<Internal Use Only>

Symantec Endpoint Protection v12.1 Setting Guide

Rev.1: February 17, 2012
Rev.0: December 22, 2011

Introduction
This document describes the installation procedure and setting guide for Symantec
Endpoint Protection v12.1 (server & client). The Symantec Endpoint Protection Manager is
the server that is used for deploying the client software and management of client machines.
The clients may be installed with Yokogawa products like CENTUM VP, CENTUM CS 3000,
PRM, ProSafe-RS, or VTSPortal.

The installation and setting of the Symantec Endpoint Protection Manager on 32-bit and 64-
bit Windows operating systems are covered in this document.

Please refer to “R2-2011-8171 Exclusion folder for antivirus software (Internal Use Only)”
for the applicable system product revisions and the exclusion folders. Also for the
exclusion folders, please also refer to “7 Exclusion Folder” in this document.

Table of Contents
Introduction ........................................................................................................................... 1
1 Installation Procedure .................................................................................................... 2
2 Before Installation .......................................................................................................... 3
2.1 Software Requirement............................................................................................ 3
2.2 Preparation on Client Machine ............................................................................... 3
2.3 Preparation for Client Machine in Different Subnet................................................. 7
2.4 Preparation for Server Machine (Symantec Endpoint Protection Manager) ........... 9
3 Installing Symantec Endpoint Protection Manager ...................................................... 11
4 Configuring Symantec Endpoint Protection Manager .................................................. 19
4.1 Create Group for Symantec Endpoint Protection Clients...................................... 19
4.2 Configuring Update Policy for Clients ................................................................... 23
4.3 Create new Client Install Feature Set ................................................................... 25
4.4 Activate Symantec Endpoint Protection License .................................................. 26
5 Deploying Client Software ........................................................................................... 30
6 Virus Definition Update ................................................................................................ 39
6.1 Download Definition Update File .......................................................................... 39
6.2 Verify Successful Update on Symantec Endpoint Protection Manager ................ 40
6.3 Verify Successful Update on Symantec Endpoint Protection Clients.................... 43
7 Exclusion Folder .......................................................................................................... 46
7.1 Setup User-defined Exceptions ............................................................................ 46

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

1/47
 <Internal Use Only>
1 Installation Procedure
The Symantec Endpoint Protection installation and setting procedure are summarized
below.

Symantec Endpoint Protection Configuration

Preparation for Client

Machine
(Chapter: 2,
Section: 2.2 & 2.3)

Preparation for
Server Machine
(Chapter: 2,
Section: 2.4)

Install Symantec
Endpoint Protection
Manager
(Chapter: 3)

Configure Symantec
Endpoint Protection
Manager
(Chapter: 4)

Deploy Client
Software
(Chapter: 5)

Manual Virus
Definition Update
(Chapter: 6)

Installation of
Yokogawa Product Configure Exceptions
such as CENTUMVP, (Chapter: 7)
CS3000, PRM,
ProSafe-RS, VTSPortal

Note: It’s recommended to install Symantec Endpoint Protection v12.1 first before
installing Yokogawa products such as CENTUM VP, CENTUM CS 3000, PRM,
ProSafe-RS, or VTSPortal. Installation of Yokogawa Products will not be covered by
this document.

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

2/47
 <Internal Use Only>
2 Before Installation
The procedures to prepare the computers for Symantec Endpoint Protection installation
procedure are following sections.

2.1 Software Requirement

The computer on which you install Symantec Endpoint Protection Manager should meet the
following software requirements:

- Supported operating systems: Windows XP Professional (32-bit), Windows Server 2003

R2 (32-bit), Windows 7 (64-bit), Windows Server 2008 R2 (64-bit).

- Internet Explorer 7, 8, or 9.

The computers on which you deploy the Symantec Endpoint Protection client software
should meet the following software requirements:

- Supported operating systems: Windows XP Professional (32-bit), Windows Server 2003

R2 (32-bit), Windows Vista (32-bit), Windows Server 2008 (32-bit), Windows 7 (64-bit),
Windows Server 2008 R2 (64-bit).

