What do I do after I install the management server?

Tasks to perform after you install displays the tasks to perform after you install and configure the product to assess whether the client computers have the correct level of protection. Continue to perform these tasks regularly, on a weekly or monthly basis.
Tasks to perform after you install
Modify the Virus and Spyware Protection policy
Change the following default scan settings:
Modify the Firewall policy for the remote computers group and the servers group
  • Increase the security for remote computers by making sure that the following default firewall rules for an off-site location are enabled:
    • Block Local File Sharing to external computers
    • Block Remote Administration
  • Decrease the security for the servers group by making sure that the following firewall rule is enabled:
    Allow Local File Sharing to local computers
    . This firewall rule ensures that only local traffic is allowed.
Exclude applications and files from being scanned
You can increase performance by configuring the client not to scan certain folders and files.
For example, the client scans the mail server directory every time a scheduled scan runs. You should exclude mail server program files and directories from being scanned.
You can improve performance by excluding the folders and files that are known to cause problems if they are scanned. For example,
Symantec Endpoint Protection
should not scan the proprietary Microsoft SQL Server files. You should add an exception that prevents scanning of the folders that contain the SQL Server database files. These exceptions improve performance and avoid corruption or files being locked when SQL Server must use them.
For more information, see the knowledge base article: How to exclude MS SQL files and folders using Centralized Exceptions.
In addition, you should exclude false positives from scans.
You can also exclude files by extension for Auto-Protect scans on Windows computers.
Run a quick report and scheduled report after the scheduled scan
Run the quick reports and scheduled reports to see whether the client computers have the correct level of security.
Check to ensure that scheduled scans have been successful and clients operate as expected
Review monitors, logs, and the status of client computers to make sure that you have the correct level of protection for each group.
Assess your content storage and client communication bandwidth requirements
As of 12.1.5,
Symantec Endpoint Protection Manager
no longer stores multiple full content versions. Instead, only the latest full version plus incremental deltas are stored. This approach means that clients almost always download deltas, not full packages. Only in the rare case where a client is extremely out of date (more than three months), is a full download of the latest content required.
If your environment must control network bandwidth precisely, you can also throttle client communication. For more information, see the article: Symantec Endpoint Protection Bandwidth Control for Client Communication
For more information about calculating storage and bandwidth needs, see the Symantec Endpoint Protection Sizing and Scalability Best Practices White Paper.
Configure notifications for a single risk outbreak and when a new risk is detected
Create a notification for a
Single risk event
and modify the notification for
Risk Outbreak
For these notifications, Symantec recommends that you do the following actions:
  1. Change the
    Risk severity
    Category 1 (Very Low and above)
    to avoid receiving emails about tracking cookies.
  2. Keep the
    setting at
  Notifications are critical to maintaining a secure environment and can also save you time.