Centrally Managed Desktop Anti-Virus Protection using Symantec AntiVirus or Symantec Endpoint Protection

(This information is for Windows users only)

For Windows machines, where new viruses and virus outbreaks are most common, one of the main advantages of Symantec AntiVirus (SAV) or Symentec Endpoint Protection (SEP) is the ability for the software to be "managed" remotely. What this means is that the software installed on a desktop machine can be configured to allow its settings to be managed and monitored from a central server. SAS Computing will run such a server and it will also be used to provide program and virus definition updates automatically. This option is only available for Windows machines.

SAS Computing has found the use of SAV and SEP  in managed mode on Windows machines to be a major advance in the provision of protection from viruses, in that up-to-date protection can be maintained with far less intervention and monitoring being required on the part of the user.

SAS Computing implements SAV and SEP in managed mode for all supported Windows machines which are continuously connected to the ethernet network when in use. It is the default for all new Windows machines installed by SAS Computing staff.

This document provides more information regarding the use of SAV and SEP in managed mode and SAS Computing's implementation of this system.

 

Why is managed mode being used?

Use of managed mode helps to ensure that the antivirus protection is active and properly configured on the managed machines, that virus definitions on these machines are up to date, and allow virus definition updates to be applied automatically without user intervention. This is a hige advantage if a virus outbreak starts, as all managed machines can be updated easily after new defintions are released. In addition, the virus detection reporting features available in managed mode allow computing staff to monitor the presence of viruses on managed machines.

 

How does it work?

When the SAV and SEP software is installed in managed mode, a management component (based on Intel's LANDesk remote management product) is also installed. This allows the desktop client to communicate with the management server. Most communication is client initiated, but configuration changes can be sent from the server to the client as well. If a machine is turned off, it will simply check in with the server when it is next booted up and will obtain any needed updates and configuration changes at that time.

 

What sort of access to my machine does it provide?

This arrangement will only allow computing staff to manage the antivirus software itself, and to receive status messages from this software. It does not provide any other level of access to the client. When a virus is detected on a machine, this will be logged centrally and the local computing support provider will receive this informatiom. The file name of an infected file is included in these status messages, but no contents of files are made available by this system.

 

Isn't this an invasion of my privacy?

While the use of SAV and SEP in managed mode may represent a small decrease in privacy, it should be viewed in the context of the advantages it will provide. For one, having up-to-date (and properly configured) antivirus software is one of the best protections against the sort of privacy violations that can take place if a "backdoor" monitoring program is surreptitiously installed on a desktop machine. Security compromise of desktop machines by such programs, which if present can provide someone else with total access to your machine, is a real and growing risk.

 

If my machine is managed, what do I still have to do?

SAS Computing staff monitor the status of all managed mode clients, so as to ensure that virus defintions are not out of date and that the machine continues to stay in contact with the management server. If your machine is operating in managed mode, you should still plan to occasionally check to ensure that your definitions are current and that the antivirus software is loaded and operational. To check status, look for the yellow shield icon in the system tray on the bottom right of the screen. Ensure that it does not have a red slash mark through it, If it does, then SAV or SEP is not active. Double click on the icon to open SAV or SEP. Check the data of the Virus Definition File. It should be no older than a week or so. Contact your LSP if you see any problems.

You should also plan to contact your LSP as soon as possible if you receive any error messages from SAV or SEP or any notifications that a virus was detected but not cleaned.

Since even the most current virus definitions can't protect against a brand new virus, you should also plan to continue to be very careful not to expose yourself to any viruses. For example, don't open any attachments you receive in e-mail unless you know the sender AND know that they were going to send you the attachment (since some viruses spread by sending mail to all addresses in a user's address book).

What if I don't want you to manage my antivirus software in this way?

Use of centrally managed antivirus software is the best way to ensure adequate protection for a large number of machines while at the same time making the best use of the necessarily limited time that computing staff can devote to this task. Thus, we hope that you will not choose to opt out of this initiative, but you are free to decline to participate.

However, if you do so, you will have to assume full responsibility for maintaining proper virus protection on your machine. SAS Computing staff will not place a high priority on assisting users to update definitions or repair damage on non-managed machines, particularly during any virus outbreak that may take place.

You will also still need to transition to SAV or SEP and learn how to configure it to ensure adequate protection and to obtain updates. For more information, please review this information provided by ISC , and be aware that you should uninstall any existing antivirus software before installing SAV or SEP.

 

What about my home or portable machine?

Managed mode will only work with machines that are continuously connected to the ethernet network when is use. SAV or SEP will have to be run in non-managed mode for machines used at home or portables used in various locations. For more information, please review this information provided by ISC, and be aware that you should uninstall any existing antivirus software before installing SAV or SEP.

 

How can I ask further questions?

For comments or questions regarding this initiative, please send a message to the following address: virus@sas.upenn.edu

For more specific questions re: your particular machine, please contact your local support provider.