2.2 Preparation on Client Machine

1. Disable the File Sharing Wizard (Windows Vista, Windows Server 2008, Windows 7,
Windows Server 2008 R2) or Simple File Sharing setting (Windows XP).
a. In the My Computer or Computer window, click [Tools] -> [Folder Options].
b. On the [View] tab, under “Advanced Settings”, uncheck “Use Sharing Wizard
(Recommended)” or “Use simple file sharing (Recommended)”, and then click
[OK] button (See Figure 2-1 and 2-2).

Figure 2-1: Disable File Sharing Wizard

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

3/47
 <Internal Use Only>

Figure 2-2: Disable Simple File Sharing

2. Enable Network Discovery and File Sharing (Windows Vista and Windows Server 2008).
a. From the Control Panel, double click “Network and Sharing Center”.
b. Under “Sharing and Discovery”, click “Network Discovery” (See Figure 2-3).
c. Select “Turn on Network Discovery” and then click the [Apply] button.
d. Similarly, expand the “File sharing” option. Select “Turn on File sharing” and
then click the [Apply] button.

Figure 2-3: Network Discovery & File Sharing

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

4/47
 <Internal Use Only>
3. Enable Network Discovery and File and Printer Sharing (Windows 7 and Windows
Server 2008 R2).
a. From the Control Panel, open the [Windows Firewall] window.
b. In the left pane, select “Allow a program or feature through Windows Firewall”
(Figure 2-4).

Figure 2-4: Allow a program or feature through Windows Firewall

c. In the next window, click the [Change settings] button. Next, place a check
mark for “File and Printer Sharing” and “Network Discovery” respectively for the
current network profile (e.g. Public) that is used on the computer and then click
the [OK] button (Figure 2-5).

Figure 2-5: Allow File and Printer Sharing & Network Discovery

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

5/47
 <Internal Use Only>
4. Enable exception for File and Printer Sharing (if Windows Firewall is turned on for
Windows XP or Windows Server 2003 R2).
a. From the Control Panel, open the [Windows Firewall] window.
b. In the [Exceptions] tab, place a check mark in the checkbox for “File and Printer
Sharing” and click the [OK] button (Figure 2-6).

Figure 2-6: Enable File and Printer Sharing

5. Enable the built-in Administrator account (Windows Vista and Windows 7).
a. Click [Start] -> [Settings] -> [Control Panel] -> [Administrative Tools] ->
[Computer Management].
b. In the Computer Management window, click and expand “Local Users and
Groups”.
c. Click [Users] folder.
d. In the right pane, right-click [Administrator], and then select [Set Password...].
e. In the Warning prompt, click [Proceed] button to continue (Figure 2-7).

Figure 2-7: Reset Password

f. In the Set Password for Administrator dialog box, type the same password in
the password boxes, and then click the [OK] button (Figure 2-8).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

6/47
 <Internal Use Only>

Figure 2-8: Set Password for Administrator

g. In the right pane, right-click [Administrator], and then select [Properties].

h. Uncheck [Account is disabled], and then click the [OK] button (Figure 2-9).

Figure 2-9: Administrator Account Properties

5. Verify if you can remote access remote administrative share such as “C$”.
a. Click [Start] -> [Run].
b. Type “\\<target client computer name>\C$”.

Note: Remote access to administrative share such as “C$” is one way to test if your
current user, set to access client machine, can do remote client deployment /
installation.

2.3 Preparation for Client Machine in Different Subnet

The following procedures have to be performed for clients which are in different subnet
from the Symantec Endpoint Protection Manager.

