1.

Log in to Symantec Endpoint Protection Manager (SEPM):

 Open your SEPM console using the admin credentials.

 Ensure that you have appropriate administrative privileges to make

changes.

2. Navigate to the Policies Section:

 From the SEPM console, go to the Policies section on the left-hand

side.

 In this section, you will manage the security policies applied to devices
across your network.

3. Edit or Create a New Antivirus and Antispyware Policy:

 Under the Policies tab, look for Antivirus and Antispyware

Policies.

 If you already have an existing policy, right-click it and choose Edit.

Otherwise, click Add a new Policy to create a new one.

 This policy governs real-time protection and scanning features across

your network.

4. Configure Real-Time Protection:

 Real-Time Protection is typically enabled within the Antivirus and

Antispyware Policy.

 Go to Real-Time Protection in the policy settings.

o Ensure that Auto-Protect is enabled (this is Symantec’s real-

time protection feature).

o Review other settings like scanning behavior and exclusion rules,

but for the real-time protection, make sure it is enabled.

5. Apply the Policy to Group(s):

 Once you configure the Antivirus and Antispyware Policy, you will
need to assign it to a group or groups of computers.

 Go to the Clients section in SEPM.

 Select the Group(s) that you want to apply the policy to.

 Right-click the group and choose Assign Policies.

  Select your updated Antivirus and Antispyware Policy and apply it
to the group.

6. Check the Status of Real-Time Protection:

 After assigning the policy, you should check the status of real-time
protection on all managed devices.

 Go to Monitors > Logs > Real-time Protection Logs in the SEPM

console.

 You can verify whether Real-Time Protection is active for each client.

7. Verify on Managed Devices:

 To double-check, you can manually check on the managed devices to

confirm that real-time protection is enabled. On the client machine:

o Open the Symantec Endpoint Protection client.

o Go to Status or Overview.

o Ensure that Auto-Protect is listed as active and working.

8. Use SEPM to Push Updates and Settings:

 If any devices are out of compliance, you can force an update from
SEPM.

 Go to Clients, right-click on the affected device(s), and select Run

Command on Group.

 Select Update Content or Communicate with the Client to enforce

the new policy settings.

3. Implementing Strong Email Filtering to Block Phishing Attempts and

Malicious Attachments

Email Protection Configuration:

In SEPM, navigate to Policies > Mail Security.

Enable the Email Filtering option and configure it to detect phishing emails
and malicious attachments.

You can create rules to block specific attachments, such as executable files
or suspicious file types (e.g., .exe, .scr, .vbs, etc.), which are commonly used
in phishing or malware attacks.

For phishing detection, you can also configure the Anti-Phishing policy to
identify suspicious links or deceptive emails.

Steps to Set up Email Filtering:

Go to Policies > Mail Security > Email Filtering.

Enable the Phishing Protection feature, and configure filters to detect

suspicious content, such as incorrect sender addresses, mismatched subject
lines, or suspicious links.

Enable Attachment Blocking to prevent potentially dangerous file types from

being received by users.

Configure actions to take when suspicious emails are detected (e.g.,

Quarantine or Block).

Conclusion:

By configuring these policies, Symantec Endpoint Protection Manager can

help ensure that:

Administrative access is strictly controlled and only available to authorized

users.

External devices like USB drives are limited or blocked to prevent data theft
or malware introduction.

Email security is enhanced by filtering out phishing attempts and potentially

malicious attachments.

Make sure to test these policies on a smaller group of devices before rolling
them out across your entire network to avoid unintended disruptions.
To restrict software installation on client machines using Symantec
Endpoint Protection Manager (SEPM), you can leverage the Application
and Device Control policy to block the installation of unauthorized
software.

Here’s a step-by-step guide to configure software installation

restriction in Symantec Endpoint Protection Manager:

1. Log into Symantec Endpoint Protection Manager (SEPM)

 Open the SEPM console in your browser and log in with an

administrator account.

2. Navigate to the Policies Section

 In SEPM, go to the Policies tab in the left-hand navigation pane.

3. Create a New Application and Device Control Policy

 In the Policies tab, under the Policy section, locate and select
Application and Device Control.

 If you already have a policy, you can modify it. Otherwise, click Add a
New Policy to create one.

1. Click Add a New Policy.

2. Select Application Control (this controls the execution of

unauthorized applications).

4. Configure the Application Control Policy

 Create an Application Control Rule:

o In the newly created Application Control policy, click Add a

Rule to configure restrictions for software installations.

o Choose the action for the rule (usually Block).

 Define the Rule Criteria:

o You can set rules based on specific software categories or types

of applications (e.g., Executable files, Installers, etc.).

o You can specify the path to the applications (e.g., if you want to
block installers, you can specify a path like C:\Program Files\*).
 o You can also create a hash rule, where the policy blocks or
allows specific files based on their cryptographic hash value. This
is useful for blocking specific executable files or preventing the
installation of unauthorized software.

 Example Rule:

o Name: Block Software Installers.

o Action: Block.

o Criteria: Match Executables (.exe, .msi, etc.).

o Path: You can set a path to block installation from a specific

directory, e.g., C:\Downloads\*.

o Exception: If you have trusted software or specific installation

locations, you can add them as exceptions.

5. Define the Scope of the Policy (Targeted Groups)

 In the Policy configuration screen, ensure that you specify the target
groups of computers that this policy should apply to.

o Select the appropriate Group (or groups) that contain the clients
where you want to restrict software installation.

o Click OK to save the changes.

6. Configure Device Control (Optional, if Blocking External Media)

 If you want to restrict the installation of software via external devices

(such as USB drives), you can configure Device Control as part of the
policy:

1. Go to Policies > Device Control.

2. Create a new Device Control Policy.

3. Under Device Control settings, restrict the use of external

storage devices or specify which devices are allowed.

4. Apply this policy to the appropriate groups as needed.

7. Deploy the Policy

 After creating the Application and Device Control Policy, deploy it

to your client machines:
 1. Go to Admin > Servers.

2. Select the server (or group of servers) that contains the client
machines.

3. Under the Client Groups section, right-click the targeted

group(s) and select Apply Policy.

4. Choose the newly created policy (or modified policy) and deploy
it.

8. Monitor and Review

 After deploying the policy, monitor your environment to ensure that

the software installation restrictions are working as expected:

o You can view alerts and logs from the Monitors tab in SEPM.

o If any client machine attempts to install unauthorized software, it

should be blocked, and you’ll see a related alert in the Monitors
section.

9. Test the Policy

 Test the policy on a few client machines before deploying it widely to

ensure that the software installation is being restricted as expected.
Try installing unauthorized software (e.g., run a .exe file or installer) to
see if it is blocked.

Additional Notes:

 Exceptions: You can also create exceptions for trusted applications

(e.g., administrative tools or software required for specific operations).

 Logging and Reporting: Symantec Endpoint Protection Manager

provides logging and reporting features. Make sure to regularly review
the logs for any false positives or software installation attempts that
were mistakenly blocked.

 Hash-based Rules: If you need more granular control, use hash-

based rules to restrict software installation based on file hashes,
ensuring that only authorized software is installed.