Symantec Endpoint Protection 14 is designed to address today's threat landscape with a comprehensive approach that spans the attack chain and provides defense in depth. By utilizing the world's. Nov 04, 2018 Symantec Cleanwipe Removal Tool allows for the removal of Symantec Endpoint Protection product components when all other methods fail. This removal tool additionally provides an option for uninstalling Windows LiveUpdates but should.
-->Azure Security Center monitors the status of antimalware protection and reports this under the Endpoint protection issues page. Security Center highlights issues, such as detected threats and insufficient protection, which can make your virtual machines (VMs) and computers vulnerable to antimalware threats. By using the information under Endpoint protection issues, you can identify a plan to address any issues identified.
Security Center reports the following endpoint protection issues:
Endpoint protection not installed on Azure VMs – A supported antimalware solution is not installed on these Azure VMs.
Endpoint protection not installed on non-Azure computers – A supported antimalware is not installed on these non-Azure computers.
Endpoint protection health:
Signature out of date – An antimalware solution is installed on these VMs and computers, but the solution does not have the latest antimalware signatures.
No real time protection – An antimalware solution is installed on these VMs and computers, but it is not configured for real-time protection. The service may be disabled or Security Center may be unable to obtain the status because the solution is not supported. See partner integration for a list of supported solutions.
Not reporting – An antimalware solution is installed but not reporting data.
Unknown – An antimalware solution is installed but its status is unknown or reporting an unknown error.
Note
See Integrate security solutions for a list of endpoint protection security solutions integrated with Security Center.
Implement the recommendation
Symantec Endpoint Protection 14
Endpoint protection issues is presented as a recommendation in Security Center. If your environment is vulnerable to antimalware threats, this recommendation will be displayed under Recommendations and under Compute. To see the Endpoint protection issues dashboard, you need to follow the Compute workflow.
In this example, we will use Compute. We will look at how to install antimalware on Azure VMs and on non-Azure computers.
Install antimalware on Azure VMs
Select Compute & apps under the Security Center main menu or Overview.
Under Compute, select Endpoint protection issues. The Endpoint protection issues dashboard opens.
The top of the dashboard provides:
- Installed endpoint protection providers - Lists the different providers identified by Security Center.
- Installed endpoint protection health state - Shows the health state of VMs and computers that have an endpoint protection solution installed. The chart shows the number of VMs and computers that are healthy and the number with insufficient protection.
- Malware detected – Shows the number of VMs and computers where Security Center is reporting detected malware.
- Attacked computers – Shows the number of VMs and computers where Security Center is reporting attacks by malware.
At the bottom of the dashboard there is a list of endpoint protection issues which includes the following information:
TOTAL - The number of VMs and computers impacted by the issue.
A bar aggregating the number of VMs and computers impacted by the issue. The colors in the bar identify priority:
- Red - High priority and should be addressed immediately
- Orange - Medium priority and should be addressed as soon as possible
Select Endpoint protection not installed on Azure VMs.
Under Endpoint protection not installed on Azure VMs is a list of Azure VMs that do not have antimalware installed. You can choose to install antimalware on all VMs in the list or select individual VMs to install antimalware on by clicking on the specific VM.
Under Select Endpoint protection, select the endpoint protection solution you want to use. In this example, select Microsoft Antimalware.
Additional information about the endpoint protection solution is displayed. Select Create.
Install antimalware on non-Azure computers
Go back to Endpoint protection issues and select Endpoint protection not installed on non-Azure computers.
Under Endpoint protection not installed on non-Azure computers, select a workspace. An Azure Monitor logs search query filtered to the workspace opens and lists computers missing antimalware. Select a computer from the list for more information.
Another search result opens with information filtered only for that computer.
Note
We recommend that endpoint protection be provisioned for all VMs and computers to help identify and remove viruses, spyware, and other malicious software.
Next steps
This article showed you how to implement the Security Center recommendation 'Install Endpoint Protection.' To learn more about enabling Microsoft Antimalware in Azure, see the following document:
- Microsoft Antimalware for Cloud Services and Virtual Machines -- Learn how to deploy Microsoft Antimalware.
To learn more about Security Center, see the following documents:
- Setting security policies in Azure Security Center -- Learn how to configure security policies.
- Managing security recommendations in Azure Security Center -- Learn how recommendations help you protect your Azure resources.
- Security health monitoring in Azure Security Center -- Learn how to monitor the health of your Azure resources.
- Managing and responding to security alerts in Azure Security Center -- Learn how to manage and respond to security alerts.
- Monitoring partner solutions with Azure Security Center -- Learn how to monitor the health status of your partner solutions.
Symantec Endpoint Protection Hosted
Symantec Endpoint Protection for Macintosh and Windows, availablevia IUware, combines technologies from previous Symantecproducts:
- Antivirus and antispyware: Antivirus and antispyware scans detect viruses and other security risks, including spyware, adware, and other files, that can put a computer or a network at risk.
- Personal firewall: The Symantec Endpoint Protection firewall provides a barrier between the computer and the Internet, preventing unauthorized users from accessing the computers and networks. It detects possible hacker attacks, protects personal information, and eliminates unwanted sources of network traffic.
- Intrusion prevention: The intrusion prevention system (IPS) is the Symantec Endpoint Protection client's second layer of defense after the firewall. The intrusion prevention system is a network-based system. If a known attack is detected, one or more intrusion prevention technologies can automatically block it.
- Proactive threat scanning: Proactive threat scanning uses heuristics to detect unknown threats. Heuristic process scanning analyzes the behavior of an application or process to determine if it exhibits characteristics of threats, such as Trojan horses, worms, or keyloggers. This type of protection is sometimes referred to as zero-day protection.
- Device and application control: Device-level control is implemented using rule sets that block or allow access from devices, such as USB, infrared, FireWire, SCSI, serial ports, and parallel ports. Application-level control is implemented using rule sets that block or allow applications that try to access system resources.
- Kernel-level rootkit protection: Symantec Endpoint Protections expands rootkit protection to detect and repair kernel-level rootkits. Rootkits are programs that hide from a computer's operating system and can be used for malicious purposes.
- Role-based administration: Different administrators can access different levels of the management system based on their roles and responsibilities.
- Group update provider: Symantec Endpoint Protection clients can be configured to provide signature and content updates to clients in a group. When clients are configured this way, they are called group update providers. Group update providers do not have to be in the group or groups that they update.
- Location awareness: Symantec Endpoint Protection expands location awareness support to the group level. Each group can be divided into multiple locations, and when a client is in that location, policies can be applied to that location.
- Policy-based settings: Policies control most client settings, and can be applied down to the location level.
- Domains: Domains let you create additional global groups. This feature is advanced and should be used only if necessary.
- Failover and load balancing: If you have a large network and need the ability to conserve bandwidth consumption, you can configure additional management servers in a load-balanced configuration. If you have a large network and need the ability to configure redundancy, you can configure additional management servers in a failover configuration.
- SQL database support: Symantec Endpoint Protection stores client information in a database on the management server. Where legacy products stored information in the registry, Symantec Endpoint Protection Manager now stores all information about client computers in a SQL database (either the embedded database or a Microsoft SQL database).
- Enhanced LiveUpdate: LiveUpdate now supports the downloading and installation of a wide variety of content, including definitions, signatures, whitelists to prevent false positives, engines, and product updates.