1) On Windows 7 or Windows Server 2008 R2 clients.

a. Click [Start] -> [Control Panel] -> [Windows Firewall] -> [Advanced Setting] ->
[Inbound Rules]
b. Select the below rules and change the scope of “Remote IP address” to “Any IP
address” as shown in Figure 2-10 and Figure 2-11 respectively.
- File and Printer Sharing (NB-Session-In), Profile – Current network profile (In
the figure, the Public profile is selected)
- File and Printer Sharing (SMB-In), Profile – Current network profile (In the
figure, the Public profile is selected).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

7/47
 <Internal Use Only>

Figure 2-10: Scope Change (NB-Session-In)

Figure 2-11: Scope Change (SMB-In)

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

8/47
 <Internal Use Only>
2) On Windows Vista or Windows Server 2008 clients.
a. Click [Start] -> [Control Panel] -> [Administrative Tools] -> [Windows Firewall
with Advanced Security] -> [Inbound Rules]
b. Select the below rules and change the scope of [Remote IP address] to [Any IP
address].
- File and Printer Sharing (NB-Session-In), Profile – Current network profile
- File and Printer Sharing (SMB-In), Profile – Current network profile.

3) On Windows XP or Windows Server 2003 R2 clients (if Windows Firewall is turned on).
a. Click [Start] -> [Control Panel] -> [Administrative Tools] -> [Windows Firewall]
b. Select “File and Printer Sharing” and click the [Edit] button.
c. In the Edit a Service dialog, select “TCP 139” and click the [Change scope…]
button (Figure 2-12).

Figure 2-12: Edit a Service

d. Next, select the option “Any computer (including those on the Internet)” in the
Change Scope dialog and click the [OK] button (Figure 2-13).

Figure 2-13: Change Scope

e. Repeat the procedures to change the scope for “TCP 445” as well.

2.4 Preparation for Server Machine (Symantec Endpoint

Protection Manager)
The following procedures have to be performed on the Symantec Endpoint Protection
Manager.

1. Enable Network Discovery and File and Printer Sharing (Windows 7 and Windows

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

9/47
 <Internal Use Only>
Server 2008 R2).
a. Please refer to the procedures provided in Section 2.2, point 3.

2. Enable exception for File and Printer Sharing (if Windows Firewall is turned on for
Windows XP or Windows Server 2003 R2).
a. Please refer to the procedures provided in Section 2.2, point 4.

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

10/47
 <Internal Use Only>
3 Installing Symantec Endpoint Protection Manager
The procedures to install the Symantec Endpoint Protection Manager are shown in this
chapter.

1. Insert the installation disc to the optical drive of the computer. The Symantec Endpoint
Protection Installation Program window will appear. Click on [Install Symantec
Endpoint Protection] to continue (Figure 3-1).

Figure 3-1: Install Symantec Endpoint Protection

2. In the next panel, click [Install Symantec Endpoint Protection Manager] (Figure 3-2).

Figure 3-2: Install Symantec Endpoint Protection Manager

3. In the Symantec Endpoint Protection Manager window, click [Next] button to continue
(Figure 3-3).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

11/47
 <Internal Use Only>

Figure 3-3: Install management server and console

4. In the License Agreement panel, select “I accept the terms in the license agreement”
and click the [Next] button to continue (Figure 3-4)..

Figure 3-4: License Agreement Panel

5. In the Destination Folder panel, accept or change the installation directory, and then
click the [Next] button to continue (Figure 3-5).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

12/47
 <Internal Use Only>

Figure 3-5: Destination Folder panel

6. In the Ready to Install the Program panel, click the [Install] button to start the
installation (Figure 3-6).

Figure 3-6: Ready to Install the Program

7. The installation of the Symantec Endpoint Protection Manager should start and the
progress is shown in the panel (Figure 3-7).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

13/47
 <Internal Use Only>

Figure 3-7: Installation starts

8. When the installation of the management server and console is completed, click the
[Next] button to start the configuration of the management server (Figure 3-8). The
Management Server Configuration Wizard will be loaded after this (Figure 3-9).

