Home Print Show Topic URL Previous Next

Configuring Endpoint Protection policies

Online Help

Configuring Symantec Endpoint Protection Small Business Edition (SEP SBE) cloud to best suit the security needs of your organization requires only that you:

By default all new computers are added to the Default Group and are assigned the Endpoint Security default policy. No further configuration required.

Different agents are installed for desktops & laptops than for servers. The protection settings available for servers differ from the protection settings available for desktops & laptops.

To create policies

  1. In the SEP SBE Management Console, click the Policies page.

  2. On the left pane, under Services, click Endpoint Protection.

  3. You can either create a new policy from scratch or save a copy of the default policy.

    To save a copy of default policy, click on the Endpoint Protection Default Policy link. A warning is displayed saying that default policies cannot be edited. Click Save a Copy.

    To create a policy from scratch, click Add Policy.

  4. On the policy configuration page, do the following:

    Enter a Name and Description for the policy.

    Assign the appropriate protection settings using the check boxes.

    Set a Scan Schedule by designating the scan frequency, time to start, and the computers to scan.

    Assign the policy to the appropriate groups in the Groups section of the page.

  5. Click Save & Apply. The policy is applied to the computers in the selected group or groups.

These categories of protection offer a defense in-depth security solution. Computer Protection features focus on the high risk communications reaching a computer.

Table: Computer Protection

Protection Setting


Desktops & Laptops



Virus and security risk protection features provide comprehensive virus prevention and security risk detection for your computer. Known viruses are automatically detected and repaired. Instant messenger attachments, email message attachments, Internet downloads, and other files are scanned for viruses and other potential risks. In addition, the definition updates that Automatic LiveUpdate downloads when your computer is connected to the Internet keeps you prepared for the latest security risks.

User can disable Antivirus - Enables users to turn off Antivirus protection for:

  • 15 minutes

  • one hour

  • five hours

  • Until the system restarts

The disable function only works on desktops & laptops.

Exclude Mapped network drives - Prevents scanning of the network drives mapped on desktops or laptops. Option not available for servers.

Exclude Removable Drives - Prevents scanning of the removable media that is attached to desktops or laptops. Option not available for servers.

Custom Exclusions - Enables administrators to exclude specific files, folders, or file types from antivirus scanning.

See Creating custom exclusions

LiveUpdate requires adequate disk space to run successfully. Please ensure that your computers have 1 GB of available disk space to avoid LiveUpdate failures.




Symantec Endpoint Protection SONAR, Symantec Online Network for Advanced Response, to provide real-time protection against threats and proactively detects unknown security risks on your computer. SONAR identifies emerging threats based on the behavior of applications. It also identifies threats more quickly than the traditional signature-based threat detection techniques. SONAR detects and protects you against malicious code even before virus definitions are available through LiveUpdate.

SONAR monitors your computer for malicious activities through heuristic detections.

SONAR automatically blocks and removes high-certainty threats. Norton Internet Security notifies you when high-certainty threats are detected and removed. SONAR provides you the greatest control when low-certainty threats are detected.

The View Details link in the notification alert lets you view the summary of the resolved high-certainty threats. You can view the details under Resolved security risks category in the Security History window.

LiveUpdate requires adequate disk space to run successfully. Please ensure that your computers have 1 GB of available disk space to avoid LiveUpdate failures.




Antispyware protects your computer against the security risks that can compromise your personal information and privacy.

Symantec Endpoint Protection Antispyware detects these major categories of spyware:

  • Security risk

  • Hacking tool

  • Spyware

  • Trackware

  • Dialer

  • Remote access

  • Adware

  • Joke programs

  • Security assessment tools

  • Misleading Applications



Full-screen Detection

Full-screen detection stops antivirus scans and prioritizes performance of the computer over antivirus scanning. Endpoint Protection still runs in the background providing continuous protection.


USB Device Control enables administrators to prevent malicious code injection and intellectual property theft by controlling employee use of USB removable storage devices. USB mice and keyboards are unaffected by USB Device Control because they do not provide data storage.

Table: USB Device Control

Protection Setting


Desktops & Laptops


USB device access

The drop-down enables a policy configuration to either allow or to block access to a USB device. Blocking events are logged for review and reporting.



Read only access

The check box allows USB device access to be restricted to read-only access.

This function is not available for servers.


Enable user notifications

Enables the toast messages on the endpoint alerting the user to USB device blocking.



Web Protection defends Internet Explorer and Firefox from attack; presents website safety ratings; and evaluates downloads from the web.

Table: Web Protection

Protection Setting


Desktops & Laptops


Browser Protection

With the increase in Internet use, your web browser is prone to attack by malicious websites. These websites detect and exploit the vulnerability of your web browser to download malware programs to your system without your consent or knowledge. These malware programs are also called drive-by downloads. Norton Internet Security protects your web browser against drive-by downloads from malicious websites.

Norton Internet Security proactively blocks new or unknown malware programs before they attack your computer. By protecting your web browser, Norton Internet Security secures your sensitive information and prevents the attackers from controlling your system remotely.

