Advice Request Help with Symantec unmanged client config

Vitali Ortzi · Mar 27, 2020

So basically I have been trying to edit/config Symantec endpoint unmanaged client SRP
module but unfortunately wasn't able to, Sine Symantec doesn't allow editing without SPEM (Managed) even tried to edit the .dat policy files, but they are encrypted
The only possible way is via XML export from a managed client .
if anyone has SPEM or Configured Sep with default deny policy for (application and device control module) and only needed ports allowed (53,80,4443,443,8080).
You can see the image below for the modules I currently have installed .
link to Broadcom guide in how to export configured XML :

How to Export and Import a Symantec Endpoint Protection client policy

knowledge.broadcom.com

Vitali Ortzi · Mar 28, 2020

@ForgottenSeer 58943 can you export a xml / dat policy file or provide a link to spem trial ?

Burrito · Mar 28, 2020

Vitali Ortzi said:
@ForgottenSeer 58943 can you export a xml / dat policy file or provide a link to spem trial ?

@ForgottenSeer 58943 is a good guy to ask. He may have a link to a sperm trial. But he only checks into MT occasionally now.

Possibly @bjm_ would know.... but maybe he's more of a Norton guy -- rather than Symantec. Not sure.

I run SEP on 2 machines... but I have nothing beyond the unmanaged endpoints.

And... I will lose SEP 14 soon, as my comped copy is being taken away.

On an old computer, I have SEP 12.1-- but definitions EOL is coming up for that one. And that's too bad. SEP 12.1 is perfect for an old machine.

And so........ Burrito & SEP will part ways.

Vitali Ortzi · Mar 28, 2020

Burrito said:
@ForgottenSeer 58943 is a good guy to ask. He may have a link to a sperm trial. But he only checks into MT occasionally now.

Possibly @bjm_ would know.... but maybe he's more of a Norton guy -- rather than Symantec. Not sure.

I run SEP on 2 machines... but I have nothing beyond the unmanaged endpoints.

And... I will lose SEP 14 soon, as my comped copy is being taken away.

On an old computer, I have SEP 12.1-- but definitions EOL is coming up for that one. And that's too bad. SEP 12.1 is perfect for an old machine.

And so........ Burrito & SEP will part ways.

Thankfully my license is rated as non expiring at least till SES replaces SEP(inbuilt slf )
anyway doesn't just the definition update(live update module) is blocked after expire for non managed?

Burrito · Mar 28, 2020

Vitali Ortzi said:
Thankfully my license is rated as non expiring at least till SES replaces SEP(inbuilt slf )
anyway doesn't just the definition update(live update module) is blocked after expire for non managed?

Typically yes.

For SEP, often the software is tied to an enterprise/corporate account. In some cases, the software will become nonfunctional if the associated enterprise account is terminated or if a sysadmin (from the sponsoring enterprise entity) cuts off unmanaged clients.

But often, you get to keep SEP forever until they stop providing definitions. In many cases though (depending on the account that your SEP is linked to) -- you cannot get software updates.

If you have SEP 14 --- then that's great. It's good and light protection.

Dave Russo · Mar 28, 2020

Burrito said:
Typically yes.

For SEP, often the software is tied to an enterprise/corporate account. In some cases, the software will become nonfunctional if the associated enterprise account is terminated or if a sysadmin (from the sponsoring enterprise entity) cuts off unmanaged clients.

But often, you get to keep SEP forever until they stop providing definitions. In many cases though (depending on the account that your SEP is linked to) -- you cannot get software updates.

If you have SEP 14 --- then that's great. It's good and light protection.

When they stop providing definitions(if thy do) will the only way to know is that the live update status will no longer work ,no you think?

Vitali Ortzi · Mar 28, 2020

Dave Russo said:
When they stop providing definitions(if thy do) will the only way to know is that the live update status will no longer work ,no you think?

it might take some time to migrate the whole enterprises systems to SES.
I bet we will get at least a year before stopping live updates on SEP from the moment Symantec sends the free upgrade to SES.

Burrito · Mar 28, 2020

Dave Russo said:
When they stop providing definitions(if thy do) will the only way to know is that the live update status will no longer work ,no you think?

Yeah.

And there is an end of life (EOL) and end of support published.

Released versions of Symantec Endpoint Protection

knowledge.broadcom.com

Burrito · Mar 28, 2020

Vitali Ortzi said:
it might take some time to migrate the whole enterprises systems to SES.
I bet we will get at least a year before stopping live updates on SEP from the moment Symantec sends the free upgrade to SES.

I think you will get a lot more time than that.

At the link I posted above.... SEP 12 will get definitions until April 21.

I suspect that SEP 14 will get them for quite a bit longer.

But.... with Broadcom in charge.... hard to know for sure.

Vitali Ortzi · Mar 28, 2020

Burrito said:
I think you will get a lot more time than that.

At the link I posted above.... SEP 12 will get definitions until April 21.

I suspect that SEP 14 will get them for quite a bit longer.

But.... with Broadcom in charge.... hard to know for sure.

I just cant trust Broadcom with that ,
you know already the hell that enterprises and suppliers have with licensing.
at least I hope someone could just port a good xml policy that might help even after the end of support !
so we can use the superb SEP firewall and SRP module .

Dave Russo · Mar 28, 2020

Vitali Ortzi said:
Thankfully my license is rated as non expiring at least till SES replaces SEP(inbuilt slf )
anyway doesn't just the definition update(live update module) is blocked after expire for non managed?

Have you changed any of the firewall settings? 1.,I added"Block all traffic until Firewall starts and after Firewall stops 2.Enable network application monitoring.

Vitali Ortzi · Mar 28, 2020

Dave Russo said:
Have you changed any of the firewall settings? 1.,I added"Block all traffic until Firewall starts and after Firewall stops 2.Enable network application monitoring.

Yes I did , so I don't need a firewall policy other then what's optional by the GUI.
Only missing is the limited use of the SRP without a policy change via SPEM.

Vitali Ortzi · Apr 23, 2020

if anyone wants full sep capability i can make a policy for an unmanaged client
just pm me
i have a trick to get very long extended SPEM trial pm me if you want it

Search

Advice Request Help with Symantec unmanged client config

Vitali Ortzi

Level 22

How to Export and Import a Symantec Endpoint Protection client policy

Vitali Ortzi

Level 22

Burrito

Level 24

Vitali Ortzi

Level 22

Burrito

Level 24

Dave Russo

Level 21

Vitali Ortzi

Level 22

Burrito

Level 24

Released versions of Symantec Endpoint Protection

Burrito

Level 24

Vitali Ortzi

Level 22

Dave Russo

Level 21

Vitali Ortzi

Level 22

Vitali Ortzi

Level 22

Similar threads