Figure 3-8: Configure the management server

Figure 3-9: Management Server Configuration Wizard loading

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

14/47
 <Internal Use Only>
9. In the Management Server Configuration Wizard windows, select “Default
configuration” and click the [Next] button to continue (Figure 3-10).

Figure 3-10: Select configuration type

10. In the next panel, fill in all the required fields to create a system administrator account
and click the [Next] button to continue (Figure 3-11).

Figure 3-11: Create system administrator account

11. In the next panel, leave the settings at default and click the [Next] button to continue
(Figure 3-12).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

15/47
 <Internal Use Only>

Figure 3-12: Settings for communication with email server

12. When the Send Test Email dialog appears, click the [No] button to continue (Figure 3-
13).

Figure 3-13: Send Test Email dialog

13. In the Data Collection panel, uncheck the option to allow submitting anonymous
system and usage information to Symantec and click the [Next] button to continue
(Figure 3-14).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

16/47
 <Internal Use Only>

Figure 3-14: Data Collection panel

14. In the next panel, review all the settings to be configured for the management server
and click the [Next] button to continue (Figure 3-15).

Figure 3-15: Review management server settings

15. The creation and initialization of the Symantec Endpoint Protection database will begin
shortly (Figure 3-16).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

17/47
 <Internal Use Only>

Figure 3-16: Creating the database

16. When the configuration of the management server is completed, click the [Finish]
button to complete the installation of the Symantec Endpoint Protection Manager
(Figure 3-17).

Figure 3-17: Installation completed

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

18/47
 <Internal Use Only>
4 Configuring Symantec Endpoint Protection Manager
The procedures to configure the Symantec Endpoint Protection Manager are shown in the
sections below.

4.1 Create Group for Symantec Endpoint Protection Clients

1. In the Symantec Endpoint Protection Manager window, enter the user name and
password of the Symantec Endpoint Protection system administrator account (created
during installation) and then click the [Log On] button to continue (Figure 4-1).

Figure 4-1: Log on to Symantec Endpoint Protection Manager

2. When the Windows Security Alert dialog appears to warn about blocking of the
Desktop Integration Components binary program, click the [Allow access] button (for
Windows 7) to add an exception for this program to the Windows Firewall (Figure 4-2).
For the case of Windows XP or Windows Server 2003 R2, click the [Unblock] button
(Figure 4-3).

Note: this step is not applicable for Windows Server 2008 R2

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

19/47
 <Internal Use Only>

Figure 4-2: Allow access for program (Windows 7)

Figure 4-3: Unblock program (Windows XP & Server 2003 R2)

3. If the operating system is Windows Server 2003 R2 or Windows Server 2008 R2, a
dialog from Internet Explorer may appear to notify that some content from the local
website (created by Symantec Endpoint Protection Manager during installation) is
being blocked by Internet Explorer Enhanced Security Configuration. In this case, click
the [Add…] button to continue (Figure 4-4). In the Trusted sites dialog, click the [Add]
button to add the website to the list of trusted sites and then click the [Close] button to
continue (Figure 4-5).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

20/47
 <Internal Use Only>

Figure 4-4: Internet Explorer Enhanced Security warning

Figure 4-5: Add to trusted sites

4. When the Welcome page appears, click the [Close] button to close this page (Figure 4-
6)

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

21/47
 <Internal Use Only>

Figure 4-6: Welcome page

5. In the Symantec Endpoint Protection Manager window, click on [Clients] in the left
pane. Next, click on the [My Company] folder under Clients and then select [Tasks] ->
[Add a group] (Figure 4-7)

Figure 4-7: Add Group

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

22/47
 <Internal Use Only>
6. Enter the group name and description then click the [OK] button to continue (Figure 4-
8).

Figure 4-8: Enter Group Name

4.2 Configuring Update Policy for Clients

1. Click on the folder of the newly created group (e.g. VTP) and then select the [Policies]
tab. Uncheck the option [Inherit policies and settings from parent group “My
Company”]. Next, click on [Location-specific Policies and Settings] -> [LiveUpdate
Settings policy [shared]] (Figure 4-9).