The Browser Protection feature checks for browser vulnerabilities in the following browsers:

  • Internet Explorer

  • Firefox

  • Chrome

You must turn on the Browser Protection option to enable this feature.

This feature applies only to desktops and laptops.


Download Intelligence

Download Intelligence provides information about the reputation of any executable file that you download from the supported portals. The reputation details indicate whether the downloaded file is safe to install. You can use these details to decide the action that you want to take on the file.

Some of the supported portals are:

  • Internet Explorer (Browser)

  • Opera (Browser)

  • Firefox (Browser)

  • Chrome (Browser)

  • AOL (Browser)

  • Safari (Browser)

  • Yahoo (Browser)

  • MSN Explorer (Browser, email & Chat)

  • QQ (Chat)

  • ICQ (Chat)

  • Skype (Chat)

  • MSN Messenger (Chat)

  • Yahoo Messenger (Chat)

  • Limewire (P2P)

  • BitTorrent (P2P)

  • Thunder (P2P)

  • Vuze (P2P)

  • Bitcomet (P2P)

  • uTorrent (P2P)

  • Outlook (email)

  • Thunderbird (email)

  • Windows Mail (email)

  • Outlook Express (email)

  • FileZilla (File Manager)

  • UseNext (Download Manager)

  • FDM (Download Manager)

  • Adobe Acrobat Reader (PDF viewer)

The reputation levels of the file are safe, unsafe, and unknown. You can install safe files. Norton Internet Security removes the unsafe files. In the case of unknown files, Download Intelligence prompts you to take a suitable action on the file. You can run the installation of the file, stop the installation, or remove a file from your computer.

When you downloaded a file, Download Intelligence processes the file for analysis of its reputation level. Auto-Protect analyzes the reputation of the file. Auto-Protect uses the threat signatures that Norton Internet Security receives during definitions updates and other security engines to determine the safety of an executable file. If the file is unsafe, Auto-Protect removes it. Auto-Protect notifies the results of file analysis to Download Intelligence. Download Intelligence then triggers notifications to inform you whether the file is safe to install or needs attention. You must take a suitable action on the files that need attention. In case of an unsafe file, Download Insight informs you that Norton Internet Security has removed the file.

Security History logs details of all events that Download Intelligence processes and notifies. It also contains information about the actions that you take based on the reputation data of the events. You can view these details in the Download Intelligence category in Security History.


Network Protection defends your computer by detecting and preventing attacks through your network connection and evaluating the safety email attachments.

Table: Network Protection

Protection Setting


Desktops & Laptops


Intrusion Prevention

Intrusion Prevention scans all the network traffic that enters and exits your computer and compares this information against a set of attack signatures. Attack signatures contain the information that identifies an attacker's attempt to exploit a known operating system or program vulnerability. Intrusion prevention protects your computer against most common Internet attacks.

For more information about the attacks that intrusion prevention blocks, visit:

If the information matches an attack signature, intrusion prevention automatically discards the packet and breaks the connection with the computer that sent the data. This action protects your computer from being affected in any way.

Intrusion prevention relies on an extensive list of attack signatures to detect and block suspicious network activity. You should run LiveUpdate regularly to ensure that your list of attack signatures is up to date.

LiveUpdate requires adequate disk space to run successfully. Please ensure that your computers have 1 GB of available disk space to avoid LiveUpdate failures.


Email Protection

Email Protection protects your computer against the threats that you might receive through email attachments. It automatically configures your email program for protection against viruses and other security threats.

This feature applies only to desktops and laptops.


Smart Firewall

The Smart Firewall monitors the communications between your computer and other computers on the Internet. It also protects your computer and alerts you to such common security problems as:

  • Improper connection attempts from other computers and of attempts by programs on your computer to connect to other computers

  • Port scans by unauthorized computers

  • Intrusions by detecting and blocking malicious traffic and other attempts by outside users to attack your computer

A firewall blocks hackers and other unauthorized traffic, while it allows authorized traffic to pass. Turning off Smart Firewall reduces your system protection. Always ensure that the Smart Firewall is turned on.

The Smart Firewall provides two configurable options:

User can disable Firewall - Enables a local computer user to override the Smart Firewall for a certain period of time. This option permits an installation or other administrative function. The firewall can be disabled for:

  • 15 minutes

  • one hour

  • five hours

  • Until the system restarts

Report Blocked Events - Uploads blocked firewall events from the computer to your Endpoint Protection account. The blocked events are added to the computer history page and the statistical data that is displayed on the Home page. Blocked events are also available within the Security History page of the local Norton Internet Security interface. No alerts are issued based on this data as they are low risk events.

Firewall Rules - Enables administrators to customize firewall rules for their organization.

Program Control - Enables administrators to allow or block Internet access for agent-discovered programs.

This feature applies only to desktops and laptops.

See Configuring Firewall Rules


Email Protection

Provides the protection to the inbound and the outbound emails by guarding against the most common email viruses, worms, and Trojans.