Table: Tasks to complete Symantec Endpoint Detection and Response installation
Add new EDR appliance console accounts.
Add additional Admin, Controller, and User accounts for accessing the EDR appliance console.
Tip: As a best practice, you should set up at least one additional Admin user account immediately after installation in case there's an issue accessing the EDR appliance console with the initial Admin account credentials.
When you define internal networks, you specify which computers are part of your network and which computers belong to the world outside. With this information, Symantec EDR can distinguish between protected computers and the computers that are outside of the network.
By default, Symantec EDR submits files to Symantec's Cynic cloud-based malware detonation system for analysis. However, you can keep file analysis local and submit your files to a customer-owned, on-premises Symantec Malware Analysis appliance for detonation and analysis.
If you use cloud-based sandboxing, your organization may have data privacy and residency requirements that restrict you from sending files outside of the region. Symantec EDR provides an option that ensures that your files are submitted to a data center in the United Kingdom for sandbox analysis. Symantec recommends that you enable this option before you enable network scanning to ensure that no files are improperly routed.
Symantec EDR supports the following types of proxy configurations:
A network proxy. Symantec EDR uses a network proxy to access the external network.
An enterprise proxy within an enterprise environment. Symantec EDR treats the traffic that is routed to an enterprise proxy (which may have an IP address within an internal network) differently than the traffic that is routed through a network proxy.
If you use proxies, each Symantec EDR appliance, whether in CIU, standalone, or scanner role, must have the IP addresses of existing proxies.