Figure 4-9: Policies for clients

2. In the Edit Policy dialog, click the [Create Non-shared Policy From Copy] button
(Figure 4-10).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

23/47
 <Internal Use Only>

Figure 4-10: Create Non-Shared Policy

3. In the LiveUpdate Policy window, select [Windows Settings] -> [Server Settings].
Uncheck the option [Use a LiveUpdate server]. Next, place a check mark beside the
option [Enable third party content management] (Figure 4-11).

Figure 4-11: LiveUpdate Policy

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

24/47
 <Internal Use Only>
4.3 Create new Client Install Feature Set
Next, a new Client Install Feature Set needs to be created as the default Feature Set (Full
Protection for Clients) includes the Proactive Threat Protection and Network Threat
Protection features.

1. In the Symantec Endpoint Protection Manager window, click on [Admin] in the left pane
and select [Install Packages]. In the Install Packages panel, click on [Client Install
Feature Set] and then select [Tasks] -> [Add Client Install Feature Set] (Figure 4-12).

Figure 4-12: Add Client Install Feature Set

2. In the Add Client Install Feature Set dialog, enter the details for Name and Description
and select the features to be installed on the clients as shown in the figure below.
Click the [Ok] button to create the new Feature Set (Figure 4-13).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

25/47
 <Internal Use Only>

Figure 4-13: Settings for new Feature Set

4.4 Activate Symantec Endpoint Protection License

After installing the Symantec Endpoint Protection Manager, the license needs to be
activated.

1. In the Symantec Endpoint Protection Manager window, click on [Admin] in the left pane
and select [Licenses]. In the Licenses panel, click on [Trial] and then select [Tasks] ->
[Activate license] (Figure 4-14)

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

26/47
 <Internal Use Only>

Figure 4-14: Activate license

2. In the License Activation Wizard window, select the option “I have a Symantec License
file (.slf)” and click the [Next] button to continue (Figure 4-15).

Figure 4-15: Use Symantec License file

3. Select the appropriate .slf file and it will be uploaded to the License Activation Wizard.
Click the [Next] button to continue (Figure 4-16).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

27/47
 <Internal Use Only>

Figure 4-16: License file uploaded

4. Next, the details of the selected license file will be shown in the License Activation
Wizard. Confirm the information is correct and click the [Next] button to continue
(Figure 4-17)

Figure 4-17: Check license details

5. If the license is activated correctly, the result will be shown in the License Activation
Wizard (Figure 4-18).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

28/47
 <Internal Use Only>

Figure 4-18: License activation completed

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

29/47
 <Internal Use Only>
5 Deploying Client Software
The procedures to deploy the Symantec Endpoint Protection client software are shown in
this chapter.

1. In the Symantec Endpoint Protection Manager window, click on [Clients] in the left
pane. Next, click on the folder of the group where you want to assign the clients (e.g.
VTP) and then select [Tasks] -> [Add a client] (Figure 5-1).

Figure 5-1: Add a client

2. The Client Deployment Wizard window will appear. In the Select Deployment Type
panel, select “New Package Deployment” as the deployment type and click the [Next]
button to continue (Figure 5-2).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

30/47
 <Internal Use Only>

Figure 5-2: Select Deployment Type

3. In the Select Group and Install Feature Sets panel, make the selections as shown in
Figure 5-3 (install the client software on the Symantec Endpoint Protection Manager
computer itself) or Figure 5-4 (for computers where Yokogawa products will be
installed).

Figure 5-3: Basic Protection for Servers

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

31/47
 <Internal Use Only>

Figure 5-4: Basic Protection for Clients

4. In the Installation Method panel, leave the selection at default (Remote Push) and click
the [Next] button to continue (Figure 5-5).

Figure 5-5: Select installation method

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

32/47
 <Internal Use Only>
5. In the Computer Selection panel, click on the [Search Network] tab and then click the
[Find Computers] button (Figure 5-6).

Figure 5-6: Select computers

6. In the Find Computers dialog, select either “IP address range” and enter a beginning
and ending IP address or “Computer name” and enter the name of the client computer.
Click the [OK] button to start searching for the computers (Figure 5-7).

Figure 5-7: Find Computers

7. If the computers can be found successfully, they will be listed under Available
Computers. Next, select the computers where you want to install the client software
and click the [>>>] button (Figure 5-8).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

33/47
 <Internal Use Only>

Figure 5-8: Found computers successfully

8. The Login Credentials dialog will appear. Enter the required information and then click
the [OK] button to continue (Figure 5-9).

NOTE:
a) For clients in a Domain environment, use the logon credentials of the domain
administrator. Enter the name of the domain which the computer belongs in “Domain
or Workgroup”.
b) For clients in a Workgroup environment, use the logon credentials of the local
administrator of the computer. Enter the name of the workgroup which the computer
belongs in “Domain or Workgroup”.

Figure 5-9: Enter Login Credentials

9. Once all the required computers are added to the list of installation targets, click on the
[Next] button in the Computer Selection panel (Figure 5-10).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

34/47
 <Internal Use Only>

Figure 5-10: To install Protection client

10. In the next panel, a list of computers to be installed with the client software will be
displayed. After confirming, click the [Send] button to start the deployment (Figure 5-
11).

Figure 5-11: Confirm client software installation

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

35/47
 <Internal Use Only>
11. The client software deployment will start. The progress and status are displayed in the
panel (Figure 5-12).

Figure 5-12: Deployment progress & status

12. Once the deployment is completed, the deployment status of each computer is shown
in the deployment summary in the next panel. Click the [Next] button after reviewing
the summary (Figure 5-13).

Figure 5-13: Deployment Summary

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

36/47
 <Internal Use Only>
13. Finally, click the [Finish] button to complete the client deployment process (Figure 5-
14).

Figure 5-14: Client Deployment Wizard Complete

14. All the clients managed by the Symantec Endpoint Protection Manager under the
selected group will be displayed after a short while when the installation of the client
software is completed (Figure 5-15).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

37/47
 <Internal Use Only>

Figure 5-15: Clients managed by Symantec Endpoint Protection Manager

15. On the client computer, the client software installation should be successful and the
Symantec Endpoint Protection icon with a yellow exclamatory mark will be seen in the
notification area (Figure 5-16). After approximately 10 to 15 minutes (depending on the
network), the communication between the Symantec Endpoint Protection Manager and
client computer will be established and the mark will be changed to a green dot in the
icon (Figure 5-17).

Figure 5-16: Client Status (before)

Figure 5-17: Client Status (after)

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

38/47
 <Internal Use Only>
6 Virus Definition Update
The procedures to update the virus definitions for the Symantec Endpoint Protection client
computers are shown in this chapter.

6.1 Download Definition Update File

1. Download the definition update file by going to the following web page:
[Link]

2. Select the 32-bit or 64-bit version for the Symantec Endpoint Protection Manager
(Figure 6-1)

Figure 6-1: Update Definition for Symantec Endpoint Protection Manager

3. Download and save the file on the desktop or other locations on the Symantec
Endpoint Protection Manager computer.

4. After the download is completed, rename the file extension to .jdb from .zip.

5. Copy the *.jdb file to this location (Figure 6-2)

- Windows XP or Server 2003 R2:
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming
- Windows 7 or Server 2008 R2:
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

39/47
 <Internal Use Only>

Figure 6-2: Folder path for Update Definitions

6. Within 30 seconds to a minute, the *.jdb file will be processed and a new folder will be
created automatically at the same location (Note: All the files and folders are removed
from the incoming folder upon completion of processing).

