Preventing and handling virus and spyware attacks on client computers

You can prevent and handle virus and spyware attacks on client computers by following some important guidelines.
Protecting computers from virus and spyware attacks
Task
Description
Make sure that your computers have
Symantec Endpoint Protection
installed
All computers in your network and all your servers should have
Symantec Endpoint Protection
installed. Make sure that
Symantec Endpoint Protection
is functioning correctly. See:
Keep definitions current
Make sure that the latest definitions are installed on client computers.
You can check the definitions date on the
Clients
tab. You can run a command to update the definitions that are out of date.
You can also run a computer status report to check the latest definitions date. See:
Run regular scans
By default, Auto-Protect and SONAR run on client computers. A default scheduled active scan also runs on client computers.
You can run scans on demand. You can customize the scan settings. See:
You might want to create and customize scheduled scans.
Typically, you might want to create a full scheduled scan to run once a week, and an active scan to run once per day. By default,
Symantec Endpoint Protection
generates an active scan that runs at 12:30 P.M. On unmanaged computers,
Symantec Endpoint Protection
also includes a default startup scan that is disabled.
You should make sure that you run an active scan every day on the computers in your network. You might want to schedule a full scan once a week or once a month if you suspect that you have an inactive threat in your network. Full scans consume more computer resources and might affect computer performance. See:
Let clients upload critical events immediately
Make sure that clients (Windows only) can bypass the heartbeat interval and send critical events to the management server immediately. Critical events include any risk found (except cookies) and any intrusion event. You can find this option in
Clients > Policies > Communications Settings
. The option is enabled by default.
Administrator notifications can alert you right away when the damper period for relevant notifications is set to
None
. See:
Check or modify scan settings for increased protection
By default, virus and spyware scans detect, remove, and repair the side effects of viruses and security risks.
The default scan settings optimize your client computers' performance while still providing a high level of protection. You can increase the level of protection, however.
For example, you might want to increase the Bloodhound heuristic protection.
You also might want to enable scans of network drives. See:
Allow clients to submit information about detections to Symantec
Clients can submit information about detections to Symantec. The submitted information helps Symantec address threats. See:
Run intrusion prevention
Symantec recommends that you run intrusion prevention on your client computers as well as Virus and Spyware Protection. See:
Remediate infections if necessary
After scans run, client computers might still have infections. For example, a new threat might not have a signature, or
Symantec Endpoint Protection
was not able to completely remove the threat. In some cases, client computers require a restart for
Symantec Endpoint Protection
to complete the cleaning process. See: