This document discusses the features and abilities of On Premises Implementations of SEP SBE.
Features of On Premises Implementation of SEP SBE
On Premises Manager:
On Premises implementations of SEP SBE utilize SEP Manager software, run locally on one of the machines in the environment to distribute definitions, software updates, policies, and provide central management for the security of the environment.
The On Premises Manager is hosted on a server in your environment.
Clients are updated from the On Premises Manager over the local network.
The On Premises Manager offers a “Home” tab that offers an easy to read summary page covering the following:
Overall environment health status.
A quick reference chart of all clients that are: up-to-date, out-of-date, offline, or disabled.
Current global threat level that is raised when Symantec reports zero day viruses or large outbreaks.
A virus and risks activity summary that shows you the latest detections in your environment.
The “Home” tab also offers a common tasks bar that allows quick access to the most commonly used portions of the manager.
On Premises Reports:
SEP SBE has the ability to offer reporting on a wide range of categories that will keep you informed about the current status of systems in your environment and events that have occurred.
Reporting is split two sections – Report type and several sub report types under each category.
All can be displayed in the manager or are emailed in .mht format to the appropriate emails.
Sub Categories include:
Virus Definitions Distribution
Symantec Product Versions
The on-premise manager offers separate policies for each security component. These policies offer slightly more options, though most businesses don't change the default settings.
Virus and Spyware Protection Policy
Customizable schedule so full and active scans can be run at a convenient time.
Allows customization of end user interaction with the scheduled scan.
Download Insight sensitivity can be changed.
Customized scan and Auto-Protect settings for Macs.
Limited ability to disable end-user notifications of threats.
Limited adjustments to email security.
Early Launch Anti-Malware protection for Windows 8 systems.
Customized Mac settings for scan times and Auto-Protect.
The Firewall for On Premises implementations of SEP SBE comes with a default policy that offers a great level of protection, while allowing most common types of communication. There are times when rules need to be written so programs can communicate properly, to facilitate this the firewall policy has an easy rule wizard that configures the firewall component to open the ports and communications protocols to meet program needs.
Easy Firewall rule wizard is built into the policy.
Choose between blocking and allowing connections.
A pre-configured list of the most commonly used ports and protocols.
Pre-made rules for a variety of commonly used VPN protocols.
Easily activate/deactivate rules with a simple check box.
Network Intrusion Prevention automatically detects and blocks network attacks. Browser Intrusion Prevention automatically detects and blocks browser attacks.
Intrusion Prevention Policy:
Keeps a log of blocked attacks and threats.
A simple three step wizard assists to create exceptions for any program or system that gets detected by Intrusion Prevention.
Exceptions allow SEP SBE to ignore particular files, usually for performance reasons. Many programs, such as SQL, require some exceptions in order to work efficiently with Anti-Virus software.
Separate Windows and Mac Exceptions
Mac file and folder exceptions available.
A variety of different Windows OS exceptions are available including: applications, extensions, file, folder, web domain, and tamper protection.
The computers tab located in the On-Premise Manager is where every computer with an SEP SBE client installed on the network can be viewed and centrally managed. Some of the features include:
Customized group creation based on role or location.
Ability to set different policies for each group.
See the current status, definition date, health of every computer.
Ability to update definitions, run scans, and restart individual computers or entire groups remotely.
Search for a specific computer or a group of computers that match a certain requirement.
The ability to determine some basic network information remotely, like the IP address and the logged in user.
The Admin tab is for the primary administrator of the SEP SBE environment. The ability to control licensing, server settings, and additional users is available under this tab.
Add other administrator accounts to oversee the manager.
Accounts can be full access or limited to specific abilities.
This section also has the email, proxy, and password settings for the server.
Licensing is also controlled here - The ability to add/remove and purchase new licenses
.Cloud Managed Vs. On Premises Managed Comparison Chart
On Premise Manager
Cloud Hosted Portal
Hosted by Symantec
Hosted on Local Server (On-Premise System Requirements)
Client Security Summary on Home Page
News, Current Threats, Protection Status on Home Page
Several Report Types: Status, Network, Risk, Scan, Firewall - several sub categories
Reports Available on Manager and Email
.PDF, .HTML, .XML
Separate Polices for Virus Settings, Firewall, Intrusion Prevention, Exclusions, and LiveUpdate - Has more options available to turn settings on or off
Centralized Single Policy Page Containing: AV, Firewall, USB Device Control, Exclusions, etc.
Computers Tab: View all Symantec protected systems
A group structure based view that allows the admin to separate clients by location, subnet, roles, etc.
Admin and Users Tab
Manage Additional Admin Accounts
On-Premise and .Cloud Managed Clients:
Basic Protection Installation Option Available: Anti-Virus Component Only
Full Protection Including All Protection Components
Full Protection with the Addition of Safe Surfing
Default Server Install Package - has all protection components installed except the Firewall.
LUH - Live Update Host. Designates a system to download engine updates and virus definitions. Other systems in the same location or subnet then download from that machine to reduce network traffic.
Auto-update of most protection related software
Imported Document ID: TECH214963
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.