Table: Tasks to perform after you install displays the tasks to perform after you install and configure the product to assess whether the client computers have the correct level of protection. Continue to perform these tasks regularly, on a weekly or monthly basis.
Table: Tasks to perform after you install
Modify the Virus and Spyware Protection policy
Change the following default scan settings:
If you create a group for servers, change the scheduled scan time to a time when most users are offline.
Modify the Firewall policy for the remote computers group and the servers group
Increase the security for remote computers by making sure that the following default firewall rules for an off-site location are enabled:
Block Local File Sharing to external computers
Block Remote Administration
Decrease the security for the servers group by making sure that the following firewall rule is enabled: Allow Local File Sharing to local computers. This firewall rule ensures that only local traffic is allowed.
You can improve performance by excluding the folders and files that are known to cause problems if they are scanned. For example, Symantec Endpoint Protection should not scan the proprietary Microsoft SQL Server files. You should add an exception that prevents scanning of the folders that contain the SQL Server database files. These exceptions improve performance and avoid corruption or files being locked when SQL Server must use them.
Assess your content storage and client communication bandwidth requirements
As of 12.1.5, Symantec Endpoint Protection Manager no longer stores multiple full content versions. Instead, only the latest full version plus incremental deltas are stored. This approach means that clients almost always download deltas, not full packages. Only in the rare case where a client is extremely out of date (more than three months), is a full download of the latest content required.