Labels: , , , ,

Tuesday, April 19, 2011

Symantec End Point Protection and Microsoft Hyper-V

Recently we deployed a new Hyper-V host and secured it from Malware by installing Symantec End Point (SEP). Although there are those out there that believe installing anti-malware on a server with the role of host only is not recommended, we decided to do this due to the fact that source software was going to be copied to the server from what we deemed was an untrusted source.

After a few days the virtual machines running on the server could only see each other and not other servers or virtual servers on the network. We discovered that the SEP client was blocking access to the network and once we uninstalled the client network connectivity was re-established and has been stable ever since.

Lesson:

1. Deploy Hyper-V with properly configured anti-malware and once VM deployment is complete, remove the file shares, the executable data and the anti-malware client.

C

Posted by Chris Lazari at 8:17 AM 0 comments
Labels: , , , ,
Subscribe to: Posts (Atom)