6.2 Verify Successful Update on Symantec Endpoint Protection

Manager
1. In the Symantec Endpoint Protection Manager window, click on [Admin] in the left pane
and select [Servers]. Verify if the messages for successfully downloaded the security
definitions are displayed inside the message display area (Figure 6-3).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

40/47
 <Internal Use Only>

Figure 6-3: Server messages

2. In the Symantec Endpoint Protection Manager window, click on [Monitors] in the left
pane and select the [Logs] tab. Select Log type: System and Log content: Server
Activity and then click the [View Log] button (Figure 6-4). If the Virus & Spyware
definition on the Symantec Endpoint Protection Manager is “downloaded” (updated)
correctly, 3 associated events will be generated in the system logs accordingly (Figure
6-5).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

41/47
 <Internal Use Only>

Figure 6-4: Check System Logs

Figure 6-5: System Logs (Server Activity)

3. The new Virus & Spyware definition will then be automatically applied to the client
computers.

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

42/47
 <Internal Use Only>
6.3 Verify Successful Update on Symantec Endpoint Protection
Clients
1. In the Symantec Endpoint Protection Manager window, click on [Monitors] in the left
pane and select the [Logs] tab. Select Log type: System and Log content: Client
Activity and then click the [View Log] button. If the Virus & Spyware definition on the
Symantec Endpoint Protection client is updated correctly, 2 associated events will be
generated in the system logs accordingly (Figure 6-6). Note: In the figure, the events
generated by a 32-bit (blue rectangle) and 64-bit client (red rectangle) are shown
respectively.

Figure 6-6: System Logs (Client Activity)

2. On the client computer, click [Start] -> [All Programs] -> [Symantec Endpoint
Protection]. In the Symantec Endpoint Protection window, check the status, date and
revision of the Virus and Spyware protection definition (Figure 6-7).

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

43/47
 <Internal Use Only>

Figure 6-7: Symantec Endpoint Protection Status

3. In the Symantec Endpoint Protection window, select View Logs from the left pane and
then click the [View Logs] button for Virus and Spyware Protection. In the context
menu that appears, select System Log (Figure 6-8). In the Virus and Spyware
Protection Logs window, a Definition File Loaded event should be recorded when the
definition is updated. Check the version of the definition file (Figure 6-9).

Figure 6-8: View System Log of client

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

44/47
 <Internal Use Only>

Figure 6-9: Definition File Loaded event

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

45/47
 <Internal Use Only>
7 Exclusion Folder
When Symantec Endpoint Protection is active, there is possibility that it may affect the
behavior of Yokogawa application (e.g. CENTUM, ProSafe-RS). If this is the case, the
affected folders and files may be set to be excluded from virus and Spyware scans.

7.1 Setup User-defined Exceptions

The procedure to set affected files and folders are explained as follows:

1. Log on to the client computer as administrator or as a member of the administrative

users group.
2. Start Symantec Endpoint Protection and select [Change settings] in the left pane. In
the “Change Settings” menu, click on the [Configure Settings] button for Exceptions
(Figure 7-1).

Figure 7-1: Change Settings for Exceptions

3. In the Exception window, click on the [Add] button. Next, select [Security Risk
Exception] -> [Folder] from the context menu (Figure 7-2).

Figure 7-2: Add folder to exclude from scan

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

46/47
 <Internal Use Only>
4. In the Browse for Folder window, select a folder (e.g. C:\CENTUMVP) from the
relevant location in the computer. If it is required to exclude all the items under the
selected folder from scanning, place a check mark in the checkbox for [Include
Subfolders]. Click the [OK] button to continue (Figure 7-3).

Note: Please refer to the following document for the list of exclusion folders of
Yokogawa products for antivirus software: “R2-2011-8171 Exclusion folder for
antivirus software (Internal Use Only).”

Figure 7-3: Select folder

5. After adding the folder(s), confirm the setting(s) in the Exceptions window. If
everything is correct, click the [Close] button to apply the setting(s) and exit (Figure 7-
4).

Figure 7-4: Check setting & exit

R2-2011-8211E Symantec Endpoint Protection v12.1 Setting Guide Rev.1

47/47